Jump to content

PC Crash during GMER scan


Recommended Posts

Since purchasing and installing Malwarebytes I am getting certain IP's blocked quite frequently but 94.228.209.200 more than any others. I have done fill scans and used other tools like Spybot, SUPERAntispyware and removed any threats found.

In reading the many posts referring to this IP I noticed the solutions vary some more drastic than others. Originally I had Security Tool pop up and after searching for solutions I did a System Restore which got rid of it but since the PC has behaved rather oddly. Web pages I have not requested start to download, another type of Security Tool started to look as though it was scanning my PC but clicking on X stopped it and after installing other tools and doing scans I am still getting odd behaviour.

Is it likely I still have an undetected infection and if so what do I do about it. I do use the PC for Internet Banking and have already informed my bank. It was they who suggested I install Spybot.

Any help would be greatley appreciated

Link to post
Share on other sites

Howdy,

There's no hint here of your Windows edition/version. That's one very basic piece of data needed.

And just so you know, using System Restore is NOT recommended when dealing with modern-day malwares. Malwares can & do hide in areas not covered by SR.

Right away, see this sticky note in the Malware Removal sub-forum.

http://forums.malwarebytes.org/index.php?showtopic=9573

Do as much as you can of what is outlined there.

Reply here to this topic with all details, plus your last MBAM scan log, plus logs from DDS & Gmer.

And tell us if you have an instant messenger (IM) program active and or if one of your browsers is being used when the IP blocks are announced.

Link to post
Share on other sites

Thanks Maurice

While I am running through the checks you advised I am running Windows XP Pro Service Pack 3 and IE 8.

I have all program files on drive C but all data is on other drives and I back up using Acronis True Image. If I do have an infection I guess I will have to kill it in two places.

I have McAfee installed and upto date. It includes protection against Viruses, Spyware and has System Guards and PC Health check

Iv'e just done a quick san using Malwarebytes and no infections were detected. Howver, I am still getting alerts telling me malwarebytes has blocked IP 94.228.209.200 and others. The latest log from yesterday is pasted below

10:08:38 David MESSAGE Protection started successfully

10:08:42 David MESSAGE IP Protection started successfully

10:08:42 David MESSAGE IP Protection stopped

10:08:42 David MESSAGE IP Protection started successfully

10:22:49 David IP-BLOCK 94.228.209.200

10:22:52 David IP-BLOCK 94.228.209.200

10:22:58 David IP-BLOCK 94.228.209.200

10:52:11 David IP-BLOCK 94.228.209.200

10:52:13 David IP-BLOCK 94.228.209.200

10:52:19 David IP-BLOCK 94.228.209.200

11:07:32 David IP-BLOCK 94.228.209.200

11:07:35 David IP-BLOCK 94.228.209.200

11:07:41 David IP-BLOCK 94.228.209.200

11:10:32 David DETECTION C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1411\A0196656.exe Rogue.Installer QUARANTINE

11:10:44 David DETECTION C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1411\A0196658.exe Trojan.PWS QUARANTINE

11:10:45 David DETECTION C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1411\A0196658.exe Trojan.PWS DENY

11:13:37 David DETECTION C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1412\A0196998.exe Spyware.Passwords QUARANTINE

11:13:37 David DETECTION C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1412\A0196998.exe Spyware.Passwords DENY

11:28:53 David IP-BLOCK 94.228.209.200

11:28:56 David IP-BLOCK 94.228.209.200

11:29:02 David IP-BLOCK 94.228.209.200

11:43:14 David IP-BLOCK 94.228.209.200

11:43:17 David IP-BLOCK 94.228.209.200

11:43:23 David IP-BLOCK 94.228.209.200

12:09:35 David IP-BLOCK 94.228.209.200

12:09:38 David IP-BLOCK 94.228.209.200

12:09:44 David IP-BLOCK 94.228.209.200

12:21:56 David IP-BLOCK 94.228.209.200

12:21:59 David IP-BLOCK 94.228.209.200

12:22:05 David IP-BLOCK 94.228.209.200

12:54:17 David IP-BLOCK 94.228.209.200

12:54:20 David IP-BLOCK 94.228.209.200

12:54:26 David IP-BLOCK 94.228.209.200

12:59:38 David IP-BLOCK 94.228.209.200

12:59:41 David IP-BLOCK 94.228.209.200

12:59:47 David IP-BLOCK 94.228.209.200

13:29:59 David IP-BLOCK 94.228.209.200

13:30:02 David IP-BLOCK 94.228.209.200

13:30:08 David IP-BLOCK 94.228.209.200

13:37:03 David IP-BLOCK 91.212.226.67

13:37:06 David IP-BLOCK 91.212.226.67

13:37:12 David IP-BLOCK 91.212.226.67

13:38:20 David IP-BLOCK 94.228.209.200

13:38:23 David IP-BLOCK 94.228.209.200

13:38:29 David IP-BLOCK 94.228.209.200

13:47:24 David IP-BLOCK 91.212.226.5

13:47:27 David IP-BLOCK 91.212.226.5

13:47:33 David IP-BLOCK 91.212.226.5

13:52:41 David IP-BLOCK 94.228.209.200

13:52:44 David IP-BLOCK 94.228.209.200

13:52:50 David IP-BLOCK 94.228.209.200

14:21:02 David IP-BLOCK 94.228.209.200

14:21:05 David IP-BLOCK 94.228.209.200

14:21:11 David IP-BLOCK 94.228.209.200

14:34:23 David IP-BLOCK 94.228.209.200

14:34:26 David IP-BLOCK 94.228.209.200

14:34:32 David IP-BLOCK 94.228.209.200

14:41:45 David IP-BLOCK 94.228.209.200

14:41:48 David IP-BLOCK 94.228.209.200

14:41:54 David IP-BLOCK 94.228.209.200

15:01:06 David IP-BLOCK 94.228.209.200

15:01:09 David IP-BLOCK 94.228.209.200

15:01:15 David IP-BLOCK 94.228.209.200

15:32:27 David IP-BLOCK 94.228.209.200

15:32:30 David IP-BLOCK 94.228.209.200

15:32:36 David IP-BLOCK 94.228.209.200

15:41:19 (null) MESSAGE Protection started successfully

15:42:53 David MESSAGE IP Protection started successfully

15:49:45 David IP-BLOCK 94.228.209.200

15:49:48 David IP-BLOCK 94.228.209.200

15:49:54 David IP-BLOCK 94.228.209.200

15:50:41 David IP-BLOCK 94.228.209.200

15:50:44 David IP-BLOCK 94.228.209.200

15:50:50 David IP-BLOCK 94.228.209.200

16:11:02 David IP-BLOCK 94.228.209.200

16:11:05 David IP-BLOCK 94.228.209.200

16:11:11 David IP-BLOCK 94.228.209.200

16:14:23 David IP-BLOCK 94.228.209.214

16:14:25 David IP-BLOCK 94.228.209.214

16:14:32 David IP-BLOCK 94.228.209.214

16:20:35 David IP-BLOCK 91.212.226.67

16:20:38 David IP-BLOCK 91.212.226.67

16:20:44 David IP-BLOCK 91.212.226.67

16:30:56 David IP-BLOCK 91.212.226.5

16:30:59 David IP-BLOCK 91.212.226.5

16:31:05 David IP-BLOCK 91.212.226.5

16:40:23 David IP-BLOCK 94.228.209.200

16:40:26 David IP-BLOCK 94.228.209.200

16:40:32 David IP-BLOCK 94.228.209.200

17:04:44 David IP-BLOCK 94.228.209.200

17:04:47 David IP-BLOCK 94.228.209.200

17:04:53 David IP-BLOCK 94.228.209.200

17:11:05 David IP-BLOCK 94.228.209.200

17:11:08 David IP-BLOCK 94.228.209.200

17:11:14 David IP-BLOCK 94.228.209.200

17:19:41 (null) MESSAGE Protection started successfully

17:21:28 David MESSAGE IP Protection started successfully

17:28:15 David IP-BLOCK 94.228.209.200

17:28:18 David IP-BLOCK 94.228.209.200

17:28:24 David IP-BLOCK 94.228.209.200

17:29:09 David IP-BLOCK 94.228.209.200

17:29:12 David IP-BLOCK 94.228.209.200

17:29:18 David IP-BLOCK 94.228.209.200

17:54:30 David IP-BLOCK 94.228.209.200

17:54:33 David IP-BLOCK 94.228.209.200

17:54:39 David IP-BLOCK 94.228.209.200

17:59:51 David IP-BLOCK 94.228.209.200

17:59:54 David IP-BLOCK 94.228.209.200

18:00:00 David IP-BLOCK 94.228.209.200

18:20:12 David IP-BLOCK 94.228.209.200

18:20:15 David IP-BLOCK 94.228.209.200

18:20:21 David IP-BLOCK 94.228.209.200

18:25:34 David IP-BLOCK 94.228.209.200

18:25:37 David IP-BLOCK 94.228.209.200

18:25:43 David IP-BLOCK 94.228.209.200

18:51:55 David IP-BLOCK 94.228.209.200

18:51:58 David IP-BLOCK 94.228.209.200

18:52:04 David IP-BLOCK 94.228.209.200

18:58:16 David IP-BLOCK 94.228.209.200

18:58:20 David IP-BLOCK 94.228.209.200

18:58:26 David IP-BLOCK 94.228.209.200

19:30:38 David IP-BLOCK 94.228.209.200

19:30:41 David IP-BLOCK 94.228.209.200

19:30:47 David IP-BLOCK 94.228.209.200

19:42:08 David IP-BLOCK 78.129.142.6

19:42:10 David IP-BLOCK 78.129.142.6

19:42:16 David IP-BLOCK 78.129.142.6

19:42:26 David IP-BLOCK 78.129.142.6

19:42:29 David IP-BLOCK 78.129.142.6

19:42:35 David IP-BLOCK 78.129.142.6

19:42:55 David IP-BLOCK 64.74.223.35

19:42:58 David IP-BLOCK 64.74.223.35

19:43:04 David IP-BLOCK 64.74.223.35

19:44:25 David IP-BLOCK 64.74.223.35

19:44:50 David IP-BLOCK 64.74.223.35

19:44:53 David IP-BLOCK 64.74.223.35

19:44:59 David IP-BLOCK 64.74.223.35

19:46:42 David MESSAGE IP Protection stopped

19:47:18 David MESSAGE IP Protection started successfully

20:00:59 David IP-BLOCK 94.228.209.200

20:01:02 David IP-BLOCK 94.228.209.200

20:01:08 David IP-BLOCK 94.228.209.200

20:30:20 David IP-BLOCK 94.228.209.200

20:30:23 David IP-BLOCK 94.228.209.200

20:30:29 David IP-BLOCK 94.228.209.200

20:49:41 David IP-BLOCK 94.228.209.200

20:49:44 David IP-BLOCK 94.228.209.200

20:49:50 David IP-BLOCK 94.228.209.200

20:52:59 David IP-BLOCK 91.212.226.67

20:53:02 David IP-BLOCK 91.212.226.67

20:53:08 David IP-BLOCK 91.212.226.67

21:03:20 David IP-BLOCK 91.212.226.5

21:03:23 David IP-BLOCK 91.212.226.5

21:03:29 David IP-BLOCK 91.212.226.5

21:18:02 David IP-BLOCK 94.228.209.200

21:18:05 David IP-BLOCK 94.228.209.200

21:18:11 David IP-BLOCK 94.228.209.200

21:46:23 David IP-BLOCK 94.228.209.200

21:46:26 David IP-BLOCK 94.228.209.200

21:46:32 David IP-BLOCK 94.228.209.200

22:14:44 David IP-BLOCK 94.228.209.200

22:14:47 David IP-BLOCK 94.228.209.200

22:14:53 David IP-BLOCK 94.228.209.200

22:25:05 David IP-BLOCK 94.228.209.200

22:25:08 David IP-BLOCK 94.228.209.200

22:25:14 David IP-BLOCK 94.228.209.200

22:44:44 David IP-BLOCK 121.10.121.44

22:52:30 David IP-BLOCK 64.74.223.35

22:52:33 David IP-BLOCK 64.74.223.35

22:52:34 David MESSAGE IP Protection stopped

22:57:16 David MESSAGE IP Protection started successfully

22:59:27 David IP-BLOCK 94.228.209.200

22:59:30 David IP-BLOCK 94.228.209.200

22:59:36 David IP-BLOCK 94.228.209.200

====================================================

The results of the last scan are as follows

09:27:23 David MESSAGE Protection started successfully

09:27:26 David MESSAGE IP Protection started successfully

09:51:32 David MESSAGE IP Protection stopped

09:51:39 David MESSAGE Database updated successfully

09:51:39 David MESSAGE IP Protection started successfully

10:02:39 David IP-BLOCK 94.228.209.200

10:02:42 David IP-BLOCK 94.228.209.200

10:02:48 David IP-BLOCK 94.228.209.200

10:11:00 David IP-BLOCK 94.228.209.200

10:11:03 David IP-BLOCK 94.228.209.200

10:11:09 David IP-BLOCK 94.228.209.200

10:15:00 David MESSAGE Scheduled scan executed successfully

10:21:21 David IP-BLOCK 94.228.209.200

10:21:24 David IP-BLOCK 94.228.209.200

10:21:30 David IP-BLOCK 94.228.209.200

10:27:42 David IP-BLOCK 94.228.209.200

10:27:45 David IP-BLOCK 94.228.209.200

10:27:51 David IP-BLOCK 94.228.209.200

================================================

I will get back once I have installed and run the other tools.

Link to post
Share on other sites

Sorry I pasted the wrong file. Here is the last scan log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4461

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/08/2010 10:23:57

mbam-log-2010-08-22 (10-23-57).txt

Scan type: Quick scan

Objects scanned: 166495

Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Link to post
Share on other sites

I am following the malware removal instructions. I pasted the Malwarebytes log in another post and continued installing and running DeFogger, DDS and GMER Rootkit Scanner. While running GMER a Windows Exceptiion notice popped up which led to a PC crash. I rebooted and ran GMER again and it stopped after a while and the PC Crashed - blue screen with messages about running diagnostics and removing any recently installed hardware and software.

I am now not sure what to do. I'm not sure where the diagnostics disc is or if I have one. I am also not sure it is wise at this stage to reformat drive C and reinstall from my backup drive as the bug might also be on the backup drive. The PC is obviously working for me to send this. The logs etc are pasted below. I did not manage to save a GMER file but I have attached Attach.txt from running DDS

=======================================================================

Last scan from Malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4461

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/08/2010 10:23:57

mbam-log-2010-08-22 (10-23-57).txt

Scan type: Quick scan

Objects scanned: 166495

Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

===================================================================

Protection log from Malwarebytes

09:27:23 David MESSAGE Protection started successfully

09:27:26 David MESSAGE IP Protection started successfully

09:51:32 David MESSAGE IP Protection stopped

09:51:39 David MESSAGE Database updated successfully

09:51:39 David MESSAGE IP Protection started successfully

10:02:39 David IP-BLOCK 94.228.209.200

10:02:42 David IP-BLOCK 94.228.209.200

10:02:48 David IP-BLOCK 94.228.209.200

10:11:00 David IP-BLOCK 94.228.209.200

10:11:03 David IP-BLOCK 94.228.209.200

10:11:09 David IP-BLOCK 94.228.209.200

10:15:00 David MESSAGE Scheduled scan executed successfully

10:21:21 David IP-BLOCK 94.228.209.200

10:21:24 David IP-BLOCK 94.228.209.200

10:21:30 David IP-BLOCK 94.228.209.200

10:27:42 David IP-BLOCK 94.228.209.200

10:27:45 David IP-BLOCK 94.228.209.200

10:27:51 David IP-BLOCK 94.228.209.200

11:01:45 David MESSAGE Protection started successfully

11:01:52 David MESSAGE IP Protection started successfully

11:08:43 David IP-BLOCK 94.228.209.200

11:08:46 David IP-BLOCK 94.228.209.200

11:08:52 David IP-BLOCK 94.228.209.200

11:09:39 David IP-BLOCK 94.228.209.200

11:09:42 David IP-BLOCK 94.228.209.200

11:09:48 David IP-BLOCK 94.228.209.200

11:20:02 David IP-BLOCK 94.228.209.200

11:20:05 David IP-BLOCK 94.228.209.200

11:20:11 David IP-BLOCK 94.228.209.200

11:27:35 (null) MESSAGE Protection started successfully

11:29:07 David MESSAGE IP Protection started successfully

11:36:11 David IP-BLOCK 94.228.209.200

11:36:14 David IP-BLOCK 94.228.209.200

11:36:20 David IP-BLOCK 94.228.209.200

11:37:06 David IP-BLOCK 94.228.209.200

11:37:09 David IP-BLOCK 94.228.209.200

11:37:15 David IP-BLOCK 94.228.209.200

11:48:28 David IP-BLOCK 94.228.209.200

11:48:31 David IP-BLOCK 94.228.209.200

11:48:37 David IP-BLOCK 94.228.209.200

12:01:06 (null) MESSAGE Protection started successfully

12:02:38 David MESSAGE IP Protection started successfully

12:09:33 David IP-BLOCK 94.228.209.200

12:09:36 David IP-BLOCK 94.228.209.200

12:09:42 David IP-BLOCK 94.228.209.200

12:10:29 David IP-BLOCK 94.228.209.200

12:10:32 David IP-BLOCK 94.228.209.200

12:10:38 David IP-BLOCK 94.228.209.200

12:15:50 David IP-BLOCK 94.228.209.200

12:15:53 David IP-BLOCK 94.228.209.200

12:15:58 David IP-BLOCK 94.228.209.200

===============================================================

Contents of DDS file

DDS (Ver_10-03-17.01) - NTFSx86

Run by David at 11:05:22.51 on 22/08/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.935 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\isposure\IsposureAgent.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\David\My Documents\Downloads\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\NCH Swift Sound\VRS\vrs.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\David\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/weather/forecast/2888?&search=monmouth&itemsPerPage=10&region=uk&area=Monmouth

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070326

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = hxxp://localhost;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [EPSON Stylus DX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticde.exe /fu "c:\windows\temp\E_SC1.tmp" /EF "HKCU"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [tbbMeter] c:\program files\thinkbroadband.com\tbbmeter\tbbmeter.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Nuance PDF Professional 6-reminder] "c:\program files\nuance\pdf professional 6\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf professional 6\ereg\Ereg.ini"

mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe

mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe

mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\david\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

uPolicies-explorer: NoResolveTrack = 1 (0x1)

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: hsbc.co.uk\pdfservice

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\ir18nc5s.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/weather/forecast/2888?&search=monmouth&itemsPerPage=10&region=uk&area=Monmouth

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll

FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2009-11-12 911680]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-12 214664]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528]

R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-7 2480048]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]

R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [2008-10-23 761856]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-19 304464]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-12 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-4-12 144704]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-6-30 134944]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\david\my documents\downloads\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]

R2 VRSService;VRS Recording System Service;c:\program files\nch swift sound\vrs\vrs.exe [2007-7-26 577540]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-7 160288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-19 20952]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-12 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-12 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-12 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-12 40552]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-8-1 17149]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-12 34248]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-5-22 90296]

=============== Created Last 30 ================

2010-08-22 10:00:02 67 ----a-w- C:\Ntf9.tmp

2010-08-22 10:00:02 0 ----a-w- C:\NtfA.tmp

2010-08-22 09:49:04 0 ----a-w- c:\documents and settings\david\defogger_reenable

2010-08-21 07:52:21 67 ----a-w- C:\Ntf12.tmp

2010-08-21 07:52:21 3214282 ----a-w- C:\Ntf11.tmp

2010-08-20 19:09:51 67 ----a-w- C:\Ntf95.tmp

2010-08-20 19:09:51 67 ----a-w- C:\Ntf94.tmp

2010-08-19 09:21:28 0 d-----w- c:\docume~1\david\applic~1\SUPERAntiSpyware.com

2010-08-19 09:21:28 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-08-19 09:20:06 0 d-----w- c:\program files\SUPERAntiSpyware

2010-08-19 08:18:21 0 d-----w- c:\docume~1\david\applic~1\Malwarebytes

2010-08-19 08:18:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 08:18:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-19 08:18:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-19 08:18:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-18 23:13:25 0 d-----w- c:\docume~1\david\applic~1\Uniblue

2010-08-18 23:13:18 0 d-----w- c:\program files\Uniblue

2010-08-17 11:06:27 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-08-17 11:06:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-08-14 15:19:27 0 d-----w- c:\windows\system32\wbem\Repository

2010-08-13 18:14:45 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-13 17:28:07 120 ----a-w- c:\windows\Bnifidu.dat

2010-08-13 17:28:07 0 ----a-w- c:\windows\Sqike.bin

2010-08-05 18:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2010-07-31 16:34:18 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-07-31 16:32:53 0 d-----w- c:\windows\Logs

2010-07-24 09:00:45 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan

2010-07-24 09:00:43 0 d-----w- c:\program files\McAfee Security Scan

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-15 14:18:22 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 16:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

2008-09-24 09:08:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 11:07:46.00 ===============

I am grateful for any help you guys can provide.

Attach.zip

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 4

Disable and keept disabled Tea Timer !!! It would interfere with our diagnostics and fixes. Plus, you do not need it.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 3

Comment: This system has Registry Booster by Uniblue. You do not need any registry booster or cleaner.

Step 4

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thanks, I was confused by the instruction but now understand found it and done the other scans as requested. Sorry its taken so long but had interrunptions.

OTL.txt follows

OTL logfile created on: 22/08/2010 21:16:29 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 103.54 Gb Free Space | 69.51% Space Free | Partition Type: NTFS

Drive D: | 149.01 Gb Total Space | 29.56 Gb Free Space | 19.83% Space Free | Partition Type: NTFS

Drive E: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 1.91 Gb Total Space | 1.29 Gb Free Space | 67.69% Space Free | Partition Type: FAT

Drive G: | 161.14 Gb Total Space | 109.79 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

Drive H: | 468.88 Gb Total Space | 468.80 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Drive I: | 301.49 Gb Total Space | 166.59 Gb Free Space | 55.25% Space Free | Partition Type: NTFS

Computer Name: CATHERINE

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/22 21:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

PRC - [2010/08/05 19:19:20 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2010/07/19 18:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Documents and Settings\David\My Documents\Downloads\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/12/07 19:50:02 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2009/11/23 10:17:54 | 000,688,648 | ---- | M] () -- C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe

PRC - [2009/11/12 07:25:00 | 000,361,648 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009/11/12 07:24:58 | 000,660,680 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2009/11/12 07:24:28 | 005,107,192 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/09/27 19:31:49 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/09/03 14:23:48 | 000,761,856 | ---- | M] (Epitiro Ltd.) -- C:\Program Files\isposure\IsposureAgent.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/07/01 08:44:56 | 001,273,856 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe

PRC - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/26 11:15:38 | 000,577,540 | ---- | M] () -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe

PRC - [2007/06/29 11:40:49 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2006/06/13 06:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2006/06/08 16:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

========== Modules (SafeList) ==========

MOD - [2010/08/22 21:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

MOD - [2010/08/05 19:19:26 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll

MOD - [1999/03/29 03:34:06 | 000,106,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2010/06/24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Documents and Settings\David\My Documents\Downloads\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/05/06 13:23:56 | 000,090,296 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/12/07 19:50:02 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2009/11/12 07:24:58 | 000,660,680 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/09/03 14:23:48 | 000,761,856 | ---- | M] (Epitiro Ltd.) [Auto | Running] -- C:\Program Files\isposure\IsposureAgent.exe -- (isposure_svc)

SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2007/07/26 11:15:38 | 000,577,540 | ---- | M] () [Auto | Running] -- C:\Program Files\NCH Swift Sound\VRS\vrs.exe -- (VRSService)

SRV - [2007/01/25 18:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2010/08/05 19:29:22 | 000,034,536 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys -- (RapportCerberus_18130)

DRV - [2010/08/05 19:19:28 | 000,168,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/02/27 18:33:53 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)

DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/12/07 20:39:49 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2009/12/07 19:50:04 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2009/12/07 19:49:59 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)

DRV - [2009/12/07 19:49:57 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/01/25 18:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2006/11/29 06:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)

DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2006/07/31 13:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)

DRV - [2006/07/05 14:08:28 | 000,241,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2006/06/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2006/03/17 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/09/05 11:21:06 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)

DRV - [2005/04/25 10:08:00 | 000,168,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)

DRV - [2005/04/11 10:50:00 | 000,005,248 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)

DRV - [2005/04/11 10:50:00 | 000,005,120 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)

DRV - [2004/09/22 18:41:00 | 000,020,608 | ---- | M] (Empia Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)

DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)

DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070326

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070326

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070326

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/weather/forecast/288...p;area=Monmouth

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/weather/forecast/2888?&search=monmouth&itemsPerPage=10&region=uk&area=Monmouth"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/24 09:58:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/25 09:29:40 | 000,000,000 | ---D | M]

[2010/03/23 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions

[2008/08/02 11:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/08/18 09:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ir18nc5s.default\extensions

[2010/07/24 10:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ir18nc5s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/23 14:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/24 09:58:11 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/24 09:58:11 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/24 09:58:11 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/07/24 09:58:12 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/17 13:16:01 | 000,416,619 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14381 more lines...

O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)

O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Nuance PDF Professional 6-reminder] C:\Program Files\Nuance\PDF Professional 6\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()

O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)

O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1

O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: hsbc.co.uk ([pdfservice] https in Trusted sites)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/08/21 17:35:45 | 000,000,000 | ---D | M] - D:\Autorecovery -- [ NTFS ]

O32 - AutoRun File - [2009/07/05 08:41:51 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/10/26 23:00:09 | 000,000,067 | ---- | M] () - H:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/07/04 19:37:43 | 000,000,067 | ---- | M] () - I:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/22 21:13:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/08/22 19:35:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe

[2010/08/22 19:31:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/08/22 19:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010/08/22 19:22:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt-setup.exe

[2010/08/21 22:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2010/08/20 00:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2010/08/19 10:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com

[2010/08/19 10:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/08/19 10:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/08/19 09:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes

[2010/08/19 09:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/08/19 09:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/19 09:18:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/08/19 09:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/19 00:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Uniblue

[2010/08/17 12:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/08/17 12:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/08/14 16:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/08/14 13:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/08/13 19:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/08/13 18:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\{737E220C-9CEF-4703-9B95-AEEEAA26CE50}

[2010/08/05 19:19:28 | 000,058,984 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2010/07/31 17:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Sony PMB

[2010/07/31 17:34:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2010/07/31 17:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010/07/26 10:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2010/07/24 10:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

[2010/07/24 10:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/22 21:14:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe

[2010/08/22 21:08:03 | 000,039,325 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2010/08/22 21:07:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/22 21:07:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/08/22 21:04:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/22 21:03:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/22 21:03:47 | 2144,976,896 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/22 21:02:45 | 015,990,784 | ---- | M] () -- C:\Documents and Settings\David\ntuser.dat

[2010/08/22 21:02:45 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini

[2010/08/22 20:28:40 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Mawarebytes Infection Removal.url

[2010/08/22 19:36:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe

[2010/08/22 19:30:37 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/08/22 19:30:15 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\David\Desktop\NTREGOPT.lnk

[2010/08/22 19:30:15 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ERUNT.lnk

[2010/08/22 19:24:35 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Malwarebytes fix.url

[2010/08/22 19:23:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt-setup.exe

[2010/08/22 19:15:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2BEFA307-3838-4EB1-B953-FE52FBA24C0C}.job

[2010/08/22 12:08:26 | 000,005,381 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Attach.zip

[2010/08/22 11:12:19 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\David\Desktop\hytkrmpt.exe

[2010/08/22 11:05:15 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\David\Desktop\dds.scr

[2010/08/22 10:49:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David\defogger_reenable

[2010/08/22 10:48:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Defogger.exe

[2010/08/22 09:24:21 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\RegFast.job

[2010/08/21 17:58:28 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft AutoRoute.lnk

[2010/08/21 15:18:32 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007 (2).lnk

[2010/08/21 14:26:13 | 000,114,355 | ---- | M] () -- C:\Documents and Settings\David\Desktop\NHW OWL consent A Hoyle.pdf

[2010/08/21 13:41:00 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\David\Desktop\NHW OWL consent.doc

[2010/08/20 00:28:02 | 000,043,521 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Optimize-Support.zip

[2010/08/19 22:51:27 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007 (2).lnk

[2010/08/19 15:51:12 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\David\Desktop\PC Matic.lnk

[2010/08/19 10:20:09 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/08/19 10:01:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/19 09:18:13 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/19 09:12:14 | 000,000,814 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/19 09:12:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/19 09:12:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/08/18 08:54:14 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2010/08/17 23:56:58 | 000,011,478 | ---- | M] () -- C:\Documents and Settings\David\Desktop\To be honest I don.docx

[2010/08/17 13:16:01 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/08/17 12:06:31 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/08/17 12:06:31 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/08/17 12:06:31 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk

[2010/08/15 14:35:28 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access.lnk

[2010/08/13 18:28:07 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Bnifidu.dat

[2010/08/13 18:28:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sqike.bin

[2010/08/13 16:40:03 | 000,006,366 | ---- | M] () -- C:\Documents and Settings\David\Application Data\PrimoPDFSet.xml

[2010/08/12 23:12:27 | 048,132,608 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RMS Queen Elizabeth.ppt

[2010/08/12 11:56:00 | 000,140,996 | ---- | M] () -- C:\Documents and Settings\David\Desktop\System Model - processbased.png

[2010/08/12 09:52:58 | 000,000,131 | ---- | M] () -- C:\Documents and Settings\David\My Documents\MyProject.sonic

[2010/08/12 07:47:21 | 000,498,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/12 01:03:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/12 01:01:43 | 000,536,530 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/12 01:01:43 | 000,466,414 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/12 01:01:43 | 000,079,630 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/11 18:23:23 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint.lnk

[2010/08/11 08:08:08 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Queen Elizabeth.url

[2010/08/10 16:39:27 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\PMB - Picture Motion Browser.lnk

[2010/08/07 15:31:28 | 000,010,304 | ---- | M] () -- C:\WINDOWS\MSOPrefs.232

[2010/08/07 15:31:28 | 000,004,544 | ---- | M] () -- C:\WINDOWS\MSOClip.232

[2010/08/06 23:56:29 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Systems Thinking 2.url

[2010/08/06 23:55:35 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Systems Thinking.url

[2010/08/06 10:01:49 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\David\Desktop\CQI Forum.url

[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2010/07/31 17:32:42 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk

[2010/07/31 17:32:42 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk

[2010/07/31 17:32:41 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk

[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

[2010/07/26 10:53:44 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2010/07/26 10:53:44 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/22 19:30:37 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2010/08/22 19:30:15 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\David\Desktop\NTREGOPT.lnk

[2010/08/22 19:30:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ERUNT.lnk

[2010/08/22 19:24:09 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Malwarebytes fix.url

[2010/08/22 12:08:13 | 000,005,381 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Attach.zip

[2010/08/22 11:10:42 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David\Desktop\hytkrmpt.exe

[2010/08/22 11:04:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\David\Desktop\dds.scr

[2010/08/22 10:55:47 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Mawarebytes Infection Removal.url

[2010/08/22 10:49:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\defogger_reenable

[2010/08/22 10:47:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Defogger.exe

[2010/08/21 14:26:12 | 000,114,355 | ---- | C] () -- C:\Documents and Settings\David\Desktop\NHW OWL consent A Hoyle.pdf

[2010/08/21 13:41:00 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\David\Desktop\NHW OWL consent.doc

[2010/08/20 00:28:02 | 000,043,521 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Optimize-Support.zip

[2010/08/20 00:15:36 | 2144,976,896 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/19 15:51:12 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\David\Desktop\PC Matic.lnk

[2010/08/19 10:20:09 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/08/19 09:18:13 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/17 23:56:58 | 000,011,478 | ---- | C] () -- C:\Documents and Settings\David\Desktop\To be honest I don.docx

[2010/08/17 12:06:31 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/08/17 12:06:31 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/08/17 12:06:31 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk

[2010/08/13 19:14:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/13 18:28:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Bnifidu.dat

[2010/08/13 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Sqike.bin

[2010/08/12 22:01:33 | 015,990,784 | ---- | C] () -- C:\Documents and Settings\David\ntuser.dat

[2010/08/12 11:56:00 | 000,140,996 | ---- | C] () -- C:\Documents and Settings\David\Desktop\System Model - processbased.png

[2010/08/12 09:52:58 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\David\My Documents\MyProject.sonic

[2010/08/10 21:22:16 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Queen Elizabeth.url

[2010/08/07 19:05:43 | 048,132,608 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RMS Queen Elizabeth.ppt

[2010/08/06 23:56:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Systems Thinking 2.url

[2010/08/06 10:01:28 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\David\Desktop\CQI Forum.url

[2010/08/06 09:59:21 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Systems Thinking.url

[2010/07/31 17:32:42 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Help.lnk

[2010/07/31 17:32:42 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB Launcher.lnk

[2010/07/31 17:32:41 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PMB.lnk

[2010/07/24 10:00:44 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2010/07/24 10:00:43 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

[2009/08/10 11:04:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\isppsvrw.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/02 11:01:10 | 000,006,366 | ---- | C] () -- C:\Documents and Settings\David\Application Data\PrimoPDFSet.xml

[2009/08/02 11:01:08 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml

[2009/07/24 15:39:00 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2009/07/04 12:45:38 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2009/05/29 17:20:14 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Smiley.ico

[2009/05/10 21:02:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\ALBUM.INI

[2009/04/27 05:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2008/10/12 10:33:01 | 000,021,940 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft Excel 97-2003.ADR

[2008/08/01 14:39:10 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2008/08/01 14:39:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2008/05/17 03:01:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008/01/23 13:22:54 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI

[2008/01/10 17:16:45 | 000,002,368 | ---- | C] () -- C:\WINDOWS\pi2000.ini

[2007/12/07 17:33:37 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll

[2007/12/07 17:33:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll

[2007/12/04 22:36:06 | 000,683,801 | ---- | C] () -- C:\Documents and Settings\David\Application Data\unins000.exe

[2007/12/04 22:36:06 | 000,009,708 | ---- | C] () -- C:\Documents and Settings\David\Application Data\unins000.dat

[2007/11/19 12:58:10 | 000,140,800 | ---- | C] () -- C:\WINDOWS\unez200.dll

[2007/11/17 13:44:44 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll

[2007/11/03 14:53:41 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2007/10/28 14:44:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2007/10/28 14:41:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEDX7400EXPORT.ini

[2007/10/28 13:59:21 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll

[2007/10/28 13:59:21 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

[2007/08/27 09:26:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI

[2007/07/26 23:26:05 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll

[2007/07/24 14:45:40 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\David\Application Data\WavCodec.wff

[2007/07/20 16:10:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2007/05/19 22:18:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll

[2007/05/19 22:15:04 | 000,000,359 | ---- | C] () -- C:\WINDOWS\Maris.ini

[2007/04/06 13:33:42 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll

[2007/04/06 13:33:42 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll

[2007/04/06 13:33:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll

[2007/04/06 13:33:01 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESC86PEEuro.ini

[2007/04/03 20:30:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2007/04/03 18:27:09 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\cutemon2k.dll

[2007/04/02 20:03:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2007/04/02 19:14:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2007/04/02 13:16:24 | 000,000,252 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI

[2007/04/02 13:15:10 | 000,007,008 | ---- | C] () -- C:\WINDOWS\System32\Setupkit.dll

[2007/04/02 11:53:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/03/31 18:14:58 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/03/31 16:05:06 | 000,018,252 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007/03/30 17:27:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat

[2007/03/26 15:09:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/03/26 15:06:54 | 000,000,332 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/03/26 14:42:50 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/03/09 08:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2007/03/06 10:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/03/06 10:14:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/01/25 18:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2005/11/10 01:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/11 17:24:19 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 17:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2004/08/11 17:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2004/08/11 17:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2004/08/11 17:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2004/08/11 17:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2002/10/01 12:07:08 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll

[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/05/29 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1366

[2009/12/14 10:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2007/07/26 10:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/08/12 09:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\copypart

[2010/08/22 09:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epitiro

[2007/10/28 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009/08/12 09:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher

[2009/11/05 13:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2009/11/05 13:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2010/08/19 01:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher

[2009/05/29 19:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2007/08/01 18:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/05/29 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2010/08/20 00:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2010/06/12 10:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/07/04 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/08/22 21:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/08/02 11:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2010/02/17 13:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2007/10/28 14:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2007/04/02 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/05/29 15:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

[2009/11/12 16:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Acronis

[2010/08/17 00:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Emala

[2007/11/28 17:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\EPSON

[2010/06/12 10:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\GetRightToGo

[2010/08/17 13:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Giah

[2010/08/16 23:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Iscuip

[2007/04/02 19:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech

[2007/08/01 18:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\NCH Swift Sound

[2010/05/29 15:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Nuance

[2007/07/23 21:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\RecordPad

[2010/01/21 11:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Serif

[2010/08/07 09:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Spotify

[2008/08/02 11:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TomTom

[2010/02/17 13:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Trusteer

[2010/08/17 23:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Ucte

[2010/08/19 00:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Uniblue

[2007/06/17 10:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Desktop Search

[2008/08/16 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Zeon

[2010/07/15 01:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2009/11/01 02:00:11 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2010/08/22 21:07:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/08/22 09:24:21 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\RegFast.job

[2010/08/22 19:15:55 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2BEFA307-3838-4EB1-B953-FE52FBA24C0C}.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E55808C

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD39382

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:527B6DAD

< End of report >

=============================================

Link to post
Share on other sites

Post #2

Extras.txt follows

OTL Extras logfile created on: 22/08/2010 21:16:33 - Run 1

OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.96 Gb Total Space | 103.54 Gb Free Space | 69.51% Space Free | Partition Type: NTFS

Drive D: | 149.01 Gb Total Space | 29.56 Gb Free Space | 19.83% Space Free | Partition Type: NTFS

Drive E: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 1.91 Gb Total Space | 1.29 Gb Free Space | 67.69% Space Free | Partition Type: FAT

Drive G: | 161.14 Gb Total Space | 109.79 Gb Free Space | 68.13% Space Free | Partition Type: NTFS

Drive H: | 468.88 Gb Total Space | 468.80 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Drive I: | 301.49 Gb Total Space | 166.59 Gb Free Space | 55.25% Space Free | Partition Type: NTFS

Computer Name: CATHERINE

Current User Name: David

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"84:TCP" = 84:TCP:*:Enabled:VRS Recording System Web Control Panel

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Documents and Settings\David\Local Settings\Temp\_ISTMP1.DIR\_INS5576._MP" = C:\Documents and Settings\David\Local Settings\Temp\_ISTMP1.DIR\_INS5576._MP:*:Disabled:InstallShield Engine -- File not found

"C:\Program Files\ViaVoice\Bin\engine.exe" = C:\Program Files\ViaVoice\Bin\engine.exe:*:Disabled:IBM ViaVoice

Link to post
Share on other sites

Continued #3

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00300409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Proofing Tools Disc 1

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1

"{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}" = Serif PhotoPlus 8.0

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine

"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23875609-A02D-4DD2-AEC3-B3408295F9D7}" = tbbMeter

"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1

"{24D1FCDD-FE3F-43D4-96D6-EDA0A8F633E7}_is1" = Sothink DHTML Menu 8

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver

"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer

"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{41E57D2A-F778-4183-B1F7-A4A5FDF0E896}" = GrabBee

"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter

"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype

Link to post
Share on other sites

Continued #4

"WavePad" = WavePad Uninstall

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPcapInst" = WinPcap 4.0

"WinZip" = WinZip

"WordRead" = WordRead

"Yahoo! Mail" = Yahoo! Internet Mail

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Link to post
Share on other sites

Seems to work this time

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 22/08/2010 15:28:45 | Computer Name = CATHERINE | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Windows Application,

SystemIndex Catalog

Error - 22/08/2010 15:28:54 | Computer Name = CATHERINE | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Windows Application,

SystemIndex Catalog

Error - 22/08/2010 16:02:39 | Computer Name = CATHERINE | Source = Windows Search Service | ID = 3024

Description = The update cannot be started because the content sources cannot be

accessed. Fix the errors and try the update again. Context: Windows Application,

SystemIndex Catalog

Error - 22/08/2010 16:07:56 | Computer Name = CATHERINE | Source = McLogEvent | ID = 5051

Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took

longer than 90000 ms to complete a request. The process will be terminated. Thread

id : 2296 (0x8f8) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Trusteer\Rapport\bin\atl80.dll

by System 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)

5004(0)(0)

Error - 22/08/2010 16:11:32 | Computer Name = CATHERINE | Source = McLogEvent | ID = 5051

Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took

longer than 90000 ms to complete a request. The process will be terminated. Thread

id : 5056 (0x13c0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\BOSSFonts\FontMgr.exe

by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

[ OSession Events ]

Error - 30/07/2009 10:45:59 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25905

seconds with 10980 seconds of active time. This session ended with a crash.

Error - 20/08/2009 11:15:59 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21

seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/09/2009 19:03:40 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 53505

seconds with 1560 seconds of active time. This session ended with a crash.

Error - 22/09/2009 07:10:09 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 732

seconds with 420 seconds of active time. This session ended with a crash.

Error - 01/10/2009 22:06:12 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 53729

seconds with 660 seconds of active time. This session ended with a crash.

Error - 21/10/2009 12:00:30 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6021.5000. This session lasted 800

seconds with 480 seconds of active time. This session ended with a crash.

Error - 13/05/2010 19:23:14 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 53790

seconds with 2700 seconds of active time. This session ended with a crash.

Error - 17/05/2010 18:17:21 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5158

seconds with 2340 seconds of active time. This session ended with a crash.

Error - 26/07/2010 18:08:27 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48460

seconds with 180 seconds of active time. This session ended with a crash.

Error - 08/08/2010 19:39:09 | Computer Name = CATHERINE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 54079

seconds with 2520 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 22/08/2010 16:07:02 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the PMBDeviceInfoProvider

service to connect.

Error - 22/08/2010 16:07:02 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7000

Description = The PMBDeviceInfoProvider service failed to start due to the following

error: %%1053

Error - 22/08/2010 16:07:02 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7023

Description = The Uninterruptible Power Supply service terminated with the following

error: %%2481

Error - 22/08/2010 16:07:02 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Windows Search service

to connect.

Error - 22/08/2010 16:07:08 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 22/08/2010 16:07:09 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

with the following error: %%2

Error - 22/08/2010 16:07:56 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7031

Description = The McAfee Real-time Scanner service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.

Error - 22/08/2010 16:08:56 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the McAfee Real-time Scanner service,

but this action failed with the following error: %%1056

Error - 22/08/2010 16:11:33 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7031

Description = The McAfee Real-time Scanner service terminated unexpectedly. It

has done this 2 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.

Error - 22/08/2010 16:12:33 | Computer Name = CATHERINE | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the McAfee Real-time Scanner service,

but this action failed with the following error: %%1056

< End of report >

====================

checkup.txt follows

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

McAfee Security Scan Plus

McAfee SecurityCenter

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 17

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player

Adobe Reader 9.1

Out of date Adobe Reader installed!

Mozilla Firefox (3.6.6) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Windows Defender MSASCui.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

McAfee VIRUSS~1 mcsysmon.exe

McAfee VIRUSS~1 mcshield.exe

Windows Defender MsMpEng.exe

Windows Defender MSASCui.exe

````````````````````````````````

DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Over to you

Link to post
Share on other sites

Hello Pennington,

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not Pennington and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    :files
    C:\Ntf9.tmp
    C:\NtfA.tmp
    C:\Ntf12.tmp
    C:\Ntf11.tmp
    C:\Ntf95.tmp
    C:\Ntf94.tmp
    recycler /alldrives
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below, and SAVE it to your Desktop.

For information regarding this download,

please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1

Link 2

Link 3

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

-------------------------------------------------------

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Double click Combo-Fix.exe on your Desktop to start it.

  • A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of contents of OTL MovedFiles log

the TDSSKILLER report (if present)

and C:\Combofix.txt

and tell me, How is your system now ?

Link to post
Share on other sites

Good Morning Maurice

I ran all the scans this morning and they appear to have completed successfully. My only problem was trying is disable McAfee anti virus and other protection as its not in the menu from the systems tray icon and was slow to respond to my actions but I disabled it eventually and its now back on

The files you requested follow.

==================================

OTL Log

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

========== FILES ==========

File\Folder C:\Ntf9.tmp not found.

File\Folder C:\NtfA.tmp not found.

File\Folder C:\Ntf12.tmp not found.

File\Folder C:\Ntf11.tmp not found.

File\Folder C:\Ntf95.tmp not found.

File\Folder C:\Ntf94.tmp not found.

C:\RECYCLER\S-1-5-21-777454499-1870636636-1504408611-1005 folder moved successfully.

C:\RECYCLER\S-1-5-18 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-777454499-1870636636-1504408611-1005 folder moved successfully.

D:\RECYCLER\S-1-5-18 folder moved successfully.

D:\RECYCLER folder moved successfully.

recycler not found in E:\

recycler not found in F:\

G:\RECYCLER\S-1-5-21-777454499-1870636636-1504408611-1005 folder moved successfully.

G:\RECYCLER\S-1-5-18 folder moved successfully.

G:\RECYCLER folder moved successfully.

H:\RECYCLER\S-1-5-21-777454499-1870636636-1504408611-1005 folder moved successfully.

H:\RECYCLER\S-1-5-18 folder moved successfully.

H:\RECYCLER folder moved successfully.

I:\RECYCLER\S-1-5-21-777454499-1870636636-1504408611-1005 folder moved successfully.

I:\RECYCLER\S-1-5-18 folder moved successfully.

I:\RECYCLER folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Angela

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: David

->Temp folder emptied: 355056 bytes

->Temporary Internet Files folder emptied: 350092 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 649 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 3864 bytes

->Temporary Internet Files folder emptied: 1004544 bytes

->Flash cache emptied: 937 bytes

User: SYSTEM

%systemdrive% .tmp files removed: 1036030 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70346 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: Angela

User: David

->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

User: SYSTEM

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08232010_083443

Files\Folders moved on Reboot...

File move failed. C:\Ntf7.tmp scheduled to be moved on reboot.

File move failed. C:\Ntf8.tmp scheduled to be moved on reboot.

File\Folder C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_be0.dat not found!

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_55c.dat not found!

Registry entries deleted on Reboot...

==========================================

rkill log follows

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as David on 23/08/2010 at 8:54:17.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Documents and Settings\David\My Documents\Downloads\TomTom HOME 2\TomTomHOMEService.exe

C:\Documents and Settings\David\Desktop\rkill.com

Rkill completed on 23/08/2010 at 8:54:27.

=================================================

Combofix log follows

ComboFix 10-08-22.05 - David 23/08/2010 9:27.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1193 [GMT 1:00]

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\David\GoToAssistDownloadHelper.exe

c:\documents and settings\David\Local Settings\Application Data\{737E220C-9CEF-4703-9B95-AEEEAA26CE50}

c:\documents and settings\David\Local Settings\Application Data\{737E220C-9CEF-4703-9B95-AEEEAA26CE50}\chrome\content\_cfg.js

c:\documents and settings\David\Local Settings\Application Data\{737E220C-9CEF-4703-9B95-AEEEAA26CE50}\chrome\content\overlay.xul

c:\documents and settings\David\Local Settings\Application Data\{737E220C-9CEF-4703-9B95-AEEEAA26CE50}\install.rdf

c:\windows\system32\logs

c:\windows\system32\logs\Events.dat

G:\Autorun.inf

H:\Autorun.inf

I:\autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))

.

2010-08-22 18:30 . 2010-08-22 18:30 -------- d-----w- c:\program files\ERUNT

2010-08-21 21:00 . 2010-08-21 21:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-19 09:22 . 2010-08-19 09:22 63488 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-08-19 09:22 . 2010-08-19 09:22 52224 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-08-19 09:22 . 2010-08-19 09:22 117760 ----a-w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-08-19 09:21 . 2010-08-19 09:21 -------- d-----w- c:\documents and settings\David\Application Data\SUPERAntiSpyware.com

2010-08-19 09:21 . 2010-08-19 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-08-19 09:20 . 2010-08-19 09:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-19 08:18 . 2010-08-19 08:18 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes

2010-08-19 08:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-19 08:18 . 2010-08-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-19 08:18 . 2010-08-19 08:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-19 08:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-18 23:13 . 2010-08-18 23:13 -------- d-----w- c:\documents and settings\David\Application Data\Uniblue

2010-08-17 16:12 . 2010-08-17 16:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-08-17 11:06 . 2010-08-17 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-08-17 11:06 . 2010-08-17 11:11 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-08-15 14:15 . 2010-08-15 14:15 77312 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\jcmqu.exe

2010-08-15 14:15 . 2010-08-15 14:15 73728 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\ncqo.exe

2010-08-15 14:15 . 2010-08-15 14:15 417792 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMR\16032\RapportMR.dll

2010-08-14 15:19 . 2010-08-14 15:19 -------- d-----w- c:\windows\system32\wbem\Repository

2010-08-13 18:14 . 2010-08-23 07:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-13 17:29 . 2010-08-13 17:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-13 17:28 . 2010-08-13 17:28 120 ----a-w- c:\windows\Bnifidu.dat

2010-08-13 17:28 . 2010-08-13 17:28 0 ----a-w- c:\windows\Sqike.bin

2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\18481\RapportMS.dll

2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus.dll

2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys

2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2010-07-31 16:34 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-07-31 16:32 . 2010-07-31 16:32 -------- d-----w- c:\windows\Logs

2010-07-26 09:53 . 2010-07-26 09:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

2010-07-24 09:00 . 2010-07-24 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-07-24 09:00 . 2010-07-26 09:53 -------- d-----w- c:\program files\McAfee Security Scan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-23 08:34 . 2009-03-09 12:38 -------- d-----w- c:\program files\isposure

2010-08-23 08:01 . 2008-07-30 17:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-08-23 08:01 . 2010-08-23 08:01 67 ----a-w- C:\Ntf11.tmp

2010-08-23 08:01 . 2010-08-23 08:01 67 ----a-w- C:\Ntf10.tmp

2010-08-23 07:59 . 2004-08-11 16:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-23 06:52 . 2009-03-09 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Epitiro

2010-08-22 21:58 . 2007-04-01 09:51 -------- d-----w- c:\program files\Registry Fast

2010-08-19 23:27 . 2009-05-22 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2010-08-19 17:44 . 2007-04-12 08:25 -------- d-----w- c:\program files\PCPitstop

2010-08-19 00:11 . 2009-08-09 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher

2010-08-18 23:54 . 2007-04-02 16:23 -------- d-----w- c:\documents and settings\David\Application Data\Skype

2010-08-18 23:04 . 2008-12-16 16:36 -------- d-----w- c:\documents and settings\David\Application Data\skypePM

2010-08-17 22:43 . 2007-07-13 05:14 -------- d-----w- c:\documents and settings\David\Application Data\Ucte

2010-08-17 12:28 . 2007-04-09 01:16 -------- d-----w- c:\documents and settings\David\Application Data\Giah

2010-08-16 23:02 . 2007-08-19 20:51 -------- d-----w- c:\documents and settings\David\Application Data\Emala

2010-08-16 22:30 . 2009-10-13 07:26 -------- d-----w- c:\documents and settings\David\Application Data\Iscuip

2010-08-12 07:48 . 2007-04-02 22:07 -------- d-----w- c:\program files\Paint Shop Pro 6

2010-08-12 00:02 . 2007-03-26 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-07 10:13 . 2009-10-02 16:26 -------- d-----w- c:\program files\OVT

2010-08-07 08:40 . 2010-02-10 14:32 -------- d-----w- c:\documents and settings\David\Application Data\Spotify

2010-08-04 17:05 . 2007-07-03 08:39 136280 ----a-w- c:\documents and settings\Angela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-07-31 16:36 . 2007-11-17 12:52 -------- d-----w- c:\documents and settings\David\Application Data\Sony Corporation

2010-07-31 16:31 . 2007-11-17 12:34 -------- d-----w- c:\program files\Sony

2010-07-31 16:31 . 2007-03-26 14:02 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-31 16:31 . 2007-11-17 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation

2010-07-25 08:29 . 2009-06-11 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-25 08:29 . 2008-04-11 23:57 -------- d-----w- c:\program files\McAfee

2010-07-15 14:18 . 2008-04-11 23:58 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-07-06 12:52 . 2010-03-16 13:08 439816 ----a-w- c:\documents and settings\David\Application Data\Real\Update\setup3.10\setup.exe

2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

2010-06-30 12:31 . 2004-08-11 16:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-11 16:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-11 16:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-11 16:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-11 16:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-11 16:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-12 09:35 . 2007-03-26 14:09 136280 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]

"tbbMeter"="c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe" [2009-11-23 688648]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-27 198160]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]

"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2009-09-22 2114752]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5107192]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361648]

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" [2008-11-03 54560]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-01 1273856]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-06-30 111904]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-26 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\David\Start Menu\Programs\Startup\

Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-12-7 118784]

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\engine.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\audmig.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\macroeditor.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\ewiz.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\vocabexp.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\msaadmn.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\navcentral.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\smart.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\userwiz.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\speechbar.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\vtdirect.exe"=

"c:\\Program Files\\ViaVoice\\Bin\\voicepad.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"84:TCP"= 84:TCP:VRS Recording System Web Control Panel

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [05/08/2010 19:19 58984]

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12/11/2009 15:26 911680]

R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [27/02/2010 18:33 390528]

R1 RapportCerberus_18130;RapportCerberus_18130;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys [05/08/2010 19:29 34536]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [05/08/2010 19:19 168936]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [07/12/2009 19:50 2480048]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [26/09/2009 00:32 189736]

R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 09:43 761856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/08/2010 09:18 304464]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [30/06/2009 16:49 134944]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 03:18 360224]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [05/08/2010 19:19 763112]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David\My Documents\Downloads\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]

R2 VRSService;VRS Recording System Service;c:\program files\NCH Swift Sound\VRS\vrs.exe [26/07/2007 11:15 577540]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [07/12/2009 19:50 160288]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/08/2010 09:18 20952]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [31/07/2006 13:44 580992]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [01/08/2008 14:39 17149]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 18:31 42000]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [22/05/2009 09:34 90296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB

*Deregistered* - klmdb

.

Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-11 11:22]

2009-11-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-11 11:22]

2010-08-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-08-22 c:\windows\Tasks\RegFast.job

- c:\program files\Registry Fast\RegFast.exe [2010-06-08 15:57]

2010-08-22 c:\windows\Tasks\User_Feed_Synchronization-{2BEFA307-3838-4EB1-B953-FE52FBA24C0C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.bbc.co.uk/weather/forecast/2888?&search=monmouth&itemsPerPage=10&region=uk&area=Monmouth

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = hxxp://localhost;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

Trusted Zone: hsbc.co.uk\pdfservice

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\ir18nc5s.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/weather/forecast/2888?&search=monmouth&itemsPerPage=10&region=uk&area=Monmouth

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll

FF - plugin: c:\program files\Nuance\PDF Professional 6\bin\nppdf.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-23 09:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]

@DACL=(02 0000)

@="\"file:%1\",,-1,,,,,"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\COMRes.dll

.

Completion time: 2010-08-23 09:36:32

ComboFix-quarantined-files.txt 2010-08-23 08:36

Pre-Run: 111,188,013,056 bytes free

Post-Run: 111,128,059,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 70BCD37A43E493F4E2AC9DFC5290BF64

================================

MWB has not blocked any IPs in the last 30mins and the system appears to be running normally. Just a few questions if I may

1 You said that I don't need any register cleaner software and I was puzelled by this as so many are on the market. I uninstalled Registey Booster but have Registry Fast, but I admit to be puzelled why I always have 100s of empty registry keys and failed short cuts it needs to fix

2. When using TFC I noticed that it found1GB of temporary files and that was after I thought I had cleaned the system using Registry Fast and Windows Drive clean. Should I use TFC in future instead of these other programs?

3. You also said that I should not run more than one spyware detection program at the same time. But McAfee has a spyware module and I also have Malwarebytes running and SUPER Antispyware active in the systems tray. What's your advice on these?

I will monitor for 48 hrs and get back to you, but meanwhile many thanks for your help. When we have confirmation the infection has been removed will these posts remain on the forum because I am not sure there is nothing in them that might enable hackers to attack my PC again?

Link to post
Share on other sites

Hello Pennington,

In regards to "registry cleaners" or "registry boosters", you do not need any. Nor, imho, should you use them.

See this article and discussion and draw your own conclusion

Should I Use a Registry Cleaner?

#2 The utility TFC (temp file cleaner) by OldTimer deletes temporary files off the disk, not the registry.

Temporary work files reside on the disk, not the registry.

Don't use registry cleaners for purpose of removing temp files. Use TFC on some schedule to remove temp files (daily or so, at end of the day).

#3 I did not state to not run or use multiple "antispyware" apps. I only say to not have more than 1 active antivirus program.

MalwareBytes' MBAM has no antivirus component. In your case, McAfee should be the only antivirus installed on this system.

Let's have you do an online scan at Kaspersky:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Scan the system with the Kaspersky Online Scanner

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

icon_arrow.gifAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

Read the Information block presented on the screen, and then press the Accept button.

1) Accept the agreement

2) The necessary files will be downloaded and installed. Please have plenty of patience.

3) After Kaspersky AntiVirus Database is updated, look at the Scan box.

4) Click the My Computer line

5 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

6) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or ComboFix's Qoobox or other quarantine.

Kaspersky is a report only and does not remove files.

Post back with copy of the Kaspersky.txt report.

How is your system now icon_question.gif

Link to post
Share on other sites

Hi Maurice

Many thanks for the advice on registry cleaners. Before I implement your instructions I have detected a few problems this morning

1 McAfee Antivirus protection has stopped three times since I ran Combofix and rebooted the system. It also took a long time to return to normal

2 I am still getting several inbound IPs that MWB is blocking

3 I have had 2 instances where a program did not respond and had to be shut down. Both occurred when I was attempting to open a file from a different folder to the last one.

Is there anything I should do before I run the sequence you have advised?

Link to post
Share on other sites

#1. What about Mcafee. Do you mean you started a McAfee scan?

#2. That is the job of MBAM IP block to stop malicious inbound traffic. That is what it is supposed to do.

#3. No idea about programs. Which are they? Have you restarted system fresh?

I'd like for you to do the Kaspersky scan as a stand-alone task. Don't run anything else while it runs.

Link to post
Share on other sites

Hi Maurice

What I meant was that McAfee protection was turned off three times by an unknown intervention

Sorry, I do know that MWB is supposed to block malicious traffic. What I meant to say was that the threats have changed. Previously nearly all the threats were from 94.228.209.200 but after completing Combofix, I am getting 60.190.222.148, 85.234.172.184 and not 94.228.209.200 . Perhaps I don't understand this stuff, but what am I doing that invites these intruders to my door? I thought that perhaps there was some spyware embedded in my system and these attacks from IPs are collecting from their resident spy. So I get rid of the spy and they stop coming to collect but maybe it doesn't work like that.

I was using Outlook to attach a file to an e-mail and if froze. In another instance I was on another Internet forum attempting to upload an attachment and it froze.

I started the Kaspersky AV scan. It took well over an hour to download the database and then after 3 hrs it had only scanned for 1hr 18 mins (2%) and then it seemed to freeze. No movement for 30 mins. By this time it was 20:00hrs when my internet connection gets slow. I measured the speed and it was below 100Kbs. When you told me to be patient I didn't think it would be that long and I was getting anxious as I had no virus or malware protection and so I stopped the scan and intend to start again in the morning when my Internet connection speed is up again to 6Mbps.

Before I stopped the scan it had detected 1 virus and 1 threat so it seems I am not out of the woods yet.

Link to post
Share on other sites

Good Morning Maurice

I completed the Kaspersky scan this morning which took about 4 hrs but interestingly, its took 3.5 hrs to scan 16% and 30mins to scan the rest. Scan results follow:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, August 24, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Monday, August 23, 2010 17:34:23

Records in database: 4137930

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan statistics:

Objects scanned: 206869

Threats found: 2

Infected objects found: 2

Suspicious objects found: 0

Scan duration: 04:00:15

File name / Threat / Threats count

C:\My Downloads\Group Mail\infactagmproup2.exe Infected: not-a-virus:AdWare.Win32.Aureate.l 1

D:\Pen Drive Contents\vnc-3.3.6-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c 1

Selected area has been scanned.

I can delete both files as I no longer use them. As there were no other threats am I to assume that the infection I reported has now been resolved or might I have been reinfected during the time I ran the Kaspersky scan?

If this is indeed so, I am most grateful for all your assistance but before I sign off could you please explain which of all the scans found the infection and which files were deleted?

Link to post
Share on other sites

The kaspersky scan did not remove anything; it just tagged 2 items. If you have deleted them (which I'd suggest), then very well.

Allow me time to review your logs once more. In the meantime, you need several updates.

Step 1

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Windows 7/XP/Vista/2000/2003/2008 Offline (it is the 2nd one listed under Windows and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

If you want to also un-check the "Check for updates automatically" you may:

Click the Update tab. un-check the line if it is checked.

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 21 from Sun Microsystems Inc.

Step 2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan

Let me know after you have done these items.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.