Jump to content

Multiple(?) infections


feenz

Recommended Posts

Hi there

After leaving my home machine in the capable hands of my friend's younger brother (an absolute online poker addict), I've returned to find it crippled.

When I log in:

- error messages are displayed by AVG and Zone Alarm

- a message bubble appears from the system tray saying something along the lines of "malware has been found, click here to download anti-malware software" (I haven't clicked this, and can provide full text when I get home)

- I can not run any anti-spyware, anti-virus or anti-malware software (even when running in safe mode with all startup items disabled by msconfig)

- I can not access the internet (even when running in safe mode with all startup items disabled by msconfig)

Unfortunately, this means I can't post a Spybot, Malwarebytes or PandaActive scan at this point. I have, however, been able to run HijackThis, which produced the logs included at the bottom of my post.

If anyone could help, or even let me know how I could get to the point where I can run any anti-malware programs / browsers in order to post more information, I'd be incredibly grateful.

It may be worth noting that, after a previous visit from my friend's brother, I found the computer in a similar state, but managed to clean it to the point where it only had one piece of malware left: a rootkit, which sounds pretty heinous and could not be removed by MalwareBytes. I was planning on just rescuing the machine, formatting it and reinstalling Windows, but Dell are being fantastically annoying about sending me an XP disk, so I don't really know what to do at the moment. I believe the machine has PC Restore installed on a hidden partition, but I don't want to use that if there's a chance it's infected, and I would ideally like to clean the machine before attempting to backup any data files.

Many thanks

Feenz

* Log with all startup items ENABLED*

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:19:56, on 19/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\Stephen\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: karna.dat

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9265 bytes

*-----*

* Log with all startup items DISABLED*

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:13:19, on 19/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Stephen\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: karna.dat

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 6786 bytes

*-----*

Link to post
Share on other sites

Hi feenz, welcome to the Malwarebytes Security Forum

My name is SpySentinel and I will be helping you fix your computer.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Link to post
Share on other sites

hi there, here are the logs, apologies for the delay :D

thanks again for helping :D

* LOG.TXT *

Logfile of random's system information tool 1.04 (written by random/random)

Run by Stephen at 2008-11-26 17:50:28

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 104 GB (69%) free of 150 GB

Total RAM: 1022 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:50:48, on 26/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\Stephen\Desktop\RSIT.exe

C:\Documents and Settings\Stephen\Desktop\Stephen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: karna.dat

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9446 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (STEPHEN02-Stephen).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8B68564D-53FD-4293-B80C-993A9F3988EE} - Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll [2004-02-12 286720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-24 180269]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-12-14 495616]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]

"Norton Ghost 10.0"=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]

"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-01 1234712]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"4oD"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"STManager"=C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe -b []

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe

Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe"="C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module"

"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe"="C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"="C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe"="C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson\ST330\service\st330service.exe"="C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-26 17:50:28 ----D---- C:\rsit

2008-11-20 21:46:44 ----D---- C:\Program Files\a-squared Free

2008-11-19 20:01:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-19 19:59:58 ----D---- C:\Documents and Settings\Stephen\Application Data\U3

2008-11-19 19:47:36 ----D---- C:\WINDOWS\pss

2008-11-17 21:40:08 ----A---- C:\WINDOWS\system32\delself.bat

2008-11-12 21:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 21:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 21:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-05 18:53:00 ----D---- C:\Program Files\Enigma Software Group

2008-11-01 20:54:48 ----HD---- C:\$AVG8.VAULT$

2008-11-01 19:34:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2008-11-01 19:34:34 ----D---- C:\Program Files\AVG

2008-11-01 19:34:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2008-10-31 23:46:52 ----D---- C:\Documents and Settings\Stephen\Application Data\Malwarebytes

2008-10-31 23:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-31 19:50:04 ----A---- C:\WINDOWS\ntbtlog.txt

2008-10-31 19:14:33 ----D---- C:\WINDOWS\Registration

2008-10-29 16:36:24 ----D---- C:\Program Files\UnPacker

======List of files/folders modified in the last 1 months======

2008-11-26 17:45:17 ----D---- C:\WINDOWS\Temp

2008-11-21 19:12:09 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-21 19:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

2008-11-21 19:09:32 ----D---- C:\WINDOWS\Internet Logs

2008-11-21 19:08:38 ----D---- C:\WINDOWS\Prefetch

2008-11-21 19:04:50 ----D---- C:\Program Files\Mozilla Firefox

2008-11-21 19:04:06 ----RD---- C:\Program Files

2008-11-21 19:04:05 ----D---- C:\WINDOWS\system32\DRIVERS

2008-11-21 07:49:52 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2008-11-20 21:40:41 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-20 21:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-20 21:37:18 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-19 20:20:27 ----HD---- C:\WINDOWS\INF

2008-11-19 20:16:53 ----RASH---- C:\BOOT.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\WIN.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\SYSTEM.INI

2008-11-19 19:47:36 ----D---- C:\WINDOWS

2008-11-18 19:35:26 ----D---- C:\WINDOWS\network diagnostic

2008-11-18 00:22:17 ----D---- C:\WINDOWS\SYSTEM32

2008-11-18 00:18:39 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2008-11-16 11:27:01 ----D---- C:\Program Files\PokerStars

2008-11-12 21:34:25 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 21:34:22 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 21:33:04 ----SHD---- C:\WINDOWS\Installer

2008-11-12 21:33:04 ----SHD---- C:\Config.Msi

2008-11-12 21:33:03 ----D---- C:\WINDOWS\WinSxS

2008-11-10 21:14:38 ----D---- C:\Program Files\Mozilla Thunderbird

2008-11-06 13:37:35 ----A---- C:\WINDOWS\wuasirvy.dll

2008-11-06 11:47:25 ----A---- C:\WINDOWS\sdfinacs.dll

2008-11-06 11:46:25 ----A---- C:\WINDOWS\sdfixwcs.dll

2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-01 19:33:44 ----SD---- C:\Documents and Settings\Stephen\Application Data\Microsoft

2008-11-01 19:29:31 ----D---- C:\Program Files\Common Files\Microsoft Shared

2008-11-01 19:26:20 ----D---- C:\WINDOWS\system32\FxsTmp

2008-11-01 19:17:55 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-01 11:46:37 ----D---- C:\Program Files\Common Files\AOL

2008-11-01 11:46:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL

2008-11-01 11:45:47 ----D---- C:\Program Files\Common Files\aolshare

2008-10-31 23:45:52 ----D---- C:\Documents and Settings\Stephen\Application Data\OpenOffice.org2

2008-10-31 20:03:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-31 19:59:45 ----D---- C:\WINDOWS\system32\CONFIG

2008-10-31 19:58:25 ----D---- C:\WINDOWS\system32\WBEM

2008-10-31 19:12:40 ----D---- C:\WINDOWS\occache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-01 97928]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-01 26824]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-07-01 5632]

S1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]

S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-27 20747]

S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-01 76040]

S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]

S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]

S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]

S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]

S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]

S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]

S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]

S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]

S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]

S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2004-02-17 70688]

S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]

S3 RT73;Sitecom Wireless Network USB Adapter RT73 Turbo G Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]

S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]

S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]

S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]

S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]

S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]

S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]

S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2007-05-28 30464]

S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2007-05-28 12672]

S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2007-05-28 32000]

S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2005-11-03 23552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-20 419448]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]

S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]

S2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]

S2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]

S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]

S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-04-21 822424]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-11-03 15872]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

*****

* INFO.TXT *

info.txt logfile of random's system information tool 1.04 2008-11-26 17:50:51

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->Dummy

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL

-->RunDll32 C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll,VoilaBarUnInstall

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log

Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

AOL UK (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_uk.exe

AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

ARTEuro-->MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}

a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"

Autopano-SIFT 2.3-->"C:\Program Files\Autopano-SIFT-2.3\uninstall.exe"

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}

Betfair Poker-->MsiExec.exe /I{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}

Betfair Poker-->MsiExec.exe /X{D4A6F05B-D32D-4EA3-B288-05894E803225}

Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Broadcom Management Programs-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A6282FF-B75B-463F-90F5-0A43732F690D} /l1033

BT Openworld Dell Signup-->MsiExec.exe /X{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}

CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Football Manager 2006-->MsiExec.exe /X{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}

Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

GTK+ 2.6.9 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"

Hattrick Coach Professional 2.7.15-->C:\Hattrick Coach Professional\uninst.exe

HijackThis 2.0.2-->"C:\Documents and Settings\Stephen\Desktop\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

IL-2 Sturmovik 1946-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1033

Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"

Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

iPod Updater 2004-08-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033

iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}

Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Ladbrokes Poker-->C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\UNWISE.EXE C:\MICROG~1\Poker\LADBRO~1\LADBRO~1\INSTALL.LOG

Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe

LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSETUP.EXE /REMOVE

LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}

Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9

Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText

Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (1.5.0.4)-->C:\PROGRA~1\MOZILL~2\uninstall\uninstall.exe /ua "1.5.0.4 (en-GB)"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

OpenOffice.org 2.0-->MsiExec.exe /I{08D2F839-A9FD-4F5A-A529-D45FF6E238A3}

OpenVPN 2.0.5-->C:\Program Files\OpenVPN\Uninstall.exe

PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars

PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PTGui 6.0.3 trial-->C:\Program Files\PTGui\Uninstall.exe

QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Sammy Sosa High Heat Baseball 2001-->C:\WINDOWS\IsUninst.exe -f"C:\Sammy Sosa High Heat Baseball 2001\Uninst.isu"

SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly

Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly

SciTE - Scintilla Text Editor 1.63 with Extensions (wbd-1)-->"C:\Program Files\Scintilla Text Editor\unins000.exe"

Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033

Silent Hunter III-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1033

Sitecom Wireless Network USB Adapter Turbo G WL-172-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly

Skype

Link to post
Share on other sites

You are using peer-to-peer programs, specifically BitTorrent.

These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.

If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O20 - AppInit_DLLs: karna.dat

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.2_03

Java

Link to post
Share on other sites

hmm, the peer-to-peer use is news to me. annoying.

i fixed O20 - AppInit_DLLs: karna.dat as you requested and rebooted into safe mode. i ran add/remove programs, and found the following suspect programs (most of them will be safe. i think, but my friend or his brother will have installed them):

- Amazon MP3 Downloader

- AOL UK

- AOL You've Got Pictures Screensaver

- ARTEuro

- a-squared Free 3.5

- Hattrick Coach Professional 2.7.15

- Juniper Networks Host Checker

- Ladbrokes Poker

- Learn2 Player

- PokerStars

- PTGui 6.0.3 Trial

- Sonic DLA

- Super Power 2

- Viewpoint Media Player

i then tried to uninstall the java entries, but it popped up an error saying "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support...". this happened no matter which one i tried to remove. do you have any ideas as to what might cause this?

cheers :D

ps - i'll be back online tomorrow am at about 08:00 GMT

Link to post
Share on other sites

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

About the error you get when trying to uninstall the Java, try this:

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 10.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u10-windows-i586-p.exe and select "Run as an Administrator.")
Link to post
Share on other sites

happy thanksgiving :huh:

i've removed viewpoint, and have dowloaded the java update.

i tried to remove all java entries using add/remove programs before running the new java installer, and still get the same error messages. so, i tried just running the new java installer, which starts up the Windows Installer but then fails with the following error message: "The system administrator has set policies to prevent this installation."

i guess there's an infection which has managed to screw up my Windows Installer, do you have any idea how to fix this?

thanks for your help :huh:

Link to post
Share on other sites

here you go, sorry for the delay, i just moved home so i'm not really set up yet. there was only a log.txt produced this time, no info.txt:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Stephen at 2008-12-05 08:46:17

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 104 GB (69%) free of 150 GB

Total RAM: 1022 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:46:37, on 05/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\Stephen\Desktop\RSIT.exe

C:\Documents and Settings\Stephen\Desktop\Stephen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (STEPHEN02-Stephen).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8B68564D-53FD-4293-B80C-993A9F3988EE} - Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll [2004-02-12 286720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-24 180269]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-12-14 495616]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]

"Norton Ghost 10.0"=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]

"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-01 1234712]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"4oD"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"STManager"=C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe -b []

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe

Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe"="C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module"

"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe"="C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"="C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe"="C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson\ST330\service\st330service.exe"="C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-05 08:46:13 ----A---- C:\HiJackThis.exe

2008-12-05 08:35:53 ----D---- C:\Program Files\trend micro

2008-11-26 17:50:28 ----D---- C:\rsit

2008-11-20 21:46:44 ----D---- C:\Program Files\a-squared Free

2008-11-19 20:01:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-19 19:59:58 ----D---- C:\Documents and Settings\Stephen\Application Data\U3

2008-11-19 19:47:36 ----D---- C:\WINDOWS\pss

2008-11-17 21:40:08 ----A---- C:\WINDOWS\system32\delself.bat

2008-11-12 21:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 21:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 21:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-05 08:44:57 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-05 08:44:33 ----D---- C:\WINDOWS\Temp

2008-12-05 08:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

2008-12-05 08:40:43 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-05 08:39:26 ----D---- C:\WINDOWS\Prefetch

2008-12-05 08:38:45 ----D---- C:\WINDOWS\Internet Logs

2008-12-05 08:38:29 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2008-12-05 08:35:53 ----RD---- C:\Program Files

2008-12-05 08:25:26 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-26 23:00:59 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-21 19:04:50 ----D---- C:\Program Files\Mozilla Firefox

2008-11-21 19:04:05 ----D---- C:\WINDOWS\system32\DRIVERS

2008-11-20 21:40:41 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-20 21:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-19 20:20:27 ----HD---- C:\WINDOWS\INF

2008-11-19 20:16:53 ----RASH---- C:\BOOT.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\WIN.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\SYSTEM.INI

2008-11-19 19:47:36 ----D---- C:\WINDOWS

2008-11-18 19:35:26 ----D---- C:\WINDOWS\network diagnostic

2008-11-18 00:22:17 ----D---- C:\WINDOWS\SYSTEM32

2008-11-18 00:18:39 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2008-11-17 23:38:43 ----HD---- C:\$AVG8.VAULT$

2008-11-16 11:27:01 ----D---- C:\Program Files\PokerStars

2008-11-12 21:34:25 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 21:34:22 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 21:33:04 ----SHD---- C:\WINDOWS\Installer

2008-11-12 21:33:04 ----SHD---- C:\Config.Msi

2008-11-12 21:33:03 ----D---- C:\WINDOWS\WinSxS

2008-11-12 00:00:57 ----D---- C:\Program Files\Enigma Software Group

2008-11-10 21:14:38 ----D---- C:\Program Files\Mozilla Thunderbird

2008-11-06 13:37:35 ----A---- C:\WINDOWS\wuasirvy.dll

2008-11-06 11:47:25 ----A---- C:\WINDOWS\sdfinacs.dll

2008-11-06 11:46:25 ----A---- C:\WINDOWS\sdfixwcs.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-01 97928]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-01 26824]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-07-01 5632]

S1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]

S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-27 20747]

S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-01 76040]

S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]

S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]

S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]

S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]

S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]

S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]

S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]

S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]

S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]

S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2004-02-17 70688]

S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]

S3 RT73;Sitecom Wireless Network USB Adapter RT73 Turbo G Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]

S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]

S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]

S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]

S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]

S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]

S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]

S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2007-05-28 30464]

S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2007-05-28 12672]

S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2007-05-28 32000]

S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2005-11-03 23552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-20 419448]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]

S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]

S2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]

S2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]

S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]

S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-04-21 822424]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-11-03 15872]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Link to post
Share on other sites

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processesexplorer.exe
    :FilesC:\WINDOWS\wuasirvy.dllC:\WINDOWS\sdfinacs.dllC:\WINDOWS\sdfixwcs.dll
    :commands[purity][emptytemp][start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

when i ran otmoveit3, it popped up a couple of warnings about things not being valid windows images, but it seemed to complete. here is the text from the results window:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

LoadLibrary failed for C:\WINDOWS\wuasirvy.dll

C:\WINDOWS\wuasirvy.dll NOT unregistered.

C:\WINDOWS\wuasirvy.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\sdfinacs.dll

C:\WINDOWS\sdfinacs.dll NOT unregistered.

C:\WINDOWS\sdfinacs.dll moved successfully.

LoadLibrary failed for C:\WINDOWS\sdfixwcs.dll

C:\WINDOWS\sdfixwcs.dll NOT unregistered.

C:\WINDOWS\sdfixwcs.dll moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12072008_154101

Link to post
Share on other sites

i ran a 3-month scan as well as a 1-month one, just in case it shows up anything extra. here are the results, 1-month first:

thanks again for all your time and help :angry:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Stephen at 2008-12-08 20:11:08

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 104 GB (70%) free of 150 GB

Total RAM: 1022 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:11:28, on 08/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\Stephen\Desktop\RSIT.exe

C:\Documents and Settings\Stephen\Desktop\Stephen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (STEPHEN02-Stephen).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8B68564D-53FD-4293-B80C-993A9F3988EE} - Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll [2004-02-12 286720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-24 180269]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-12-14 495616]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]

"Norton Ghost 10.0"=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]

"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-01 1234712]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"4oD"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"STManager"=C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe -b []

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe

Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe"="C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module"

"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe"="C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"="C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe"="C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson\ST330\service\st330service.exe"="C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-07 15:44:24 ----D---- C:\_OTMoveIt

2008-12-05 08:46:13 ----A---- C:\HiJackThis.exe

2008-12-05 08:35:53 ----D---- C:\Program Files\trend micro

2008-11-26 17:50:28 ----D---- C:\rsit

2008-11-20 21:46:44 ----D---- C:\Program Files\a-squared Free

2008-11-19 20:01:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-19 19:59:58 ----D---- C:\Documents and Settings\Stephen\Application Data\U3

2008-11-19 19:47:36 ----D---- C:\WINDOWS\pss

2008-11-17 21:40:08 ----A---- C:\WINDOWS\system32\delself.bat

2008-11-12 21:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 21:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 21:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-08 20:10:44 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-08 20:09:38 ----D---- C:\WINDOWS\Temp

2008-12-07 15:41:19 ----D---- C:\WINDOWS

2008-12-05 08:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

2008-12-05 08:40:43 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-05 08:39:26 ----D---- C:\WINDOWS\Prefetch

2008-12-05 08:38:45 ----D---- C:\WINDOWS\Internet Logs

2008-12-05 08:38:29 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2008-12-05 08:35:53 ----RD---- C:\Program Files

2008-12-05 08:25:26 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-26 23:00:59 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-21 19:04:50 ----D---- C:\Program Files\Mozilla Firefox

2008-11-21 19:04:05 ----D---- C:\WINDOWS\system32\DRIVERS

2008-11-20 21:40:41 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-20 21:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-19 20:20:27 ----HD---- C:\WINDOWS\INF

2008-11-19 20:16:53 ----RASH---- C:\BOOT.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\WIN.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\SYSTEM.INI

2008-11-18 19:35:26 ----D---- C:\WINDOWS\network diagnostic

2008-11-18 00:22:17 ----D---- C:\WINDOWS\SYSTEM32

2008-11-18 00:18:39 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2008-11-17 23:38:43 ----HD---- C:\$AVG8.VAULT$

2008-11-16 11:27:01 ----D---- C:\Program Files\PokerStars

2008-11-12 21:34:25 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 21:34:22 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 21:33:04 ----SHD---- C:\WINDOWS\Installer

2008-11-12 21:33:04 ----SHD---- C:\Config.Msi

2008-11-12 21:33:03 ----D---- C:\WINDOWS\WinSxS

2008-11-12 00:00:57 ----D---- C:\Program Files\Enigma Software Group

2008-11-10 21:14:38 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-01 97928]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-01 26824]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-07-01 5632]

S1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]

S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-27 20747]

S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-01 76040]

S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]

S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]

S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]

S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]

S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]

S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]

S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]

S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]

S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]

S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2004-02-17 70688]

S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]

S3 RT73;Sitecom Wireless Network USB Adapter RT73 Turbo G Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]

S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]

S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]

S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]

S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]

S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]

S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]

S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2007-05-28 30464]

S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2007-05-28 12672]

S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2007-05-28 32000]

S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2005-11-03 23552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-20 419448]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]

S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]

S2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]

S2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]

S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]

S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-04-21 822424]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-11-03 15872]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)

Run by Stephen at 2008-12-08 20:11:55

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 104 GB (70%) free of 150 GB

Total RAM: 1022 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:05, on 08/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Documents and Settings\Stephen\Desktop\RSIT.exe

C:\Documents and Settings\Stephen\Desktop\Stephen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/vso9/d...mp;dtag=7rh2n1j

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [sTManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.smith.williamson.co.uk/dana-...perSetupSP1.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--

End of file - 9415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (STEPHEN02-Stephen).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8B68564D-53FD-4293-B80C-993A9F3988EE} - Wanadoo - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll [2004-02-12 286720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]

"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-24 180269]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-12-14 495616]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-04-01 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-01 5562368]

"Norton Ghost 10.0"=C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-09-09 1537648]

"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]

"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-12-13 58992]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-01 1234712]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"4oD"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"STManager"=C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe -b []

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe

Sitecom Wireless Utility.lnk - C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe"="C:\Program Files\Neoteris\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:dsTermServ Module"

"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe"="C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"="C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe"="C:\Documents and Settings\Girlie\Local Settings\Temp\Installer.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Thomson\ST330\service\st330service.exe"="C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2008-12-07 15:44:24 ----D---- C:\_OTMoveIt

2008-12-05 08:46:13 ----A---- C:\HiJackThis.exe

2008-12-05 08:35:53 ----D---- C:\Program Files\trend micro

2008-11-26 17:50:28 ----D---- C:\rsit

2008-11-20 21:46:44 ----D---- C:\Program Files\a-squared Free

2008-11-19 20:01:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-19 19:59:58 ----D---- C:\Documents and Settings\Stephen\Application Data\U3

2008-11-19 19:47:36 ----D---- C:\WINDOWS\pss

2008-11-17 21:40:08 ----A---- C:\WINDOWS\system32\delself.bat

2008-11-12 21:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 21:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 21:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-05 18:53:00 ----D---- C:\Program Files\Enigma Software Group

2008-11-01 20:54:48 ----HD---- C:\$AVG8.VAULT$

2008-11-01 19:34:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2008-11-01 19:34:34 ----D---- C:\Program Files\AVG

2008-11-01 19:34:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2008-10-31 23:46:52 ----D---- C:\Documents and Settings\Stephen\Application Data\Malwarebytes

2008-10-31 23:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-31 19:50:04 ----A---- C:\WINDOWS\ntbtlog.txt

2008-10-31 19:14:33 ----D---- C:\WINDOWS\Registration

2008-10-29 16:36:24 ----D---- C:\Program Files\UnPacker

2008-10-24 12:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-18 16:15:53 ----A---- C:\WINDOWS\rasqervy.dll

2008-10-14 20:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-14 20:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-14 20:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-14 20:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-14 20:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-11 13:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-10-08 20:58:49 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

2008-10-08 20:52:08 ----D---- C:\WINDOWS\Prefetch

2008-10-08 20:31:51 ----D---- C:\WINDOWS\system32\scripting

2008-10-08 20:31:50 ----D---- C:\WINDOWS\l2schemas

2008-10-08 20:31:49 ----D---- C:\WINDOWS\system32\en

2008-10-08 20:31:48 ----D---- C:\WINDOWS\system32\bits

2008-10-08 20:27:12 ----D---- C:\WINDOWS\ServicePackFiles

2008-10-08 20:17:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-10-08 20:17:55 ----D---- C:\WINDOWS\EHome

2008-10-06 21:15:21 ----N---- C:\WINDOWS\system32\wlanapi.dll

2008-10-06 21:15:10 ----N---- C:\WINDOWS\system32\tspkg.dll

2008-10-06 21:15:03 ----N---- C:\WINDOWS\system32\spupdwxp.exe

2008-10-06 21:15:02 ----A---- C:\WINDOWS\system32\spdwnwxp.exe

2008-10-06 21:15:01 ----N---- C:\WINDOWS\system32\slserv.exe

2008-10-06 21:15:01 ----N---- C:\WINDOWS\system32\slrundll.exe

2008-10-06 21:15:01 ----N---- C:\WINDOWS\system32\slgen.dll

2008-10-06 21:15:01 ----N---- C:\WINDOWS\system32\slextspk.dll

2008-10-06 21:15:01 ----N---- C:\WINDOWS\system32\slcoinst.dll

2008-10-06 21:15:01 ----N---- C:\WINDOWS\slrundll.exe

2008-10-06 21:14:57 ----N---- C:\WINDOWS\system32\setupn.exe

2008-10-06 21:14:55 ----N---- C:\WINDOWS\system32\s3gnb.dll

2008-10-06 21:14:50 ----N---- C:\WINDOWS\system32\rasqec.dll

2008-10-06 21:14:50 ----N---- C:\WINDOWS\system32\qutil.dll

2008-10-06 21:14:49 ----N---- C:\WINDOWS\system32\qcliprov.dll

2008-10-06 21:14:49 ----N---- C:\WINDOWS\system32\qagentrt.dll

2008-10-06 21:14:49 ----N---- C:\WINDOWS\system32\qagent.dll

2008-10-06 21:14:44 ----N---- C:\WINDOWS\system32\onex.dll

2008-10-06 21:14:35 ----N---- C:\WINDOWS\system32\napstat.exe

2008-10-06 21:14:35 ----N---- C:\WINDOWS\system32\napmontr.dll

2008-10-06 21:14:35 ----N---- C:\WINDOWS\system32\napipsec.dll

2008-10-06 21:14:33 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2008-10-06 21:14:30 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2008-10-06 21:14:30 ----N---- C:\WINDOWS\system32\mssha.dll

2008-10-06 21:14:17 ----N---- C:\WINDOWS\system32\mmcperf.exe

2008-10-06 21:14:17 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2008-10-06 21:14:17 ----N---- C:\WINDOWS\system32\mmcex.dll

2008-10-06 21:14:17 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-10-06 21:14:15 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2008-10-06 21:14:05 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2008-10-06 21:14:03 ----N---- C:\WINDOWS\system32\kmsvc.dll

2008-10-06 21:14:02 ----N---- C:\WINDOWS\system32\kbdpash.dll

2008-10-06 21:14:02 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2008-10-06 21:14:02 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2008-10-06 21:14:02 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2008-10-06 21:13:51 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2008-10-06 21:13:46 ----N---- C:\WINDOWS\system32\faxpatch.exe

2008-10-06 21:13:46 ----A---- C:\WINDOWS\003011_.tmp

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eapsvc.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eapqec.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eappprxy.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eapphost.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eappgnui.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eappcfg.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2008-10-06 21:13:43 ----N---- C:\WINDOWS\system32\eapolqec.dll

2008-10-06 21:13:40 ----N---- C:\WINDOWS\system32\dot3ui.dll

2008-10-06 21:13:40 ----N---- C:\WINDOWS\system32\dot3svc.dll

2008-10-06 21:13:40 ----N---- C:\WINDOWS\system32\dot3msm.dll

2008-10-06 21:13:40 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2008-10-06 21:13:40 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2008-10-06 21:13:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2008-10-06 21:13:39 ----N---- C:\WINDOWS\system32\dot3api.dll

2008-10-06 21:13:37 ----N---- C:\WINDOWS\system32\dimsroam.dll

2008-10-06 21:13:37 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2008-10-06 21:13:37 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2008-10-06 21:13:33 ----N---- C:\WINDOWS\system32\credssp.dll

2008-10-06 21:13:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2008-10-06 21:13:27 ----N---- C:\WINDOWS\system32\azroles.dll

2008-10-06 21:13:25 ----N---- C:\WINDOWS\system32\ativvaxx.dll

2008-10-06 21:13:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2008-10-06 21:13:24 ----N---- C:\WINDOWS\system32\ati3duag.dll

2008-10-06 21:13:24 ----N---- C:\WINDOWS\system32\ati3d1ag.dll

2008-10-06 21:13:24 ----N---- C:\WINDOWS\system32\ati2dvag.dll

2008-10-06 21:13:24 ----N---- C:\WINDOWS\system32\ati2dvaa.dll

2008-10-06 21:13:24 ----N---- C:\WINDOWS\system32\ati2cqag.dll

2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

2008-09-14 12:38:36 ----SHD---- C:\WINDOWS\ftpcache

2008-09-10 22:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-09-10 22:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 3 months======

2008-12-08 20:09:38 ----D---- C:\WINDOWS\Temp

2008-12-07 15:41:19 ----D---- C:\WINDOWS

2008-12-05 08:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki

2008-12-05 08:40:43 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-05 08:38:45 ----D---- C:\WINDOWS\Internet Logs

2008-12-05 08:38:29 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt

2008-12-05 08:35:53 ----RD---- C:\Program Files

2008-12-05 08:25:26 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-26 23:00:59 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-21 19:04:50 ----D---- C:\Program Files\Mozilla Firefox

2008-11-21 19:04:05 ----D---- C:\WINDOWS\system32\DRIVERS

2008-11-20 21:40:41 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-20 21:40:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-19 20:20:27 ----HD---- C:\WINDOWS\INF

2008-11-19 20:16:53 ----RASH---- C:\BOOT.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\WIN.INI

2008-11-19 20:16:53 ----A---- C:\WINDOWS\SYSTEM.INI

2008-11-18 19:35:26 ----D---- C:\WINDOWS\network diagnostic

2008-11-18 00:22:17 ----D---- C:\WINDOWS\SYSTEM32

2008-11-18 00:18:39 ----RSHD---- C:\WINDOWS\system32\DLLCACHE

2008-11-16 11:27:01 ----D---- C:\Program Files\PokerStars

2008-11-12 21:34:25 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 21:34:22 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 21:33:04 ----SHD---- C:\WINDOWS\Installer

2008-11-12 21:33:04 ----SHD---- C:\Config.Msi

2008-11-12 21:33:03 ----D---- C:\WINDOWS\WinSxS

2008-11-10 21:14:38 ----D---- C:\Program Files\Mozilla Thunderbird

2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-01 19:33:44 ----SD---- C:\Documents and Settings\Stephen\Application Data\Microsoft

2008-11-01 19:29:31 ----D---- C:\Program Files\Common Files\Microsoft Shared

2008-11-01 19:26:20 ----D---- C:\WINDOWS\system32\FxsTmp

2008-11-01 11:46:37 ----D---- C:\Program Files\Common Files\AOL

2008-11-01 11:46:06 ----D---- C:\Documents and Settings\All Users\Application Data\AOL

2008-11-01 11:45:47 ----D---- C:\Program Files\Common Files\aolshare

2008-10-31 23:45:52 ----D---- C:\Documents and Settings\Stephen\Application Data\OpenOffice.org2

2008-10-31 20:03:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-31 19:59:45 ----D---- C:\WINDOWS\system32\CONFIG

2008-10-31 19:58:25 ----D---- C:\WINDOWS\system32\WBEM

2008-10-31 19:12:40 ----D---- C:\WINDOWS\occache

2008-10-18 23:13:17 ----D---- C:\Program Files\ladbrokesMPP

2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-14 20:25:55 ----D---- C:\Program Files\Internet Explorer

2008-10-14 20:25:44 ----D---- C:\WINDOWS\ie7updates

2008-10-08 20:53:28 ----A---- C:\WINDOWS\setuplog.txt

2008-10-08 20:51:26 ----D---- C:\WINDOWS\system32\Setup

2008-10-08 20:51:26 ----D---- C:\WINDOWS\AppPatch

2008-10-08 20:51:26 ----D---- C:\Program Files\Messenger

2008-10-08 20:51:20 ----RSD---- C:\WINDOWS\Fonts

2008-10-08 20:42:09 ----D---- C:\WINDOWS\SECURITY

2008-10-08 20:39:42 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-08 20:32:21 ----D---- C:\WINDOWS\IME

2008-10-08 20:32:20 ----D---- C:\WINDOWS\Help

2008-10-08 20:31:54 ----D---- C:\WINDOWS\system32\USMT

2008-10-08 20:31:54 ----D---- C:\WINDOWS\system32\en-US

2008-10-08 20:31:48 ----D---- C:\WINDOWS\PeerNet

2008-10-08 20:31:47 ----D---- C:\Program Files\Movie Maker

2008-10-08 20:27:03 ----D---- C:\WINDOWS\system32\Restore

2008-10-08 20:27:03 ----D---- C:\WINDOWS\system32\NPP

2008-10-08 20:27:00 ----D---- C:\WINDOWS\MSAGENT

2008-10-08 20:26:58 ----D---- C:\WINDOWS\SRCHASST

2008-10-08 20:26:56 ----D---- C:\Program Files\NetMeeting

2008-10-08 20:26:54 ----D---- C:\WINDOWS\system32\Com

2008-10-08 20:26:49 ----D---- C:\Program Files\Windows NT

2008-10-08 20:26:49 ----D---- C:\Program Files\Windows Media Player

2008-10-08 20:26:48 ----D---- C:\Program Files\Outlook Express

2008-10-08 20:26:44 ----D---- C:\Program Files\Common Files\System

2008-10-08 20:26:21 ----D---- C:\WINDOWS\system32\OOBE

2008-10-08 20:26:18 ----D---- C:\WINDOWS\SYSTEM

2008-10-08 20:22:13 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-10-06 19:40:49 ----D---- C:\WINDOWS\Debug

2008-10-03 17:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

2008-09-10 01:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]

R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-01 97928]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-01 26824]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]

S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]

S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-07-01 5632]

S1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-09-09 56192]

S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]

S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-27 20747]

S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-01 76040]

S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]

S2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]

S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]

S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]

S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]

S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]

S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]

S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]

S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]

S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2004-02-17 70688]

S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]

S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]

S3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]

S3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]

S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]

S3 RT73;Sitecom Wireless Network USB Adapter RT73 Turbo G Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]

S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]

S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]

S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]

S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]

S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]

S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]

S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2007-05-28 30464]

S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2007-05-28 12672]

S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2007-05-28 32000]

S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2005-11-03 23552]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-20 419448]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-12-13 198256]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-12-13 165488]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-09-09 53248]

S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]

S2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]

S2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]

S2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-09-09 2066024]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]

S2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-04-21 822424]

S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe [2008-07-09 75304]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-12-13 79472]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2005-11-03 15872]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Link to post
Share on other sites

Your welcome. How is your computer running?

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processesexplorer.exe
    :FilesC:\WINDOWS\system32\delself.batC:\WINDOWS\003011_.tmp
    :commands[purity][emptytemp][start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

--------------------------------------------------

Launch Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

--------------------------------------------------

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

--------------------------------------------------

Logs to post in a reply:

  • OTMoveIt3 Log
  • Malwarebytes Log
  • Kaspersky Log
Link to post
Share on other sites

ok, that may have been a false dawn. it let me log in, and even connected to the internet, but firefox and ie could both only access certain websites. both browsers displayed errors when i tried to access the avg, malwarebytes and zone alarm sites, even with zone alarm shut down, but allowed access to google and the bbc.

i ran otmoveit3 and it told me to reboot, but the machine hung when rebooting. i restarted and tried to log in normally, but it wouldn't let me again, so i had to reboot into safe mode. the log is included below. i'm going to try to run malwarebytes now, i'll let you know how i get on.

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\delself.bat moved successfully.

C:\WINDOWS\003011_.tmp moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Stephen\LOCALS~1\Temp\Perflib_Perfdata_b9c.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12092008_214023

Link to post
Share on other sites

i logged in normally as a different user and have had more success. here is a new otmoveit3 log that was opened as i logged in:

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\delself.bat moved successfully.

C:\WINDOWS\003011_.tmp moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Stephen\LOCALS~1\Temp\Perflib_Perfdata_b9c.dat scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 12092008_214023

Files moved on Reboot...

File C:\DOCUME~1\Stephen\LOCALS~1\Temp\Perflib_Perfdata_b9c.dat not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_110.dat not found!

File C:\WINDOWS\temp\Perflib_Perfdata_718.dat not found!

it is also letting me uninstall java, so i will sort that, reinstall malwarebytes and hopefully get somewhere.

Link to post
Share on other sites

still screwed, sorry.

i managed to uninstall java as you originally requested, and i re-installed that fine.

i tried to re-install malwarebytes, as my flatmate uninstalled it when it first stopped working, but it fails. when i try to run mbam-setup.exe, it never gains focus (it appears on the task manager, but gets locked at using 2048KB of RAM). i tried renaming it, and it ran until popping up this error (during registration i think):

mbamext.dll

unable to register the dll/ocx: RegSvr32 failed with exit code 0x1

next, i tried to run the online antivirus scan you suggested, but i get the same browser errors as before: google is fine, but when i try to access any antivirus/antimalware site i get a "failed to connect" error saying that "though the site seems valid, the browser was unable to establish a connection". ugth.

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

here's the log. it couldn't download the recovery console unfortunately, even though the internet connection was working, which was weird. i dunno if that's just cos the machine had a poor wireless connection at the time. it rebooted once to get rid of a rootkit.

ComboFix 08-12-12.03 - Jenny 2008-12-13 12:54:14.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.570 [GMT 0:00]

Running from: c:\documents and settings\Jenny\Desktop\SchmComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\rasqervy.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))

.

2008-12-09 22:52 . 2008-12-09 22:52 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll

2008-12-09 22:52 . 2008-12-09 22:52 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl

2008-12-09 22:25 . 2008-12-09 22:25 0 --a------ c:\windows\SYSTEM32\REN3A.tmp

2008-12-09 22:25 . 2008-12-09 22:25 0 --a------ c:\windows\SYSTEM32\REN39.tmp

2008-12-07 15:44 . 2008-12-07 15:44 <DIR> d-------- C:\_OTMoveIt

2008-12-05 08:46 . 2008-11-18 11:57 401,720 --a------ C:\HiJackThis.exe

2008-12-05 08:35 . 2008-12-05 08:35 <DIR> d-------- c:\program files\trend micro

2008-11-26 17:50 . 2008-11-26 17:50 <DIR> d-------- C:\rsit

2008-11-20 21:46 . 2008-12-09 22:02 <DIR> d-------- c:\program files\a-squared Free

2008-11-19 20:01 . 2008-11-20 21:39 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-19 19:59 . 2008-11-19 20:00 <DIR> d-------- c:\documents and settings\Stephen\Application Data\U3

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-13 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki

2008-12-13 12:39 --------- d-----w c:\documents and settings\Jenny\Application Data\OpenOffice.org2

2008-12-09 22:52 --------- d-----w c:\program files\Java

2008-12-09 22:04 --------- d-----w c:\program files\PokerStars

2008-11-21 07:54 --------- d-----w c:\documents and settings\Girlie\Application Data\OpenOffice.org2

2008-11-20 21:40 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-20 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-19 22:09 --------- d-----w c:\documents and settings\Girlie\Application Data\U3

2008-11-17 21:40 212,924 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-11-17 21:40 18,077,728 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-11-15 11:05 --------- d-----w c:\documents and settings\Girlie\Application Data\Microgaming

2008-11-12 00:00 --------- d-----w c:\program files\Enigma Software Group

2008-11-10 21:14 --------- d-----w c:\program files\Mozilla Thunderbird

2008-11-01 19:34 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-11-01 19:34 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys

2008-11-01 19:34 10,520 ----a-w c:\windows\SYSTEM32\avgrsstx.dll

2008-11-01 19:34 --------- d-----w c:\program files\AVG

2008-11-01 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-11-01 15:44 --------- d-----w c:\documents and settings\Girlie\Application Data\Malwarebytes

2008-11-01 11:46 --------- d-----w c:\program files\Common Files\AOL

2008-11-01 11:46 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2008-11-01 11:45 --------- d-----w c:\program files\Common Files\aolshare

2008-10-31 23:46 --------- d-----w c:\documents and settings\Stephen\Application Data\Malwarebytes

2008-10-31 23:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-10-31 23:45 --------- d-----w c:\documents and settings\Stephen\Application Data\OpenOffice.org2

2008-10-29 16:40 --------- d-----w c:\program files\UnPacker

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-18 23:13 --------- d-----w c:\program files\ladbrokesMPP

2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-10-05 14:48 105,858 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_10_05_15_48_16_small.dmp.zip

2008-10-03 17:41 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

2008-09-30 16:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys

2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys

2008-03-03 20:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2007-01-02 12:08 32 ----a-r c:\documents and settings\All Users\hash.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]

@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]

@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]

@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]

@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]

@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]

@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]

@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]

2006-01-15 11:40 450560 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-24 180269]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 495616]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]

"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-09-09 1537648]

"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]

"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-01 1234712]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

"nwiz"="nwiz.exe" [2005-04-01 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Girlie\Start Menu\Programs\Startup\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Hazel\Start Menu\Programs\Startup\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\Jenny\Start Menu\Programs\Startup\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-05-12 156784]

Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE [2007-10-27 913408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave1"= c_562475.nls

"aux2"= c_562475.nls

"mixer1"= c_562475.nls

"midi1"= c_562475.nls

"aux1"= c_562475.nls

"wave2"= c_562475.nls

"mixer2"= c_562475.nls

"midi2"= c_562475.nls

"68562506"= 35463432353338332d453345312d343930362d394336432d433332434537453846444139

"68562495"= dd827126a68cde3b4bd38b0f5cd3366f399c0d7046167ac62df9d072093901d0d7de7d5764af0183

18603b880e46ca36b384f799dcb6cb7f678fcd83534870d3ddc6a4c7055f2b972d280de218127c21

d

f6e60d6500fa18baa9d32d2121ed6429a6dc6a7cb45f33d52f71cb84e81ce6d09550f31763a08812

9

e3f26f69c65118a1cc4a2cdf14b328d947d84ebc26954e1398e65ab3072eab88ddb6ab7e0f2652f7

b

55eafd1a9ae2fb9a7d518a9a4c6f10410eccd8706716745a63f21c1e95a166d8f85b140e82704ef3

1

584b0cff1b815464e705e3fabed49f674bdf805ad0f5bf3be8ab374aae9507715918332e263d29d6

9

ef0921c1a4226187d34954f7bfcc7349b945e60b5dd093205f4d8b81b83079111438a6a12a4be4b3

9

60c4d90662fbad717a060de1b842dfa576202bb8bdb22c7fe113d1748ae46308dc3f6899577b5ffe

d

b89411726835f1f626ac2cd49252a0eb0b23478af5636da27f5fae3c65bd065c24e908597ebef421

0

ea135a3e919377648a77027e8867834628a6bafed2ea02959388561a3616f2a91aa036a7e4f1068a

e

b34203031f800

"68562525"= a6b24e8d4b6153575c2998432955211c040ab1a4625db1efb82c0e9420193aee5873663264de969e

4c8d859e575ca2df6fa5dd6176ee33bbe74dfca89b3ebcd4039a09143386d89fca1180ffa2315485

c

bf8a5814d810159ca172fa9e445a80ee3027df21841f6ed1bdb5f98b11beca452f38dfcf246d4784

9

db8c140eb085a78573f2dfa1e7cd909cb71a12baf914b0fd696e58497a6722d0978633815ac0703f

e

a22e4cb306c6a1ffc3422afc7b51b2114c16f59b630d78a872b284c9cbe313ad9c00000318f7f0f4

8

3dacdc88ec96315a8dd5f812df4387ae8047acfcef3bc77ecf0ae14981161533c09701b016f27aed

1

3c979435f1ca6f7654288c6cbae9eff3f3e49d0c2276965675576a03d30409d9587dcb65cc9bb6c2

1

d0e78cdd42fa1ccf54c70f6c9b950043ea692c5e335492eaaab10a9462be1a0a5996784f7c8d2cd3

0

aeefc4cb06931c37e60026570108d12870dec658346ad02321695e84f955f0e47d4400ddd625a249

6

ac55dbc36fb9a5a4043a219ee0209b7b3702557d4b60445ef85b410a0f85c2ab6c1b16e1ff277c6a

2

4c43b41818557c681723314f58de24f69a61c1aaeb1de248199a2778c4c74901cbabb5b66622dd50

4

b807b786abeb20f442cdfd83cea002b9398c72b87a2de2fd5326e6b8d69a43d4269490de9e27360d

9

aa65d6b84cf8e3d42b83fc70a6f0ce1c7e9d77663c211200a103a12a264c7a07766872bbc20e4dd7

1

38d662d4f60c2323757a11e166b2b5cd7d57b66468b257530adc4d1d17ae6b5257aaee5d252f8a41

c

4bac4f10931f77a29e24a7e6ff4c0044a0d61474bb5bd0b537503ad939d37b02bef08ed6fb8f6edf

3

d0437a0b9911a9ddc1f15b63fdca29833325c3787ff3d4f85630b57f7fc32b324876ea9a1d22cbb6

e

69ae26ce707eb8c54f5cbb8190da371dedc8a8bf2628fc27f98a8fd0f52ecc1d77aecc7e4385edd6

1

5023702341cc335fb96b646607a556c0fb7f396a9971a31c90e56535d53ffed8649f50b4a1311ac6

c

5b2d95d3a21fb0d6f863b8b98c300e301172bce00861c48c7090b3666a3b94365c42d24f46c6050e

d

f18ce8e8fb27f4db64acc9619f57ee81de48c9afd238963735e84f543b89ad6bf505c4e8e188ac2c

e

6f0daa32850aefda3988554a661cef3639e7ee6cc56e7215f93abfff72f74d63ef66c0506443b74d

2

36110761038530e402ee8021bed69e4e5cd5e887a1bd6fa974b631886f826202cd77c8ebeb801c5b

5

906fb1e941c8f7a96e70ed0340f036419c92c1ff9780470090728b5969ad7ff332c95da8ef48c863

2

12e648d3ae19548358a996fb6fb258e1c09ccefbce20c6b3fd59ea86db3acbd8f59dffa316aa2574

9

77f7211797f76aae98cb8029bfe51ca12c88c09ceda9bf3b81308c781c898b2bbd99dc2a74823185

1

63f4e42766cd70c1e681bc78371a3058e37146849cb801218845e0ae4d617587b039ed29548b4147

e

e0cce870cf9c5d6b80b12f5cd6823f3ec27161046b08bfe6e0497e77e4cd7510489f02c9676b1ca6

c

69c1cb76ed21675a49e746e08d53fdad3ae726f9e023047f95855e7541767e3088f5faaf1a944484

f

97cf0a8b14e11d45621c1ee59eb9c0d7abea3196b62a705dfb7696efb8d5ab12134ee48379b6f534

6

1441a3c0756b5db3a93316807fd4a474eb514281c7387d744fac3849a6d387b356ecdab73afa098a

e

ccb1d76191f38b5914299f3cea71b40260bb5ce49571d0dc7ad26533fadeb81bf9347f930df6e387

1

d4e54145068daa0851762601c4fb5176622a93279f55d13ad4cdd3677e113d59e2f84e0f831b083d

f

cb81529b19488f42c8faebcc3baa0539c7b7de0940a4d45299fe7ef9f081bf6284a24093450ded44

3

b977231bf462999c4b00889d8acfd2005137972a9f836060515032f4d3e6e077d4209a9c4393d7b7

d

7eecdf7aac285eca9b355bfc83408dcfd6dfe31b0a21ac09fae88a3656400fbb5207652780b0ca38

c

1d95cb8f0bd5827d3af0f0881a7f6972e3cfdbe59db8a95aeb5524c91157d9da67b5a246d937796e

3

096e5db6dc010ae5043013982684649b846973e582e66c76435377286a8a0316b56e14058149552d

c

0b80745e5cf6fcb6a9554449f34b86c38e97298927fc2236f68475ea50083d6826010c3df0342a8f

7

acaa1ea097756955887652888b4fbf5ceb8e1907c0f7b3f368bbe64ff29266eca3e60dbd6c4f2d9e

9

f01fad245ac7fe51e057d06c766f85af445fa31a0a5c0d97f9fb5dd1d0f000237aee2e2f789b9229

1

4eb627e91d244bfc68e1e8ca53562a0bf3975226cac913ba288e27fc4a23512e522e86921a805b9f

8

297e275b8054aa44f5c93bee385188015ed39a590a70fd4fb9e45ff8accc72584840d2d52ac2af12

9

db540a99b3e19e6f152125a83f832c723e6e3b7d474e99061e2908f63b415bc492e0cd847051561a

f

d168044441713ccbc6a1cf4ef4942505e7aaf688935ff917f794a41df563e9265141ba8e6b04c985

1

3f4fa5a6ac692c70ebeac476fb879c426585bbbf46eee7226b172a56d7bb37bc9c7ceec4e0548db8

e

5a872a24b326fbbe1b00011d812b1b5256e3028cd1128aabd67d928628c8bc1be66ea96aca4c8528

d

49648aa092e1a1155187d94fc89e7b2c1b032468eee6ee2f13e8487c6ace4ce3bb0f74479a5013b5

7

9f2c2ad9d91f52695a79fc0a915d0b3666a9592676b3e9b2c3038c9720a9a2152720cc8ad0b960d0

3

4d5530151eab56b4b347704583617d9692bca154d0fa16d33824105fbd703f177c69abc5b69ac237

4

9ce9ed680a4f908c612a16b90b4bd7dd3a8b511ba2725c46c6c848d8db58230f974376ddbc5bab72

0

ab56f04f6fe13d14c4c4286fc8ad660e9e2d09cb26e6f53aa001212e26fde6cea7fe97655fc7f9a0

a

f26e33dc253001b81626af1638ae59badb52a2f091c31fb82c86b6558d27788617f5a550c04e02a1

3

fad3a25f5a3a2fd3f1794f9580d915054ea7e0d077a5563b187ebb044e9e61811cd291a71022ddaa

8

89e064b53418abbcf91f26dde26d928e791487bf78026f1c79fe5c9f4c5d0bd8ae9ca33d81c3f24f

4

1def927ef795a0bcf321dd8eab0e6cf9730c6549b65f53910cff3abc25043a81c3c97d930e366165

a

742f5ed1aef18403dd7cb4d60c93518c3a2b02dca285ff90f7c755d1593dd0440a7c18f1f25fe6d0

6

b941a41162d2cbab9aab8b1daec449a5731afc484efd3728d06cb916db97c07f9fe7beaefc761a0e

a

1972b993178f6e41de251abfb3b1683cad2e1d76114eb008f28bd64db57726fc9bd454d543846255

1

7f6a66f61d050e1c884dfed2b1bf39b3fc9964b25b748c5ef4fdc17d4c2aa27f6b08e66967ff49c1

c

e6b9f75936fb566027e353478ae07557cae73a7ba8ca2834c4d20755628aa1b10154353de9361067

b

049d6e8018f3c92ff0f78af0b57609d888502721249e6f0cf4392132b0d6991af9ea01e8557511b3

b

48be13bd2e4b42a70eda295057e7963b478bb17a385fae9d904628544c4f12950a4dc5e67c98df47

7

76387582507b2980122427835363107541cf649c0b6a736fc22119df12e65a4e937904b2cea5ecf6

9

28709f0d5f4e0e804b0805fc47d0137b780e6f9e0a89221bf14cf8e2bbb3bf373a0b782538345a99

9

40a2906bde2efa403e9151ca58e30a97c7c212a21f4e9c0cc44bc02e09a1f6ea5ec8ae6b1275fb63

e

b473c017c2fcc94fd57b2e36a523614e3baa1bdf0e4ed7a657aa9e111e9e52dff3ce422110d38ef5

3

6f88a416617560ac9e0ad3709acec0d27b5ee483aee23f85dccb1bc4b556caff45928818fd71b343

c

d746c9e58828f541c54dd7e3ffd95ed1d5fb4f630bf22cf516123f17b5258e1a18be17d0d5ceca66

2

d1c8e86e05361e648ef78166a8bd3fd2e89596a799b54f5f3bd7ddb65a60c321e608e375bceaa453

0

a8b18f654b78affc3d12f8bc88a941524e6f75518ad6cb8233fcfafb40b8d87e0b23ddff07f95b10

8

5c39fa613d52c29100f96125b39771c1b16f0b227b3e2cd4606ceb0f61621620c1360bf4ca5587b7

8

a9e88c6f215cee2b83a496e0ae188b39d614d4202537ae62020fa75979d9a78ed98f607da74eab65

f

c8a083d661e61925c90f2f1503662252f3a1a1e4395cf5d42ca3a0abd8133cc1bb78fb2c58595a5d

0

306cbc6314edc0be00ce10cd3efe1b5eb9bae8827e23ca8b5ab5d4baffa07e7cac8a2a5df43ae81b

d

e2a911963eee1eccc5cfe26370e6b701ad1d6039c424f4434b799a6fb287bb937afe480a9a92564f

a

dd7c3a3b210c620e454a3705ea44dc5682398c380aeb753d660405a7e6fa8422142ae76a69e43fe0

7

a7f1ba4ee514d11023174e34ddd8a72936a8298dc21f492af77f25a4c88b92b6aba6a8f28f386dde

e

12623012fcff969c3f65a32dfb96f8b1285283f68017c2102a37b2b744ad70ecb7957967053c8b02

1

5f1bcc32d9b5d2c4e147d8e0d72402f0a9f6716c0d3f0bbcb6bd8d650f2c692456cbffd20169d246

d

3be4c2c0a841a85c735472b1cc5050e772b5e2b56faf1a2f12bb57e513a1eaa62b7e60f58627cf98

d

83beb6fe8d661a122b8c121fa28c8c7dd8bbd32fd787f4695bbafc290f94f344c1515b0392e2b968

0

034995e4d058785d44637b120bd07da9cb6087564d2978203af408d19a717756a65b51f188555b1a

d

aaf751f8f3f2dd9ebb508c0d1c202e20cf114ac3797bf1b1f0f96ad262c8af2d323c7f0b50d76b58

b

4d9a2c73f4240a449d8d8e3ad11e1716ffb21fe6963d3e8a3f96cd2db3c9c56ece885dab61c5065a

f

9101e96047b90e748870623e08ed16e93f294f1f95b95aa08d4af3d0cf1ed8977f570d3969a6b058

6

d0386b0c3d0c28e1a11fb352eb83899cd30dde4a56cd7ed18f0d82b83a27c44ad21dca390783ee88

2

61c54ff62c511f0f1b8e5479787e9856da1e04559d7006b57ec83bd04b6bfa4c2140b95823aaf962

2

f237f7de962956c90fdfbc4777c3f1dbd9abc1a1ee4f5f98767e24c0317ab2508b5724d7dd7d9496

e

0c2a79b1e8f06eced56847d25a3c4eb933928e2200bf6764cace007bd0cb18a009f217d1b3c14bbd

9

72578a6ea446d232f925c6848e5054f01aa60a99ceaa272f8a0478c2ad3d779ad976b75fa38999f4

7

b5523a9109da45ed616e56fe3f72dcbd2efc9123d6a61bdcd234793b12c6302a16e878b10ce5c61f

b

ba206b8f4e09f391e6c078abb40951191a3e1167f702714c7a47f5f2c6da15f7f3c121e8b8399e2d

f

0486f8f7a1aa625da7b6defb08c54e50919ac5cb59ec17a3a5425dff479019d13e3d2614754e8930

6

623699445a6b19868a630f82048d2d17986656702826c6d21f14d94147bbacd525119c4178cfac87

d

e9049317975ee2a1e75ab5ace39815b87787a038949c34be07058d397dd20a5a79d1860bac54777c

3

6cc75c32e52ff74a46fb816d6790be65c952cf34da568c27ddc50e074bd8257ad3b84f3034266fa9

d

6a452a2156479ed28a9338b251de22b6322e8c718486d7c4260e0d873c67c40da3f9bd4b7b8714ee

8

7fdbd123e0180fed57b43a7d63cd3d9b7fd637ee49766c4deebde6350ec00e4797c088c429430d9b

2

d37367b36b27b495fd15bb141ab5c4cdbaafa31efd1b14751bf8463e7b1d402ab89a040a798f5f7e

d

802e27fc0d7cd585d6920f235ef794fe34bcf8fb51eb3c1d5875941be46b34a9480101c34f2eb782

6

6ce28c5c841b17ba3d31e927896bd95cb5e1b38a3ceb378ea87eadf94107f14d29d600eaf9972b33

8

92a7c742aeba72e8e706b320c5bf9e277c90f49156df7bd9e2ee9448698d696c58a1923ddb95dd88

8

11fa7789aeaaf6774dfd751f2db0dd1aa2289d186155cf7a222d15e3ea0917f96fe66d50aafdb4ae

7

7e8ca166b43beb62a0f4e350bd9ed4bf6a5ef8db1df2232d38e3774d893d893dd2a5b9e54aa2e8d8

e

4f50d89d2ce7b64c96ef1177d85176c5ce2d6cab48478a8c2ecfe7cacd5d98ed3a6d379cd4be55d5

8

8ad4362d6d46ec14c4c58466f794ac864a3aab993ce44c54186c068358c82598e8e3ca36e342109e

1

fcf93fbbe55ed6f98cf3b482eafd5aff18c765a624920eb2de92a7198867f465695d0cac7177695e

e

c3e1df885eb2606ee7bade23db2f7773734087fc329bab987bd5e061cd22a0c81e236d576d4f4bfd

0

24a1628b0890646f709e4c2ea8d3622e32475d3c8e21b28c70aaf87ccfa017469d8dafecf6ffd749

f

600bffd08665cedd7ded77d624fa0f39ed3796a79ba80df0418bd2443f008d1cc662030b8f3cf60e

b

9e7c28086e227c41da2651d1e6d9aa08989aebddef54be0420ab0423ba87f2dd8413ae35137a0276

1

e5808b29f33c3aa31da7a5aa1aaab4e6eaece2b8afcfbfe93afdd0e805d9c42508f26c177505e4c1

4

fe243568919bb16a4ad4326ed37b0a004782c98b57acbe3ea60834be3b776e9ecfd8c6e30b4732a7

2

08dcf9efa03ae0b3d203cd1c426d0e365c0be027190f69b871d311e5b4a382e6dfb6080e7e23faa4

7

23ac7e45d5f2aa4d2e212dc5400a2738db58860e2a845fe87473848aa95aedec961331e902388bdf

e

95b17f1a58609c58502cd28a484414022b9f479a2aadb5e9968652cc115f68c41c416b3bd1bf81da

3

79b094277d6f5f593bebbf9373d2ddde15e0f5eae9a58f6b95f6b965cebede3a890024d4880274be

2

63df85928818cd578bf8453a7bf5e6a9856ae2c4098a3195fc697d3f25a16973bd5d89b2081559c2

a

aee3fd209a1754b90052ecd80841f28e73433c65f3ac4bb35437c373e240c3f960571e7466cbb87b

0

e51ec4d01ddaa1c987d4cfd62635a9b6c4dcd84e59255d02d93c53390106b10633fedde5f458a411

d

80c975a9dec165e432de36a487e32eb4f8c3bad9d32f0876b88f59bb85bce535f4d420454fb90c91

f

c0a59a929517c70007df6ec3d144f51a247bde2d6a552b7cdae2b34c5da9a23d8e5c89c5adb5dd51

5

abce261b8702597c311d318fc392286414c272aaaea3d6fe6e3a6d547bcd24d42c332963b513e53e

5

ab9d90a9facde33525939ac1cd128e3df5dcaa17aa91a4809932e4422266d445502673495e219e23

d

89da10603987064bd4ed166f73d6f7332be3de8d96dea9e8e235a44764ef3fdad3d3aff9953d4c75

9

b5844cfaae4a6b2e96ea33f3dd9b6eb39df9a958aa11e7d39684f6798dcde2d761f1ddab2a27195f

b

33110465984d91e5bfdcaed7c63e954bc896b2ecf4dbd2b3d3f2b73857b4ce2a2643fc6d712747bd

e

637831a9e2e316808e7c7838058246b0d217a64ad155da57ee24f0fca2a0d3f0cd8e0aa35c158716

3

e3644ed6f0c016fb3949cd657e8b2c87b06dbd13bd7caac355f5e7a42d92c4b2e0ea0bdc2f542f51

c

b88c7d5f80839c054e4f6c34f0ab629ff1296e53ec966d659108837011cf9751175e81561875879d

4

2d3131aa83a030b7aee24f1a2a563ef2077da687f6dc8cfc78778fb2fdf1a059684d09b63dc0b27b

a

39562f7955c234fa35ebb9915e05f9762ee33ac8c326e6de78a0ffbf3d682b3f417c2ad3512e8d10

5

94890f3b540590ecd3472e2d2298643f0d21a889124604449e21b4986f471d49d7e0b82e4e0a1f43

9

fc892ea5a602bb5df7b62a424f05c3ed17b42a915e1c725606924f56b8724939194a622146c18d60

0

588fdf57cf5d3bfdf863f5de059708d59dd6cde571e11930f10a41d364d4b13c5f77c021bb67acf2

6

a3dc3809463845b5b0b95d90f2b3cc3b5f5cc1b710731a006d8fae5578dfa280b664914716ed315e

8

64fe8cc18028eff1837709f13565a28ce7a0e300c0b86c5254c234e1ce2dfc0225aca511642d062b

3

0fb9cbde71b8af7f0d6ecddadbbdf4b93bfeb715aab36d4f1483ec0cd766398bed4f4facdc7d5683

5

efc310720a59619fef7a76c6880ec8f2dc348fff9655082d1048e2f1ef2b9d81cfd245b544744acc

6

bd542de210e3d3f23ede856e54612f0cda100aec3695c0ef14ab6f5e9a052ec585abe5a9c66860dc

a

2b610f0240eaed8d3ac04ca4fd7a9113267b1b7f214e09228935b5f55bae449072dafc4cecec8a41

8

a00e7939208985bed31c1b978ed55f1d27cc40e56100a277292f6fd9e1a3e9ee61e90fd195243b16

a

93ad0434907ebb4ee5e9808e3cce9387b2208297dbaeb4cbddbbd1124bad101db50b09b18da19649

2

8f49ffa1cb9261cd1c90941d5777a48c0c5f9eeec56cec9abf8dd7b63abe10db5f3fc0ff2af0f113

4

653db6e6364b9abdc2ef4085b677b4ae2c4e9c06770f64f7d88ee81fecc60466ce801ae6460d7b75

9

71125695dde4ece084760dede69599611cf2419f222872ece3f68fca7e98a419ece2dd54a8c86ba2

6

20214b667629818fad2e9d4b720c50ecd333327dcaa61844ddd88240907068669b7dae2b7db1b2a4

c

5a51c93afef7392f18a173b9ad6c8d2aa17e76309d6a2a36408ad19932f419a3cf321502cb411a61

7

b0179e1f455167a9c2fc15b9b51706858351fcd2fe0da6d7dc68ced98145a5c5f861d715180c72f0

6

32b2aea6ea25add6768251dcc6f6f374d5e138226018c6663320fd20a0843d644b4612513e1ad230

7

e8351b99311499eff5ba1a2642aa53c08f038cb7f7ba189b5e5e7c39ba3e50bec874099c79556655

f

bdd2d2ab2ecce4e27b04bd5c170f2e304e18fae9b5c8f5211e5258e4a01569b139ddbb8ebda7be9f

d

dcb08ab64a86a349e8bca9ac1f9896817e87abd80591982e6ac4eba71aaae134d919d3725ed222ec

1

12ce00ae3a235ebfa9cef50e9ea2125acfd0e3ee420f80c3b0d11c4deef411a90a53419555f6fe02

d

ad241b5a84b9270d84f86bd2d442479a9bb9090059e3c4377a423d1baa682cf1270099e598b5bb6f

6

a9921894aeed5c8e843b842855b8a04b21f7765251f0f2e233d74ef169fc1dbb00a97d6ad422b3b3

f

51d6ed0636351afab315684923a738bc615734da8c742edb105a32a67398ee6714a37431ea84b09d

8

e201c07cf5204b45facf0894f7e1ab01d0fb69b0f215ee84f556e30d892504492e591af5d3204314

4

3e5c6aed07e61f642ff957f7cd39b8a1f98485bb16beff2794dd2e9236a8149ce6396c9201ba76a7

4

c9d4ae5939635fc82b113071584d6d25102ca4bc91c1e13b818327e6c3dd14a91aa6933f51b784ba

d

b8126ff89f6ef423ea3bd37f78a6a5f2e7b98fb2ce2b78bae67a08387a371ee844ead2cd4d047d72

0

ad2de5569a7b15c2ca8b331b9cb6afdb185995bf6a3f3fb5c920561c90f5ffe56f455d9f2dbcb3cc

2

f0fd3b7e20077f13ad253acfb691f8b51245b8aef058946ecb175fb0cb156732fbea323132d5b666

4

81e1c70ce788d8cc6dbc7e1839daaa16b65dd3f4213ba27f0e86f10ec25635b4981b2b1961145a91

d

2fdddb43354ba3b61e089f53d26fefaeb0003d8951f5a091443953545f80c0cf2b31fe74f36919e1

a

f6843bd8c4458eac8f7ade1e29226d22eee7a678f55121e408e1c5d1a9c4e0756f199b0e72f9d41e

2

179aebc90f1a906096e87fe984c0a5a36447303cb93097f38e36e3a6181879b730d2f42a0a975476

8

6ab01a2e6554789569704481107ba73016653d549d69d61cd8de11ffb62ab727c7980dbdd26e4590

e

2fd0ff22f88e235024d2cba7e75996ca309aba13ee60dcd6e26b9a152affdde52e178d7f81f833c3

d

fb0b0794771f836ab33653d711b1d8c4b3ac220532ae6e51ab83176fed7c76f8d02956d3f899a88f

4

82dd2e0177c8733e124b5f93d98896a4670f9fdc08cde7b6c8d206439275037940a1311066525367

a

9d7628765fff03b9c5deae588299f29d198528bbe70d7b7216cbe5e9c7ec6bb305cfd0185a9cec1b

d

a2017a0f348c6c7a933dec92a4c729bdf37a9a4fc8531c8b0f96a2a337f49392f50c0f620399230d

7

b7d3171685335d30e746ddbd8d0e05c1f328988073fc7d33b8d02c46951bd309ca74df7f251fde22

0

f9ee5f0a2700a9884ff20f85bc62cf934cba13bc2745182521ec81e25578e1eca816925d2f830b24

2

6203082dfd330316edc7c216bbd4065ea6c7929b0df93a05627486ffbddd72b05ad8796c01903dbb

f

209b16800b07dae71b9f23e468c62b48d2ae7d155576bd2e47721626793b4c455490ce16b203baae

f

8ebd9e57cd72691171f21780d12a47d04616f0f863792f96ab655e5c08a838f4365e35704cedce93

c

a10913ba1977371b29eb311da4838d44fb54323d0b3e83284b67185daf3baa07907bcdaabf77a4d9

b

f5c16b1176c3d1478818b85cbf52fa173c2c503b7e60212d1f04aa842b00094f930633c4fe74f8c3

0

573f3d8d544c202affe92d3459a195ff899b4146e5cba2acadc8da228da7ae77d323816d42782bea

6

68ba67748a0a288b85228e25b3bd01b321e9ce51ac324b2b1d7deff559dcb96bd59523e9229e18fa

2

4da351e61bba3372a7af3886a9f3930bc77d670b2f71f9d08e10e4d830b67871152eeaf7afcb946d

d

ed782a94a4fe9b903dd667b3c5f7eecf6467b124174230d1ed8308fb5e11da59b37ee9f14faf452f

4

84a298f150ce2ae8edcb5042906a7230f4fd9e70ee279fb32f0d723608e0c5e5190191481f7c2a6d

5

7fa3baa18856251706504958af6419ffe17858a995924221f0bcebbb83a17441de49d8a408f351d1

e

d4c6bcb8b38d2176b1a480bbbe067dbe2fd83b6a1c1c520dd122b9ad0eca07cceeefa10fe0b326af

a

3c39be2649db04848081cf070a6ce772a21e8b97661aaf7079f937aabde5e16ab11d9f9b6a7ed7b8

b

c0356f350cd36a5dcfe8ebdc966e2918340a9186ebf419e2fa860dca0d98fc57905d1dd2ea384265

4

8767f37774ac635e66e8be485ed55115429c7d6aa6a558bbd89f73582c1552358ced6372a25e53b5

d

19757ac8544fe0655911beff3dd8acbb1a263660b9552d32eea39f8f4a6fe33aba97758f01272a26

8

35b96a5f2691fd2253b3faa4e338ec293d9a1d2b4f4b9c911b9b6c9bf479ec360e2b859ba5158d39

1

597a569f80c8d004b69a3dc6faa2c7e5fb137e79bdb4134f486295e11717dc59b601ded85466cf6a

5

9f0c541873e5b0eeb3a2505af681324a997609e60ad9f257be496eb2f296d06a1e94bada655f003a

5

c9ac89122b69f2adbc6b45fd7b9e4f0df651a273d5d4fd31c8824282735c29676acb2e873c50436f

0

90071e5af0f9026b64ffaa1cb6a9da7d1763c4d2341be32dbd9918a7b40974f7ebf387c783b877cf

a

a29bdf7c465e185a42b7b73672e3b986bbd2b5cdeddf10c13d663717bb31bb058f8e7b2a3cb4e477

d

88cc31264f706773252eaea8a2305402fa80255558e9020d67a2c6ecfbeb7127f8edb31604517fc1

8

988f5f95489843720237410880e98c5e44fd6b758dac70ae26ce7278dceface6e12ae63e597274a9

a

e8a8015dcbb9a22915a19d6aa25b9bd28ada5d942b1f3a31f910d617e1a24b92a84f79fed0caa0a2

a

cd418aadddf8395f2514c952b72e55f3efc3eb63ae4de17101954cfb449d23b594ff21a5ec1fbcc4

7

4ee00b02c7cd1ef8b453052e0fa77f43704e767261f811bcf58f04e8eeb225fb427c7c5c548509d9

0

64a20410d9a17bd6ff7fde31f0155cb2378c6dc58f182c7c9a19fd2a03fa73aac785ffa65495d8b9

0

0657bc0a7cdc674d466e5fe039f98eb9cb0378e350ab20d7ae18384cfc921591aebf2ba602177ead

e

45a06eda4910c2d4eb284e16bf239a27ab2f404123853cd282b6621db029fe50ed329069163b1640

8

79f14c95f730faa739612f7e335bfedfd3baf52cb3a4bc77696aee11aa1db2eb708677dd58ee421f

8

71c709e84661af4c067d49f6d2c83f2892a4db5ace710a06cac314702397f55b6b5c8e5e03a0a3c6

a

b70e22780e5418d71f979fb777c3f4560975edab61fc09eb2f14ed0590cc45cfe6bc758cb0a73426

5

f335762459114251454a424453193db5907b870aae9600e1f3b46e73fbe2f86cc0450297d1cbc5c4

e

5067c6e096aa36c8846fc377865bebb1d61ee4135788d76c2e28509d0c052317eacddf584050dc35

1

89bc5a22d16226a5113012a8720c5b470c987530d4c62432550350f0b7ab6efd57c65a5b3fdfd5b4

f

dc0599d019edfff89d84d30f6d93e1ca3de9704bcbdba3442eca6f9a9a88b2f6f5086e77feaa2c5d

3

ef58b2ea922943f45aa54258fd59c5e298c56569706e68684da63225d94d80f845a10ac38ac9441b

b

451ff3e05973e80c76f17d34fc779b4e609cd4edd394020c847a201e6deaebcdfdfb9ebbe30ceb05

d

6a65ce1ca65b054c93599da825feb8b95e79cae68a90c63ef949ea2f1e6a09799663404e8bfc2a8f

8

4e75933a0fc01e5dc31a2715eaf8df73f1ef6689a552f8306df73b7b08f504e8627cb5526b6c3200

7

673f5704703c22e39690a1b8c101df3dcebb15eca4759baefeca95386b494627b392e8f53f6544c3

e

2e01ea58150fb45932591d9e36de8b1037fb3b19ba9bd7a5e5decf0968c6de17406ff176816a406f

4

057fe08b4504c5bc94311b2e3ac1084c3382e5e48a98e15ffa6f22e1fcebfda27c9500d498168829

a

3233fc9f1217d385a6252732bd8dc0cca422a2ef20287b80d0b1b4cc14d29b335641e4db6a172b4b

4

d7f43efe66b9024b32a18afa1be13576e359ced1687cea87db0b066b3ee93f9623aee2c52e0562c8

b

3070970dd0ea432e262946eabe4acf8cc5eb41f2e3b036ea8b71a83cbb4cdbdbd321650a2eebcdb0

8

22135e96d04602ae623327e980844da2a5a16dca9f21c18e03cad3b8b66f0ff2545de60ba0186e86

1

b21af52ce4b67d9ddf18e126c672fcacbb026f018d8a651f4653ca0e5b131348b3edf0edf198191c

2

25cdd0a4d92b6327995c19f3fb8d17e262b1180c71f9c0af1c731be8044b36eb771b85c2d6688b93

e

2b88f0093c64c56dcf9a736582b292e16d0f9537b8d6ebb71fc57444abf51ee043f043dd64802e56

1

94c1229fe8786e8624457b46db840732f13aa25ace8f195f5cef9e16f5a4428f4bf339bd40ef35f8

7

db96675cae446524c4d6d0ef618f99a777a7a70222f95c5636e3ce93a0e886008c7968627f79bfcd

3

07925e353682a8581d8de8dcef9462cc99f22a9b711f5c7828d360fb22b46134fef50dfb66d19a58

0

e3b868d2e5bdecd6f3121956871e3264fc2860bc14c0f512a83ab8bb462ec664bd3137cf83e6dfa4

7

dfbe33162cdef2b2b5e50ea2241a0bdb6aec3bee68780a8080c78d4fc971eec4c27047847b6b0bb5

6

bad924f5df12cc0c99d5bd36abe7ba182c5a5c1d6745d45ffd462c8b30019bea341cb085db85499f

8

bac9453663b59c44e9ec6aadd320ac2b2341d8d0c7e2aafe9ee500d5e05d8d154fd305706aedd454

5

0f06e057ccae6ac2e4d98c1bc9a1fdee752870014be007fb5238cbdec5d917046858d50a7fe76851

7

09ba01fe185f6414d032ea8778d3bcf8f191b7e3e12e16a8b1d51141fb0327dda491acdb58fafd90

c

c630e15a71205621466a277cf65438e15cd1df61418557eee95754c9e675b951c5e6574355b9cee2

e

5075531f9cb9c3cfa785d0905378251f2710bdcf2b98e188fb718251d67fcd13390d552c10b0b080

0

40de109fc6f6129c107da5e908ec54296dbfed449316d582374b22e5c2d706d251141b0f8d4f4cb9

3

804bf12fa8fe8b3bdf95ab9585a65796badbbbf527b0f8ef4b8efe9610193df3e8c66b3dc82be2ed

8

09b83e10f5f5f2868d5324ea3d0948f731cfe42e066a12896f6c886cb4365aa295ad47548b27e799

e

e8e61dc32cf7219738989a116ac81b9f5b6fad01d0533ebeebf05d30e58bde0b1e1a8b3872bc7d82

e

92d7abf6ec817ea1859ec3424316be45c54509c1d4cfdc2da09fc3da8c8721cf7f979d19bed20ad3

c

1d920de69c9c5b9de4fc28f2fff87c95e2f98a00301446f7a55648648c8915746dde0af6dbe971ea

f

5675040b2aab9c0793c1d72d0d75795752ce7fa662687f83ef9155f459c6b5796c208bbe9bcfc7df

6

2c65d09afcd21b97cbe58187b3f007c28fa9d666689b8570bc809fc0e027651cc080391faf64c6dd

2

9adfd61e772275c69a653303144be549b00ae57dcac89bef28ee5b4c2b243d2b6f38e740d28a9643

9

4d5bdf11d2cccb11151a7b3f994cbbb185c883591e2817901730ecbc551fde3ec608ec9fa952e45c

d

eb64de6107c3d58a33a04d2914f6a50fd7bfc20283b539e62979be86f4e98590ba6898e3dd4a2d24

0

25c2803520449ba485480879e6f1acf895e72dd06e3c3011a4ae20bd5f7c71ec4042a55a32b40546

a

fc90c7f883d6c6eb110f45cff84d2727815812f4cef65ef72018954fdb3d6f7538c71be73d1992b4

e

34241fef322c7a7959828628908cfeff42022894b3fb581cb820ee3b6ab2af935ca46365741c844a

d

7ac52aaf6352a4998aa11ecb4f1b36a11540af372080cf824111156b3fb7be400714da5f8b1142fd

8

9cc677a58ef0be7f4f040900191ac8441243a17f5ea4c3a53608d0d5d495d8286a069ae19f098ba6

2

5db727aeced80179286160daf19c7f2ea0d61236bd765e1fcd91c56acc6650eea691f1d5bea61b42

6

63382794afd6848a507a3e4a69f50f3b1154ad2d37ba3c85f365f4e25d61e2c4f257c4a15b4a4cf6

e

93ba1b737076c4c114b7d56f31ee3bbf3416f1e9e58d147678c1c8ab54bf64dc38847c5b73ec97e6

b

9d4e6a4ad9f54aa5a334a5293b9de8de6ff59a4c74eaa353417b0d7358951d41704c48b266c01351

3

10d6c5400bda5405803dc9374a691b08305678d762f78a203d904fbb1f06e56db919ceda82f32841

8

8e5e5668a5316a33626990a351a80da08747e915e451d9fd335f3faebb616b010e8e5c4d70aa89da

e

b8368cf7794851b75fe9d1e5ca9f6d185a20f7cbfb87ad8dc295fc10e8bb933f1b9b262683b08bf6

7

5f3ea63bd2a298a2d03152a3da1ced5a5e7d83f648864e1dc3b59f6264f7ff1217dbf35095532357

7

4edaf7c7a609f74c27904d707e1d0e778e1e14b43b6f5acfca9ff3f7b9e6cf8e3986bfb261ad18ac

e

112250c4f7fc7e922d8628feb61b5d796e9f546d863e9fa89190a595bdf916e02dcd82d819942763

9

ebb1916730b9baa7cc3aeefc48f869243cc45dce764fd2d1be927f43029c7f45a6d8a43e879605ee

5

9c49b28680013fe8eb26a799a02460e106a7cfddfe0eebccd5e5e290b49cf76801f027a43393f10a

2

9c12edc3a40ff4fb373bba3eac1b38e3271c6f87643d56412a6a44db32431600c5c9653d05664720

4

1f55a5ab97c80c5036217cee690f382c8a5c4cca2a4ebd105fd2153f74983c646a529ccd712517ec

6

8e002581df96106f37ea481790953b58f33231aea234e810e83abb240a18a873c77c58ec29198c9d

4

394d35dbdc2a7f0841d35d6b31180e459b2557d86d81dd5226d6483c4a827cfefd0d81be881a1202

2

fa8383085c6959690b08dcfd61ad61c6b4cc2db186d3dfd77d448297b1ccc76ba1eec8af48643a67

4

321a6307dcfeebc4be789483b8226a6ea666888bdd23e42eecfb20d9ffa94a47f57a9bf464a606f0

3

f5f65fb9aa70d113da83cc6712bc764fb2328f04bd0eba68b91d7401d75013337a2d91b6a83795f0

5

725a38cc1b712cbb066076c8b125a1213a179b0de9bdc0420f9f5d1764c6ba13957043127bf915bf

9

e67e45c579008ad21441e766a57d968a5f3d7681cf75e3553595d83724db8027906e003cbdc170e6

4

eb8b591b9f4895691cf2f4cd5d012f135aaf7172f74a97789835485905424ff1635269d5bc3d0611

7

791f37a1b8571c2a469cfe56e015c1ad5c520b400062cfe4be6885fbef9fc57ef473db8718d95136

5

eb46ed150b47ca956712359622647bc209f01194a3c9061319da0ded43c4d7370fd75b7f98fbb6a3

0

b5768351e924ade04cfc3ef70028b6cc090a4b525e17469729b1b2f24b1f2679b6fb76bf0c9835e6

1

8b56a3ee5f1ba377c15797f0a0d9342c6569a9abfe3a87a39af6af5a3acc372f443975a21f3e9a6a

a

803da2ef9153e1dd6fe3b7c5ba1ea3fc7484ee45f16273a4b269b76ed56c1d9141265fd9e4b5923a

e

9b14d5e643bdc90230e402d3ca1130d3d63372b941dd38717328fdc430f3068d0e38da8bf0ae7dc2

e

4bc3d0e2a0284d37cf4b5cc4795304374cd84486fac04cdadf78c4caf62ec7c3ca01547ee7fe50c4

3

78c5a3bcc977422c68b91aa50024620e47fdc6862df985ba571df57427f2b8cf024b6a81ce0ecb86

b

7f4badea1d977a68a61e83a7b810a127c800a9b1b8d9262d80441805c3b4c8a413d141dd8183cc1a

a

dd4dcdafd076d4d598f35bcf9ad4b384f0c2818eedecb67dde7adc1e5a64a6dbd50d03ab03d2d694

d

cc1c40c679a184691e456733a641216ccd582da108b8f05779d9c0e2e926c1c5c428417661145d3d

b

5bed94edf022d991dadc3bd978b9a3f78eb5839e41aed9bdedbd2192afa87ad77fd9d03fd58d20e0

8

17b1a54d384abbf7c954f1e3440bb16aee17290c0e18ddabc082648007f8a81645b6eed0d6d5852f

d

b2d8632b8073c09c67188131150873e63f3a6bf97a477119be9b26fb377dd63a1a5ad98c871099d9

a

1f1e4b3cf3b3595b14e9220f8b3cc118691c9fe4e29097810d45d502e7b9eb20cf3e137c5afd74ab

7

9bc91c9389187ac94bda6d41b0ee2c01df97835b2a5be43e59f9ca7212bffe0bd08cee9116ec2ca5

a

79c58c501fda3d24ba0d95fdda2f095295e18d7da5c0476cdf01c8e2317367d42f4c3b5f2c714ed2

6

10bf94a34e1994f58d20037ebec941f48d9721c749dbe2b18671271b792462077a5549e5c3de36ff

d

7fa3d153f6c181f44a68a7efe734c0edba931a240893a6cd9790f16c34f106e508dc7f1466f82d60

9

1824c23788188e0ceaa0b84bfc43730a6a0

"68562505"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45

b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3c7882f10cc

3

dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd

1

f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c85808d5223b53fedba4c67

a

d38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932

f

5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6f3af737d53536d9dc06a6427c9f42cd315

e

9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc387

9

197c52ded2a2f10785c7f75789e1af8b463c31f3349c9323cba5f612065cdfcb205bc891c14624e6

9

38ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e

9

b5733d05b9ca5b6aa913201fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc8

2

dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e62

9

789c023f82d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff71

8

f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171f

6

9d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb

9

e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba5c4c528ef28bb

3

7fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832

c

e558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b02fe1e6e4afa9d6743821364b5

b

7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd

3

802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccfd154df7654868877b007e6eb4cdf2f3183aba

3

210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0e

e

5abf4671b01bb2c25552f91e54a16ae5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7fa

a

dcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574

c

e997a6209733cc34ac7df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f898

4

a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225

e

a7151840d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f5

4

9c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778834f

1

7d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5

d

ed36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f2958cd2bea36fcf18b9

f

1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780d

f

f9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793e8765ccb09e9d55ebea8cd3a2bfc

7

47dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1

b

c2a152a9db0a942abe57206b742678b74c8d10f6954943a202ce224294716fb69dbf3aeafbb8d21d

1

b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b38

9

f852e001d6b9549d5f3b7f41297271eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57f

e

13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8

f

31b4951c412c9306176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e75

8

2101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08

f

3104e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2

c

1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb4251b77ef

c

19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c473657

3

658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b47eaad3c51f548b06226

3

fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0f

b

0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d7671b8d188aaa277d020882ef55e3e822

7

929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a

2

287d81dff65b77996d04cabc2e5d67d8c40752861b9155e5b8561cf25371977159e2d7ca5e81148c

4

8cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6c

c

3f8d3eb4d457dcebba3cb0722db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2c

b

d92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c9570

2

d77cc5ca80bfb942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1d

c

02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e

6

11b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9

d

74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476ce68eb17c4a

8

8a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b

7

c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49fac38dd39adec63b646eb5

c

f539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc2

4

6cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47a0bae7b76b1a69e9cbd118706dbf5a5332

a

a7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851

a

ea8225c22d1d12bb71198bf9517760be9b5bdba8fb130ba4ce7cbe0fde45d8a046714504e5191058

7

8459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c8

0

7d5a94ba22cf9053e9e7279d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2d

c

23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d478

2

f6c6c5d1086575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce

6

6342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401db

1

95111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe

8

d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1506bd71240c96

c

bbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db

5

410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c43de1df98aa44b8481afdce4f

8

5d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f01354660

1

a8f08c1a2952f0415e75984140998c18b50535cbe8c8b65744d76e1e62ed12a7b0d08c94adb0ccda

e

545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a6

9

1c5b4000b5969e7a32dbfbb718d08d5ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a

4

cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0b

d

2e16cdcb647a53f9909bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a

2

1d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd

8

1db306bcc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a7

2

ce5f514188ff

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-01 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-01 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-01 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-01 76040]

S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2007-05-28 30464]

S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2007-05-28 12672]

S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [2007-05-28 32000]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-11-03 23552]

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-21 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (1) (STEPHEN02-Stephen).job

- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell.co.uk/myway

mStart Page = hxxp://www.google.com

FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\qne0eop8.default\

FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npietab.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-13 13:01:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]

"imagepath"="\systemroot\system32\drivers\TDSSmaxt.sys"

.

Completion time: 2008-12-13 13:02:11

ComboFix-quarantined-files.txt 2008-12-13 13:02:08

Pre-Run: 108,679,438,336 bytes free

216 --- E O F --- 2008-11-12 21:36:51

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::

[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.