Jump to content

Recommended Posts

Hi,

I've had a few malware infect my pc overtime, and have always found this forum extremely useful. I'm posting because my pc got infected today with XP- anti-spyware 2011. As I havnt had one in a while I might have taken the wrong steps of my own accord. I ran rKill, then scanned my pc with malwarebytes but nothing was picked up. So I restarted my pc in Safe mode with networking and re-scanned, yet nothing was found. Upon restarting my pc (windows xp) the malware does not appear. I know it would be niave to assume it's gone, So us there anyone able to suggest what I could fo to find it if it is still here.

Regards

jack

Link to post
Share on other sites

Hi Jack,

Welcome to the Malwarebytes Forum :)

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Hey,

Thanks for the help. Just run the OTL.exe and here are the reports:

OTL extras:

OTL Extras logfile created on: 22/05/2011 11:19:34 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.22 Gb Total Space | 3.65 Gb Free Space | 2.50% Space Free | Partition Type: NTFS

Computer Name: D6JJVN1J | User Name: Jack | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:*:Enabled:The Battle for Middle-earth

"C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth II -- (Electronic Arts Inc.)

"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)

"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft -- (Blizzard Entertainment)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Documents and Settings\Jack\Local Settings\Application Data\Dyyno Receiver\DPPM.exe" = C:\Documents and Settings\Jack\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()

"D:\HIW\orange.exe" = D:\HIW\orange.exe:*:Enabled:Orange Setup CD

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Ahh, sorry about that. Was a long night (revision for exams and all).

Heres the OTL.log

OTL logfile created on: 22/05/2011 11:19:34 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jack\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.22 Gb Total Space | 3.65 Gb Free Space | 2.50% Space Free | Partition Type: NTFS

Computer Name: D6JJVN1J | User Name: Jack | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jack\My Documents\Downloads\OTL(2).exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)

PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe (Sony Corporation)

PRC - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe (Sony Corporation)

PRC - C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)

PRC - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)

PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca Software Solutions)

PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Software Solutions AB)

PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

PRC - C:\Program Files\Inventel\Gateway\WLANCFG.EXE (Inventel)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\wanadoo\wanadooconnectionkit\atdialler1.exe (Wanadoo)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jack\My Documents\Downloads\OTL(2).exe (OldTimer Tools)

MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)

MOD - C:\WINDOWS\SYSTEM32\nview.dll ()

MOD - C:\WINDOWS\SYSTEM32\nvwddi.dll (NVIDIA Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\wanadoo\wanadooconnectionkit\Freehook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Wlancfg) -- C:\Program Files\Inventel\Gateway\wlancfg.exe (Inventel)

========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys (McAfee, Inc.)

DRV - (mfendiskmp) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)

DRV - (mfendisk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdi2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (xewqy) -- C:\WINDOWS\System32\drivers\xewqy.sys ()

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MOBKFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\MOBK.sys (Mozy, Inc.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)

DRV - (ctxusbm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)

DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)

DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)

DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)

DRV - (hamachi) -- C:\WINDOWS\SYSTEM32\DRIVERS\hamachi.sys (Applied Networking Inc.)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (PCANDIS5) -- C:\WINDOWS\SYSTEM32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (gAGP440p) -- C:\Documents and Settings\Jack\Local Settings\Temp\gAGP440p.sys ()

DRV - (RT73) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys (Ralink Technology, Corp.)

DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (k750obex) -- C:\WINDOWS\SYSTEM32\DRIVERS\k750obex.sys (MCCI)

DRV - (k750mgmt) -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mgmt.sys (MCCI)

DRV - (k750mdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdm.sys (MCCI)

DRV - (k750mdfl) -- C:\WINDOWS\SYSTEM32\DRIVERS\k750mdfl.sys (MCCI)

DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\k750bus.sys (MCCI)

DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)

DRV - (nm) -- C:\WINDOWS\SYSTEM32\DRIVERS\nmnt.sys (Microsoft Corporation)

DRV - (bkn50USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)

DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)

DRV - (PRISM_A02) -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys (Conexant Systems, Inc.)

DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)

DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)

DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)

DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)

DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Freeserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\..\URLSearchHook: *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p="

FF - prefs.js..network.proxy.ftp: "www-cache.freeserve.com"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "www-cache.freeserve.com"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/16 00:17:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/17 01:00:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/06 01:26:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 10:14:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 10:14:02 | 000,000,000 | ---D | M]

[2008/08/25 13:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Extensions

[2011/05/21 12:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\40cl71ru.default\extensions

[2009/09/03 16:50:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\40cl71ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/03/07 09:27:17 | 000,000,000 | ---D | M] (Veoh Web Player Toolbar) -- C:\Documents and Settings\Jack\Application Data\Mozilla\Firefox\Profiles\40cl71ru.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}

[2011/05/21 12:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2006/11/05 14:03:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2007/04/07 12:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2010/08/24 10:42:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2009/02/18 22:15:58 | 000,000,000 | ---D | M] (Firefox: Orange edition) -- C:\Program Files\Mozilla Firefox\extensions\orange-firefox@extensions.orange.co.uk

[2009/02/18 22:15:56 | 000,000,000 | ---D | M] (Orange Firefox 2.0) -- C:\Program Files\Mozilla Firefox\extensions\orangefirefox@orange.co.uk

[2009/02/18 22:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\orange-firefox@extensions.orange.co.uk\chrome

[2009/02/18 22:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\orange-firefox@extensions.orange.co.uk\components

[2009/02/18 22:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\orange-firefox@extensions.orange.co.uk\defaults

[2010/03/16 00:17:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX

[2009/12/17 01:00:42 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="3.011.025.005" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED

[2010/08/24 10:41:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/05/06 01:26:31 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll

[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll

[2010/08/24 10:41:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

[2010/07/22 11:34:33 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/07/22 11:34:33 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/07/22 11:34:33 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/11/20 23:43:16 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

[2010/07/22 11:34:33 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100919012825.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [CONNECTScheduler] C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe (Sony Corporation)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [shockwave Updater] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe (Sony Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wanadoo Connection Kit.lnk = C:\wanadoo\wanadooconnectionkit\atdialler1.exe (Wanadoo)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Search with Wanadoo - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Jack\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jack\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 10:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2011/05/07 16:49:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2011/05/07 16:49:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2011/05/07 16:49:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2011/05/07 16:49:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2011/05/07 16:49:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2011/05/07 16:49:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2011/05/07 16:49:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2011/05/07 16:49:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2011/05/07 16:49:15 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2011/05/07 16:49:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2011/05/07 16:49:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2011/05/07 16:48:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2011/05/07 16:48:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2011/05/07 16:48:51 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2011/05/07 16:48:22 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll

[2011/05/07 16:48:22 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll

[2011/05/07 16:48:18 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll

[2011/05/07 16:48:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2011/05/07 16:48:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2011/05/07 16:48:13 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2011/05/07 16:48:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2011/05/07 16:48:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2011/05/07 16:48:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2011/05/07 16:48:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2011/05/07 16:48:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2011/05/07 16:48:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2011/05/07 16:48:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2011/05/07 16:47:59 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2011/05/07 16:47:59 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2011/05/07 16:47:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2011/05/07 16:47:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2011/05/07 16:47:53 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2011/05/07 16:47:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2011/05/07 16:47:51 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2011/05/07 16:47:49 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2011/05/07 16:47:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2011/05/07 16:47:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2011/05/07 16:47:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2011/05/07 16:47:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2011/05/07 16:47:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2011/05/07 16:47:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll

[2011/05/07 16:47:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll

[2011/05/07 16:47:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2011/05/07 16:47:33 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2011/05/07 16:47:31 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll

[2011/05/07 13:41:59 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2011/05/07 13:41:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2011/05/07 13:41:57 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2011/05/07 13:38:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2011/05/07 13:38:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2011/05/07 13:38:33 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2011/05/07 13:38:31 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2011/05/07 13:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2011/05/07 13:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 11:32:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/05/22 10:44:02 | 000,202,288 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/05/22 10:43:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/05/22 10:43:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/22 10:41:45 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk

[2011/05/22 10:41:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/05/22 10:41:28 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/21 23:08:40 | 000,000,728 | ---- | M] () -- C:\WINDOWS\tasks\McAfee Cleanup.job

[2011/05/21 23:08:36 | 000,010,986 | -HS- | M] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\w7tkmxsa7y27k2i4k25v0l

[2011/05/21 23:08:36 | 000,010,986 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\w7tkmxsa7y27k2i4k25v0l

[2011/05/21 23:00:56 | 000,327,680 | -HS- | M] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\vin.exe

[2011/05/21 22:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/21 10:33:15 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/05/18 02:02:49 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2011/05/18 01:52:17 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011/05/12 17:34:34 | 001,978,525 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\Zachosetal.pdf

[2011/05/07 12:27:42 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\Jack\Desktop\Magicka.url

[2011/05/04 00:09:33 | 007,392,377 | ---- | M] () -- C:\Documents and Settings\Jack\My Documents\le heron, 2009 black shales.pdf

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 00:12:46 | 3219,279,872 | -HS- | C] () -- C:\hiberfil.sys

[2011/05/21 23:07:25 | 000,000,728 | ---- | C] () -- C:\WINDOWS\tasks\McAfee Cleanup.job

[2011/05/21 23:01:02 | 000,010,986 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\w7tkmxsa7y27k2i4k25v0l

[2011/05/21 23:01:02 | 000,010,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w7tkmxsa7y27k2i4k25v0l

[2011/05/21 23:00:56 | 000,327,680 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\vin.exe

[2011/05/12 17:34:33 | 001,978,525 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\Zachosetal.pdf

[2011/05/07 12:27:42 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\Jack\Desktop\Magicka.url

[2011/05/04 00:09:32 | 007,392,377 | ---- | C] () -- C:\Documents and Settings\Jack\My Documents\le heron, 2009 black shales.pdf

[2011/02/26 02:19:32 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll

[2010/05/18 20:34:17 | 000,040,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/03/10 19:05:56 | 000,001,320 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmfeklnmal.dll

[2010/03/10 18:58:00 | 000,002,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll

[2010/03/09 00:30:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\xewqy.sys

[2010/03/09 00:30:17 | 000,014,004 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\8Kc67

[2010/03/06 22:25:48 | 000,012,362 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\fLyQOPd8

[2010/02/10 22:37:15 | 000,014,278 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\R4AlO7HdsW5

[2009/12/23 00:28:03 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2009/12/07 01:04:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\prvlcl.dat

[2009/08/06 13:57:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/02/16 17:14:13 | 000,116,736 | ---- | C] () -- C:\WINDOWS\Uninstall_Livebox.EXE

[2008/09/16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/09/16 01:11:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/11/12 18:27:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\PnkBstrK.sys

[2007/07/21 09:43:26 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI

[2007/04/11 18:56:38 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\lame.exe

[2007/04/03 19:29:49 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2007/04/03 19:03:14 | 000,214,520 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2007/04/03 18:42:43 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2007/02/14 23:26:47 | 000,143,804 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\Cosmos Prefs

[2006/11/05 14:02:59 | 000,003,751 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/10/22 13:22:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 13:22:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2006/10/22 13:22:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 13:22:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2006/10/22 13:22:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 13:22:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2006/10/22 13:22:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/09/30 12:39:06 | 000,035,228 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat

[2006/09/13 18:34:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2006/09/02 17:42:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2006/09/02 17:42:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2006/06/02 09:06:56 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/04/26 07:28:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2006/01/25 22:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2005/11/25 22:25:51 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/10/10 19:11:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\fusioncache.dat

[2005/09/09 11:59:02 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2005/08/18 10:46:29 | 000,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe

[2005/08/02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2005/07/14 20:51:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2005/07/14 20:51:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2005/07/14 20:51:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2005/07/02 16:37:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\WSBar.dll

[2005/06/30 20:13:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe

[2005/06/06 18:56:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack\Application Data\sversion.ini

[2005/06/06 18:51:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe

[2005/05/31 19:13:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/05/31 19:06:36 | 000,000,309 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/05/31 19:02:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005/05/31 18:53:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2005/05/31 18:51:40 | 000,444,208 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2005/05/31 18:51:40 | 000,072,688 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2005/05/31 18:34:28 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/04/09 12:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/02/23 14:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE

[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI

[2004/08/10 13:08:08 | 000,218,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 13:02:16 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 13:00:00 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI

[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2003/07/30 10:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/07/30 09:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/12/06 21:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2007/10/06 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7

[2010/03/12 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/08/07 19:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2009/02/16 21:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner

[2009/12/23 00:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software

[2007/06/15 21:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism

[2010/02/20 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony

[2006/10/07 12:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2005/05/31 19:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/02/16 21:00:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

[2010/05/18 19:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2008/10/15 19:19:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jack\Application Data\.#

[2011/05/16 23:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\.minecraft

[2007/01/23 19:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\AVG7

[2007/03/13 22:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Ethereal

[2010/08/07 19:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\ICAClient

[2009/12/23 00:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\id Software

[2005/07/07 19:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Leadertech

[2009/03/24 00:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\LG Electronics

[2006/03/22 17:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\My Battle for Middle-earth II Demo Files

[2011/04/14 16:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\My Battle for Middle-earth II Files

[2006/04/19 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Petroglyph

[2010/02/20 23:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Publish Providers

[2010/02/20 23:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Sony

[2011/05/07 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Spotify

[2006/10/07 12:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Teleca

[2005/06/26 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Template

[2009/12/09 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Tific

[2009/02/16 21:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\Uniblue

[2011/05/08 22:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack\Application Data\uTorrent

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hi Jack,

No worries ;)

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    [2011/05/21 23:01:02 | 000,010,986 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\w7tkmxsa7y27k2i4k25v0l
    [2011/05/21 23:01:02 | 000,010,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\w7tkmxsa7y27k2i4k25v0l
    [2010/03/10 19:05:56 | 000,001,320 | ---- | C] () -- C:\WINDOWS\System32\_VOIDmfeklnmal.dll
    [2010/03/10 18:58:00 | 000,002,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fiosejgfse.dll
    [2010/03/09 00:30:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\xewqy.sys
    [2010/03/09 00:30:17 | 000,014,004 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\8Kc67
    [2010/03/06 22:25:48 | 000,012,362 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\fLyQOPd8
    [2010/02/10 22:37:15 | 000,014,278 | -HS- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\R4AlO7HdsW5
    [2009/12/07 01:04:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack\Local Settings\Application Data\prvlcl.dat
    [2005/05/31 19:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites

You're very welcome :)

There were a few left over traces that I had you remove using OTL.

Launch Malwarebytes' Anti-Malware

  • Please check for updates, and if an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run ESET Online Scan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      You can refer to this animation by neomage if needed.
Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member.

This applies only to the original topic starter. Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.