View Full Version : VUNDO won't go
Hi
I am new to this forum but you are the only people who seem to be getting anywhere with stuff like this.
I have volunteered to fix my friends new laptop because it will not go to the websites that he wants it to.
I took a look at it and found that he had installed parental controls for himself but no AV and no firewall even though his ISP supplies McAffee for free.
As you will no doubt be able to see, I have put everything on that I can think of and even flushed his DNS but I am still unable to get rid of this VUNDO thing that he has aquired, I know that in your T&C's that he should contact you but quite honestly he would not know the difference between TCP and ISP and I am fixing it for no reward as a favour for a good friend.
Any assistance will be really apreciated as he has only had this laptop for a couple of months and has no restore facilities on it.
HJT log follows.
Thanks GuyAB
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:21, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe
C:\WINDOWS\system32\lxdocoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lexmark 9500 Series\lxdomon.exe
C:\Program Files\Lexmark 9500 Series\lxdoamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Spyware Cease\SpywareCease.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg.bt.mail.yahoo.com/dc/launch?.partner=bt-1&.gx=0&.rand=9b9q61jvkhbnk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {04292AF9-2B7A-475A-BD6B-29F7E7703184} - C:\WINDOWS\System32\dciman3232.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [lxdomon.exe] "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"
O4 - HKLM\..\Run: [lxdoamon] "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SpywareCease.exe] C:\Program Files\Spyware Cease\SpywareCease.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F190E3.exe] C:\DOCUME~1\user\LOCALS~1\Temp\_A00F190E3.exe
O4 - HKCU\..\Run: [A00F1F26AD6.exe] C:\DOCUME~1\user\LOCALS~1\Temp\_A00F1F26AD6.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1935655697-1060284298-1957994488-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230769901637
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\fmifs32.dll
O20 - Winlogon Notify: 74651014687 - C:\WINDOWS\System32\fmifs32.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\
O20 - Winlogon Notify: __c00180EA - C:\WINDOWS\system32\__c00180EA.dat (file missing)
O20 - Winlogon Notify: __c0022A75 - C:\WINDOWS\system32\__c0022A75.dat (file missing)
O20 - Winlogon Notify: __c002BC58 - C:\WINDOWS\system32\__c002BC58.dat (file missing)
O20 - Winlogon Notify: __c004BEF8 - C:\WINDOWS\system32\__c004BEF8.dat (file missing)
O20 - Winlogon Notify: __c0057800 - C:\WINDOWS\system32\__c0057800.dat (file missing)
O20 - Winlogon Notify: __c007E399 - C:\WINDOWS\system32\__c007E399.dat (file missing)
O20 - Winlogon Notify: __c009E254 - C:\WINDOWS\system32\__c009E254.dat (file missing)
O20 - Winlogon Notify: __c00D5E62 - C:\WINDOWS\system32\__c00D5E62.dat (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdoCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe
O23 - Service: lxdo_device - - C:\WINDOWS\system32\lxdocoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 10540 bytes
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply
Thanks peku006
Hi Peku,
LOgfile as requested but PC did reboot before it produced the logfile.
GuyB
--------------------------
ComboFix 09-10-20.03 - user 21/10/2009 20:58.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.245 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\documents and settings\user\Application Data\020000007e285c0a687C.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687O.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687P.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687S.manifest
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\bmgac
c:\program files\Spyware Cease\DefendLog.txt
c:\program files\Spyware Cease\dxddd
c:\program files\Spyware Cease\fp.fpl
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\idamx
c:\program files\Spyware Cease\iflee
c:\program files\Spyware Cease\ls.dat
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\mtools.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\QAreaDLL.dll
c:\program files\Spyware Cease\rgp.tmp
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\tmp5
c:\program files\Spyware Cease\udefend.dll
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\update\uplist.up
c:\program files\Spyware Cease\update1
c:\program files\Spyware Cease\ussafe.dll
c:\program files\Spyware Cease\vf
c:\program files\Spyware Cease\vsn.lst
c:\program files\Spyware Cease\wl.swl
c:\program files\Spyware Cease\xxcum
c:\program files\Spyware Cease\zlib1.dll
c:\windows\GnuHashes.ini
c:\windows\system32\__c003772C.dat
c:\windows\system32\__c0092E10.dat
c:\windows\system32\0G9JLRt.vbs
c:\windows\system32\1wB93E9WxWfcCyJ.vbs
c:\windows\system32\5e4W9Rf1dIKelto.vbs
c:\windows\system32\6Pcx5DaHup1RR.vbs
c:\windows\system32\bXl7AazDZ7Nkn2A.vbs
c:\windows\system32\bYfgQtX.vbs
c:\windows\system32\CORPOL32.DLL
c:\windows\system32\d9F5jAI6Tyytg.vbs
c:\windows\system32\DCIMAN3232.DLL
c:\windows\system32\DGSETUP32.DLL
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\DSDMO32.DLL
c:\windows\system32\DSSEC32.DLL
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\HXbQT.vbs
c:\windows\system32\ifkhqFg.vbs
c:\windows\system32\J3w1Wmdj2mEUv9W.vbs
c:\windows\system32\je5OGFV.vbs
c:\windows\system32\LocalService\313.crack.zip
c:\windows\system32\LocalService\313.crack.zip.kwd
c:\windows\system32\LocalService\314.keygen.zip
c:\windows\system32\LocalService\314.keygen.zip.kwd
c:\windows\system32\LocalService\315.serial.zip
c:\windows\system32\LocalService\315.serial.zip.kwd
c:\windows\system32\LocalService\316.setup.zip
c:\windows\system32\LocalService\316.setup.zip.kwd
c:\windows\system32\LocalService\317.music.au.kwd
c:\windows\system32\LocalService\318.music2.au.kwd
c:\windows\system32\LocalService\319.music3.au.kwd
c:\windows\system32\LocalService\320.music4.au.kwd
c:\windows\system32\NRlBTRvyKIl4rfY.vbs
c:\windows\system32\qKnXxP1.vbs
c:\windows\system32\r4usjCh.vbs
c:\windows\system32\UEP2ehk1v3gn2Rq.vbs
c:\windows\system32\Vf0vwVdM4zdcdXJ.vbs
c:\windows\system32\VN1HnJy.vbs
c:\windows\system32\w31xNzREiDnL85k.vbs
c:\windows\system32\Y5LHzU1iCBXdMwn.vbs
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
-------\Service_RkHit
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-20 17:43 . 2009-10-20 17:43 202240 ----a-w- c:\windows\system32\fontext32.dll
2009-10-20 17:20 . 2009-10-20 17:20 -------- d-----w- c:\program files\Trend Micro
2009-10-20 16:36 . 2009-10-20 16:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-19 21:11 . 2009-10-19 21:11 -------- d-----w- C:\VundoFix Backups
2009-10-19 20:44 . 2009-10-19 20:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 18:25 . 2009-10-20 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 18:25 . 2009-10-19 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-19 17:33 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-19 17:21 . 2009-10-19 17:21 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 17:18 . 2009-10-19 17:18 -------- d-----w- c:\program files\Lavasoft
2009-10-19 17:18 . 2009-10-19 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-19 16:46 . 2009-10-19 16:46 200192 ----a-w- c:\windows\system32\eappcfg32.dll
2009-10-18 07:53 . 2009-10-18 07:53 200192 ----a-w- c:\windows\system32\iassdo32.dll
2009-10-18 07:28 . 2009-10-18 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\eAcceleration
2009-10-18 07:28 . 2009-10-19 17:50 -------- d-----w- c:\program files\Common Files\eAcceleration
2009-10-18 07:28 . 2009-10-18 07:33 -------- d-----w- c:\program files\eAcceleration
2009-10-18 07:27 . 2009-10-19 17:51 -------- d-----w- c:\program files\StopSign
2009-10-17 20:46 . 2009-10-17 20:46 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-10-17 20:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-17 20:38 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-17 16:09 . 2009-10-17 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-17 06:42 . 2009-10-17 06:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-17 06:34 . 2009-10-17 06:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-17 06:31 . 2009-10-17 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-17 06:22 . 2009-07-08 12:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-17 06:22 . 2009-07-08 12:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-17 06:22 . 2009-07-08 12:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-17 06:22 . 2009-07-08 12:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-17 06:22 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-17 06:19 . 2009-10-17 06:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-17 06:19 . 2009-10-17 06:21 -------- d-----w- c:\program files\McAfee.com
2009-10-17 06:18 . 2009-10-18 07:39 -------- d-----w- c:\program files\McAfee
2009-10-16 22:35 . 2009-10-16 22:35 200192 ----a-w- c:\windows\system32\gptext32.dll
2009-10-16 21:12 . 2009-10-16 21:12 200192 ----a-w- c:\windows\system32\datime32.dll
2009-10-16 20:38 . 2009-07-08 12:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-16 20:23 . 2009-10-16 20:23 10752 ----a-w- c:\windows\DCEBoot.exe
2009-10-16 19:58 . 2009-10-16 19:58 200192 ----a-w- c:\windows\system32\ifsutil32.dll
2009-10-16 19:46 . 2009-10-16 19:46 200192 ----a-w- c:\windows\system32\els32.dll
2009-10-16 19:36 . 2009-10-16 19:36 -------- d-----w- c:\program files\CleanUp!
2009-10-16 18:25 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-16 18:25 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-16 14:12 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-16 13:57 . 2009-10-16 13:57 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-10-16 13:55 . 2009-10-16 13:55 -------- d-----w- c:\program files\Windows Defender
2009-10-16 13:46 . 2009-10-16 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-16 13:33 . 2009-10-17 08:21 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-10-16 13:32 . 2009-10-16 19:12 -------- d-----w- C:\Download
2009-10-15 19:32 . 2009-10-15 19:32 200192 ----a-w- c:\windows\system32\dpnmodem32.dll
2009-10-10 17:54 . 2009-10-21 20:14 -------- d-sh--w- c:\windows\system32\LocalService
2009-10-10 17:54 . 2009-10-10 17:54 122880 ----a-w- c:\windows\system32\fmifs32.dll
2009-10-10 15:25 . 2009-10-10 15:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 15:24 . 2009-10-10 15:24 -------- d-----w- c:\program files\Java
2009-10-10 15:24 . 2009-10-10 15:24 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-10 15:20 . 2009-10-20 17:20 -------- d-----w- c:\program files\LimeWire
2009-09-27 20:31 . 2009-09-27 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 17:42 . 2009-10-10 15:26 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-10-17 09:23 . 2009-08-14 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-17 07:47 . 2009-01-01 00:35 -------- d-----w- c:\program files\OpenOffice.org 2.0
2009-10-17 07:28 . 2009-08-14 09:56 -------- d-----w- c:\documents and settings\user\Application Data\OpenOffice.org2
2009-10-17 06:43 . 2009-09-15 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 17:29 . 2009-08-14 09:00 -------- d-----w- c:\program files\Internet Content Filter
2009-10-16 16:12 . 2007-11-14 07:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 08:32 . 2009-02-12 18:32 30240 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 21:31 . 2009-09-15 19:04 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo
2009-09-15 21:26 . 2009-09-15 21:26 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 21:25 . 2009-09-15 21:25 -------- d-----w- c:\program files\Microsoft.NET
2009-09-15 19:46 . 2009-09-15 19:46 -------- d-----w- c:\program files\MSECache
2009-08-05 09:01 . 1980-01-01 00:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44 . 1980-01-01 00:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 1980-01-01 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04292AF9-2B7A-475A-BD6B-29F7E7703184}]
2009-10-20 17:43 202240 ----a-w- c:\windows\system32\fontext32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"ZCfgSvc.exe"="c:\windows\System32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-11-11 88363]
"RegServer"="regserve.exe" - c:\windows\system32\RegServe.exe [2003-06-08 24576]
"TridentWatchDog"="twatdog.exe" - c:\windows\system32\TWatDog.exe [2003-06-08 53248]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-8-30 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\74651014687]
2009-10-10 17:54 122880 ----a-w- c:\windows\system32\fmifs32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 03:20 188482 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdocoms.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=
"c:\\WINDOWS\\system32\\lxdocfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdowbgw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19/10/2009 18:33 64288]
R2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [18/10/2009 08:28 113920]
R2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [18/10/2009 08:28 263504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1170768]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [14/08/2009 11:22 94208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [17/10/2009 07:30 203280]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 tridxp4;tridxp4;c:\windows\system32\drivers\tridxp4m.sys [02/06/2003 11:45 191488]
S1 dftcrdcw;dftcrdcw;\??\c:\windows\system32\drivers\dftcrdcw.sys --> c:\windows\system32\drivers\dftcrdcw.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [22/08/2008 19:56 7680]
.
Contents of the 'Scheduled Tasks' folder
2009-10-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:30]
2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-10-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-17 20:26]
2009-10-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-17 20:26]
2009-10-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.mg.bt.mail.yahoo.com/dc/launch?.partner=bt-1&.gx=0&.rand=9b9q61jvkhbnk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
Notify-__c00180EA - c:\windows\system32\__c00180EA.dat
Notify-__c0022A75 - c:\windows\system32\__c0022A75.dat
Notify-__c002BC58 - c:\windows\system32\__c002BC58.dat
Notify-__c004BEF8 - c:\windows\system32\__c004BEF8.dat
Notify-__c0057800 - c:\windows\system32\__c0057800.dat
Notify-__c0067FB1 - c:\windows\system32\__c0067FB1.dat
Notify-__c007E399 - c:\windows\system32\__c007E399.dat
Notify-__c009E254 - c:\windows\system32\__c009E254.dat
Notify-__c00D5E62 - c:\windows\system32\__c00D5E62.dat
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 21:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\GroupPolicy000.dat 1593 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\fmifs32.dll
c:\windows\System32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\S24EvMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdocoms.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\System32\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\System32\1XConfig.exe
c:\combofix\CF8170.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Apoint2K\Apntex.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-21 21:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 20:24
Pre-Run: 30,440,046,592 bytes free
Post-Run: 30,516,555,776 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\=Previous Operating System on C:
- - End Of File - - 04DA52B5F54FF9566E207653417F93D3
Hi GuyAB
PC did reboot before it produced the logfile.
it is normal :)
1 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
File::
c:\windows\system32\fontext32.dll
c:\windows\system32\eappcfg32.dll
c:\windows\system32\iassdo32.dll
c:\windows\system32\gptext32.dll
c:\windows\system32\datime32.dll
c:\windows\DCEBoot.exe
c:\windows\system32\ifsutil32.dll
c:\windows\system32\els32.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\fmifs32.dll
c:\windows\system32\drivers\dftcrdcw.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\74651014687]
Driver::
dftcrdcw
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
2 - Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
Thanks peku006
Hi Peku
Wow, that took some doing. Logs as requested.
------------------------------
ComboFix 09-10-21.02 - user 22/10/2009 21:08.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.92 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
FILE ::
"c:\windows\DCEBoot.exe"
"c:\windows\system32\datime32.dll"
"c:\windows\system32\dpnmodem32.dll"
"c:\windows\system32\drivers\dftcrdcw.sys"
"c:\windows\system32\eappcfg32.dll"
"c:\windows\system32\els32.dll"
"c:\windows\system32\fmifs32.dll"
"c:\windows\system32\fontext32.dll"
"c:\windows\system32\gptext32.dll"
"c:\windows\system32\iassdo32.dll"
"c:\windows\system32\ifsutil32.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Application Data\020000007e285c0a687C.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687O.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687P.manifest
c:\documents and settings\user\Application Data\020000007e285c0a687S.manifest
c:\windows\DCEBoot.exe
c:\windows\system32\datime32.dll
c:\windows\system32\dpnmodem32.dll
c:\windows\system32\eappcfg32.dll
c:\windows\system32\els32.dll
c:\windows\system32\fmifs32.dll
c:\windows\system32\fontext32.dll
c:\windows\system32\gptext32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\iassdo32.dll
c:\windows\system32\ifsutil32.dll
c:\windows\system32\LocalService\321.crack.zip
c:\windows\system32\LocalService\321.crack.zip.kwd
c:\windows\system32\LocalService\322.keygen.zip
c:\windows\system32\LocalService\322.keygen.zip.kwd
c:\windows\system32\LocalService\323.serial.zip
c:\windows\system32\LocalService\323.serial.zip.kwd
c:\windows\system32\LocalService\324.setup.zip
c:\windows\system32\LocalService\324.setup.zip.kwd
c:\windows\system32\LocalService\325.music.au
c:\windows\system32\LocalService\325.music.au.kwd
c:\windows\system32\LocalService\326.music2.au
c:\windows\system32\LocalService\326.music2.au.kwd
c:\windows\system32\LocalService\327.music3.au
c:\windows\system32\LocalService\327.music3.au.kwd
c:\windows\system32\LocalService\328.music4.au
c:\windows\system32\LocalService\328.music4.au.kwd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_dftcrdcw
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.
2009-10-22 19:09 . 2009-10-22 20:22 -------- d-sh--w- c:\windows\system32\LocalService
2009-10-20 17:20 . 2009-10-20 17:20 -------- d-----w- c:\program files\Trend Micro
2009-10-20 16:36 . 2009-10-20 16:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-19 21:11 . 2009-10-19 21:11 -------- d-----w- C:\VundoFix Backups
2009-10-19 20:44 . 2009-10-19 20:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 18:25 . 2009-10-20 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 18:25 . 2009-10-19 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-19 17:33 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-19 17:21 . 2009-10-19 17:21 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 17:18 . 2009-10-19 17:18 -------- d-----w- c:\program files\Lavasoft
2009-10-19 17:18 . 2009-10-19 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-18 07:28 . 2009-10-18 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\eAcceleration
2009-10-18 07:28 . 2009-10-19 17:50 -------- d-----w- c:\program files\Common Files\eAcceleration
2009-10-18 07:28 . 2009-10-18 07:33 -------- d-----w- c:\program files\eAcceleration
2009-10-18 07:27 . 2009-10-19 17:51 -------- d-----w- c:\program files\StopSign
2009-10-17 20:46 . 2009-10-17 20:46 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-10-17 20:38 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-17 20:38 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-17 16:09 . 2009-10-17 16:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-17 06:42 . 2009-10-17 06:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-17 06:34 . 2009-10-17 06:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-17 06:31 . 2009-10-17 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-10-17 06:22 . 2009-09-16 09:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-17 06:22 . 2009-09-16 09:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-17 06:22 . 2009-09-16 09:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-17 06:22 . 2009-09-16 09:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-17 06:22 . 2009-07-16 11:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-17 06:19 . 2009-10-17 06:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-17 06:19 . 2009-10-17 06:21 -------- d-----w- c:\program files\McAfee.com
2009-10-17 06:18 . 2009-10-22 19:38 -------- d-----w- c:\program files\McAfee
2009-10-16 20:38 . 2009-09-16 09:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-16 19:36 . 2009-10-16 19:36 -------- d-----w- c:\program files\CleanUp!
2009-10-16 18:25 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-16 18:25 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-16 14:12 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-16 13:57 . 2009-10-16 13:57 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-10-16 13:55 . 2009-10-16 13:55 -------- d-----w- c:\program files\Windows Defender
2009-10-16 13:46 . 2009-10-16 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-16 13:33 . 2009-10-17 08:21 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-10-16 13:32 . 2009-10-16 19:12 -------- d-----w- C:\Download
2009-10-10 15:26 . 2009-10-19 17:42 -------- d-----w- c:\documents and settings\user\Application Data\LimeWire
2009-10-10 15:25 . 2009-10-10 15:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 15:24 . 2009-10-10 15:24 -------- d-----w- c:\program files\Java
2009-10-10 15:20 . 2009-10-20 17:20 -------- d-----w- c:\program files\LimeWire
2009-09-27 20:31 . 2009-09-27 20:31 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 09:23 . 2009-08-14 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-17 07:47 . 2009-01-01 00:35 -------- d-----w- c:\program files\OpenOffice.org 2.0
2009-10-17 07:28 . 2009-08-14 09:56 -------- d-----w- c:\documents and settings\user\Application Data\OpenOffice.org2
2009-10-17 06:43 . 2009-09-15 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 17:29 . 2009-08-14 09:00 -------- d-----w- c:\program files\Internet Content Filter
2009-10-16 16:12 . 2007-11-14 07:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 08:32 . 2009-02-12 18:32 30240 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 21:31 . 2009-09-15 19:04 -------- d-----w- c:\documents and settings\user\Application Data\GetRightToGo
2009-09-15 21:26 . 2009-09-15 21:26 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 21:25 . 2009-09-15 21:25 -------- d-----w- c:\program files\Microsoft.NET
2009-09-15 19:46 . 2009-09-15 19:46 -------- d-----w- c:\program files\MSECache
2009-09-15 18:41 . 2009-09-15 18:40 -------- d-----w- c:\documents and settings\user\Application Data\OfficeUpdate12
2009-09-11 14:18 . 1980-01-01 00:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 07:57 . 2009-08-14 09:00 285200 ----a-w- c:\windows\sediag.exe
2009-08-30 21:01 . 2009-08-30 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2009-08-30 21:01 . 2009-08-30 21:01 -------- d-----w- c:\documents and settings\user\Application Data\Birdstep Technology
2009-08-30 21:00 . 2009-08-30 21:00 -------- d-----w- c:\program files\ZTE_MF6X6_USB_MODEM_1.2050.0.6
2009-08-30 21:00 . 2009-08-30 21:00 -------- d-----w- c:\program files\3
2009-08-29 08:08 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 1980-01-01 00:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 1980-01-01 00:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:44 . 1980-01-01 00:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 1980-01-01 00:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-21_20.14.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-14 06:46 . 2009-10-22 19:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-14 06:46 . 2009-10-21 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-14 06:46 . 2009-10-22 19:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-14 06:46 . 2009-10-21 17:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-10-20 16:36 . 2009-10-21 17:22 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-20 16:36 . 2009-10-22 19:10 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-22 19:22 . 2009-10-22 19:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-14 06:46 . 2009-10-21 17:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"ZCfgSvc.exe"="c:\windows\System32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-12-25 159744]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-11-11 88363]
"RegServer"="regserve.exe" - c:\windows\system32\RegServe.exe [2003-06-08 24576]
"TridentWatchDog"="twatdog.exe" - c:\windows\system32\TWatDog.exe [2003-06-08 53248]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-8-30 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 03:20 188482 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00180EA]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0022A75]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c002BC58]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c004BEF8]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0057800]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0067FB1]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c007E399]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c009E254]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00D5E62]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdocoms.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=
"c:\\WINDOWS\\system32\\lxdocfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdowbgw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 0298141256240844mcinstcleanup;McAfee Application Installer Cleanup (0298141256240844);c:\windows\TEMP\029814~1.EXE [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-22 7680]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-08-05 113920]
S2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2009-09-30 263504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-19 1170768]
S2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 589824]
S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe [2007-07-17 94208]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 tridxp4;tridxp4;c:\windows\system32\DRIVERS\tridxp4m.sys [2003-07-07 191488]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - 0298141256240844MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:30]
2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-10-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-17 11:22]
2009-10-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-17 11:22]
2009-10-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2009-10-22 c:\windows\Tasks\User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.mg.bt.mail.yahoo.com/dc/launch?.partner=bt-1&.gx=0&.rand=9b9q61jvkhbnk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{04292AF9-2B7A-475A-BD6B-29F7E7703184} - c:\windows\System32\fontext32.dll
Notify-__c0092E10 - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 21:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\LgNotify.dll
- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\S24EvMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\System32\1XConfig.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\System32\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\combofix\CF21601.exe
c:\progra~1\mcafee\msc\mcupdmgr.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\mcafee\msc\mcupdui.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 21:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 20:50
ComboFix2.txt 2009-10-21 20:24
Pre-Run: 30,285,262,848 bytes free
Post-Run: 30,280,372,224 bytes free
- - End Of File - - F11941247B7364057836082CF2E39EAB
--------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3013
Windows 5.1.2600 Service Pack 3
23/10/2009 06:14:04
mbam-log-2009-10-23 (06-13-18).txt
Scan type: Full Scan (C:\|)
Objects scanned: 138973
Time elapsed: 59 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00180ea (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0022a75 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002bc58 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004bef8 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0057800 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0067fb1 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007e399 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009e254 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d5e62 (Trojan.Vundo) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> No action taken.
Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\corpol32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\datime32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgsetup32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dpnmodem32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dsdmo32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dssec32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eappcfg32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\els32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gptext32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iassdo32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifsutil32.dll.vir (Trojan.Dropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c003772C.dat.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0092E10.dat.vir (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\user\Desktop\Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Cease.lnk (Rogue.SpywareCease) -> No action taken.
--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:14, on 23/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lexmark 9500 Series\lxdomon.exe
C:\Program Files\Lexmark 9500 Series\lxdoamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe
C:\WINDOWS\system32\lxdocoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.mg.bt.mail.yahoo.com/dc/launch?.partner=bt-1&.gx=0&.rand=9b9q61jvkhbnk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {04292AF9-2B7A-475A-BD6B-29F7E7703184} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [lxdomon.exe] "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"
O4 - HKLM\..\Run: [lxdoamon] "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230769901637
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: 74651014687 - C:\WINDOWS\
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\
O20 - Winlogon Notify: __c00180EA - C:\WINDOWS\
O20 - Winlogon Notify: __c0022A75 - C:\WINDOWS\
O20 - Winlogon Notify: __c002BC58 - C:\WINDOWS\
O20 - Winlogon Notify: __c004BEF8 - C:\WINDOWS\
O20 - Winlogon Notify: __c0057800 - C:\WINDOWS\
O20 - Winlogon Notify: __c0067FB1 - C:\WINDOWS\
O20 - Winlogon Notify: __c007E399 - C:\WINDOWS\
O20 - Winlogon Notify: __c0092E10 - C:\WINDOWS\
O20 - Winlogon Notify: __c009E254 - C:\WINDOWS\
O20 - Winlogon Notify: __c00D5E62 - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0298141256240844) (0298141256240844mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\029814~1.EXE (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdoCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe
O23 - Service: lxdo_device - - C:\WINDOWS\system32\lxdocoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 9610 bytes
Hi GuyAB
CKScanner
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop. Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Thanks peku006
Hi Peku,
This laptop is already behaving so much better.
------------------------------------------------
CKScanner - Additional Security Risks - These are not necessarily bad
c:\qoobox\quarantine\c\windows\system32\localservice\313.crack.zip.kwd.vir
c:\qoobox\quarantine\c\windows\system32\localservice\313.crack.zip.vir
c:\qoobox\quarantine\c\windows\system32\localservice\314.keygen.zip.kwd.vir
c:\qoobox\quarantine\c\windows\system32\localservice\314.keygen.zip.vir
c:\qoobox\quarantine\c\windows\system32\localservice\321.crack.zip.kwd.vir
c:\qoobox\quarantine\c\windows\system32\localservice\321.crack.zip.vir
c:\qoobox\quarantine\c\windows\system32\localservice\322.keygen.zip.kwd.vir
c:\qoobox\quarantine\c\windows\system32\localservice\322.keygen.zip.vir
scanner sequence 3.CE.11
----- EOF -----
Hi GuyAB
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
First you need to rerun MBAM, you did not let it clean what it found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00180ea (Trojan.Vundo) -> No action taken.
1 - Run Malwarebytes' Anti-Malware
Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Download and run OTS
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.
NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).
Attach the OTS log in your next replies.. Don't post it.. It will be too large to fit into a single post..
Thanks peku006
Hi Peku
Here goes with last requested.
-----------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 3025
Windows 5.1.2600 Service Pack 3
25/10/2009 06:28:03
mbam-log-2009-10-25 (06-28-03).txt
Scan type: Full Scan (C:\|)
Objects scanned: 143349
Time elapsed: 1 hour(s), 13 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00180ea (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0022a75 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002bc58 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c004bef8 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0057800 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0067fb1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007e399 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0092e10 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009e254 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d5e62 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------
[code]
OTS logfile created on: 25/10/2009 06:39:42 - Run 1
OTS by OldTimer - Version 3.0.24.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
511.34 Mb Total Physical Memory | 85.15 Mb Available Physical Memory | 16.65% Memory free
1.72 Gb Paging File | 0.98 Gb Available in Paging File | 57.20% Paging File free
Paging file location(s): C:\pagefile.sys 1280 2560 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 26.80 Gb Free Space | 71.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PORTEGE-R100
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\user\Desktop\OTS.exe -> [2009/10/25 06:38:14 | 00,521,728 | ---- | M] (OldTimer Tools)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/10 15:24:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/10/10 15:24:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
eac_productsvc.exe -> C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -> [2009/09/30 18:36:23 | 00,263,504 | ---- | M] (eAcceleration Corp)
mcupdmgr.exe -> c:\Program Files\McAfee\MSC\mcupdmgr.exe -> [2009/09/17 13:29:04 | 00,806,008 | ---- | M] (McAfee, Inc.)
mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcinsupd.exe -> c:\program files\mcafee\virusscan\mcinsupd.exe -> [2009/09/16 08:28:38 | 00,192,016 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.)
eac_svc.exe -> C:\Program Files\eAcceleration\Framework\eac_svc.exe -> [2009/08/05 17:54:42 | 00,113,920 | ---- | M] (eAcceleration Corp)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
mcupdui.exe -> c:\Program Files\McAfee\MSC\mcupdui.exe -> [2009/07/09 23:26:20 | 00,378,088 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe -> [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/01/23 09:46:14 | 00,203,280 | ---- | M] ()
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)
autoupdatesrv.exe -> C:\Program Files\3\3Connect\AutoUpdateSrv.exe -> [2008/09/24 09:33:00 | 00,479,232 | ---- | M] (Birdstep Technology)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
wscntfy.exe -> C:\WINDOWS\System32\wscntfy.exe -> [2008/04/14 00:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation)
msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
lxdocoms.exe -> C:\WINDOWS\System32\lxdocoms.exe -> [2007/09/20 15:05:06 | 00,589,824 | ---- | M] ( )
lxdoamon.exe -> C:\Program Files\Lexmark 9500 Series\lxdoamon.exe -> [2007/08/10 01:11:54 | 00,020,480 | ---- | M] ()
lxdoserv.exe -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe -> [2007/07/17 07:26:04 | 00,094,208 | ---- | M] (Lexmark International, Inc.)
tosbtsrv.exe -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> C:\WINDOWS\System32\ZCfgSvc.exe -> [2006/08/03 03:19:18 | 00,639,040 | ---- | M] (Intel Corporation)
s24evmon.exe -> C:\WINDOWS\System32\S24EvMon.exe -> [2006/08/03 03:16:08 | 00,426,051 | ---- | M] (Intel Corporation )
1xconfig.exe -> C:\WINDOWS\System32\1XConfig.exe -> [2006/08/03 03:14:14 | 00,389,186 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\WINDOWS\System32\RegSrvc.exe -> [2006/08/03 03:13:32 | 00,122,880 | ---- | M] (Intel Corporation)
agrsmmsg.exe -> C:\WINDOWS\AGRSMMSG.exe -> [2004/11/11 10:00:34 | 00,088,363 | ---- | M] (Agere Systems)
smax4pnp.exe -> C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe -> [2004/04/01 10:52:06 | 01,368,064 | ---- | M] (Analog Devices, Inc.)
twatdog.exe -> C:\WINDOWS\System32\twatdog.exe -> [2003/06/08 19:03:22 | 00,053,248 | ---- | M] ()
apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2002/12/25 16:38:28 | 00,159,744 | R--- | M] (Alps Electric Co., Ltd.)
smagent.exe -> C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -> [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.)
apntex.exe -> C:\Program Files\Apoint2K\Apntex.exe -> [2001/07/13 12:44:24 | 00,032,768 | R--- | M] (Alps Electric Co., Ltd.)
[Win32 Services - Safe List]
(0298141256240844mcinstcleanup) McAfee Application Installer Cleanup (0298141256240844) [Win32_Own | Auto | Stopped] -> -> File not found
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/10/10 15:24:54 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(eac_productsvc) eAcceleration Product Manager Service [Win32_Own | Auto | Running] -> C:\Program Files\eAcceleration\Framework\eac_productsvc.exe -> [2009/09/30 18:36:23 | 00,263,504 | ---- | M] (eAcceleration Corp)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.)
(fsssvc) Windows Live Family Safety Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\Family Safety\fsssvc.exe -> [2009/08/05 21:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation)
(eac_notifysvc) eAcceleration Notification Service [Win32_Shared | Auto | Running] -> C:\Program Files\eAcceleration\Framework\eac_svc.exe -> [2009/08/05 17:54:42 | 00,113,920 | ---- | M] (eAcceleration Corp)
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
(wlidsvc) Windows Live ID Sign-in Assistant [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/01/23 09:46:14 | 00,203,280 | ---- | M] ()
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/01/14 16:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(lxdo_device) lxdo_device [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\lxdocoms.exe -> [2007/09/20 15:05:06 | 00,589,824 | ---- | M] ( )
(lxdoCATSCustConnectService) lxdoCATSCustConnectService [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe -> [2007/07/17 07:26:04 | 00,094,208 | ---- | M] (Lexmark International, Inc.)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION)
(WinDefend) Windows Defender [Win32_Own | Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\S24EvMon.exe -> [2006/08/03 03:16:08 | 00,426,051 | ---- | M] (Intel Corporation )
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\RegSrvc.exe -> [2006/08/03 03:13:32 | 00,122,880 | ---- | M] (Intel Corporation)
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Intel\NCS\Sync\NetSvc.exe -> [2003/04/29 14:29:54 | 00,139,264 | ---- | M] (Intel(R) Corporation)
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -> [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.)
[Driver Services - Safe List]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -> [2009/08/05 21:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation)
(MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\Mpfp.sys -> [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.)
(ZTEusbser6k) ZTE Diagnostic Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys -> [2008/08/22 18:56:54 | 00,104,960 | ---- | M] (ZTE Incorporated)
(ZTEusbnmea) ZTE NMEA Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys -> [2008/08/22 18:56:50 | 00,104,960 | ---- | M] (ZTE Incorporated)
(ZTEusbmdm6k) ZTE Proprietary USB Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys -> [2008/08/22 18:56:36 | 00,104,960 | ---- | M] (ZTE Incorporated)
(massfilter) ZTE Mass Storage Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\massfilter.sys -> [2008/08/22 18:56:28 | 00,007,680 | ---- | M] (ZTE Incorporated)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\e100b325.sys -> [2007/11/16 19:55:00 | 00,165,496 | ---- | M] (Intel Corporation)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\AegisP.sys -> [2007/11/14 08:18:31 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(mdvrmng) Mobile IP Route Manager [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\mdvrmng.sys -> [2007/05/28 17:00:22 | 00,010,240 | ---- | M] ()
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\s24trans.sys -> [2006/08/03 13:11:32 | 00,010,970 | ---- | M] (Intel Corporation)
(w70n51) Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\w70n51.sys -> [2006/07/13 12:33:08 | 00,674,560 | R--- | M] (Intel® Corporation)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\AGRSM.sys -> [2004/11/11 10:00:32 | 01,265,388 | R--- | M] (Agere Systems)
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\aeaudio.sys -> [2004/11/11 09:33:46 | 00,116,176 | ---- | M] (Andrea Electronics Corporation)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\smwdm.sys -> [2004/06/23 10:42:46 | 00,266,880 | ---- | M] (Analog Devices, Inc.)
(tridxp4) tridxp4 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tridxp4m.sys -> [2003/07/07 22:00:58 | 00,191,488 | ---- | M] (Trident Microsystems Inc.)
(tsdhd) TOSHIBA SD Card Host Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\tsdhd.sys -> [2003/02/10 18:27:12 | 00,025,888 | ---- | M] (TOSHIBA Corporation)
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -> [2002/12/13 02:41:48 | 00,099,577 | R--- | M] (Alps Electric Co., Ltd.)
(TVALD) Toshiba ACPI-Based Value Added Logical Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\TVALD.SYS -> [2002/06/20 23:53:28 | 00,005,300 | ---- | M] (Toshiba Corporation)
(TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\TVALG.SYS -> [2001/09/13 19:53:02 | 00,005,936 | ---- | M] (TOSHIBA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2001/08/18 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\user\Desktop\OTS.exe -> [2009/10/25 06:38:14 | 00,521,728 | ---- | M] (OldTimer Tools)
sahook.dll -> C:\Program Files\McAfee\SiteAdvisor\saHook.dll -> [2009/01/23 09:46:18 | 00,013,840 | ---- | M] ()
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: Main\\"XMLHTTP_UUID_Default" -> F9 2A 29 04 7A 2B 5A 47 BD 6B 29 F7 E7 70 31 84 [binary data] ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: Main\\"XMLHTTP_UUID_Default" -> F9 2A 29 04 7A 2B 5A 47 BD 6B 29 F7 E7 70 31 84 [binary data] ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"XMLHTTP_UUID_Default" -> F9 2A 29 04 7A 2B 5A 47 BD 6B 29 F7 E7 70 31 84 [binary data] ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"XMLHTTP_UUID_Default" -> F9 2A 29 04 7A 2B 5A 47 BD 6B 29 F7 E7 70 31 84 [binary data] ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: Main\\"Page_Transitions" -> 1 ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: Main\\"Start Page" -> http://forums.spybot.info/showthread.php?t=52738 ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: Main\\"XMLHTTP_UUID_Default" -> F9 2A 29 04 7A 2B 5A 47 BD 6B 29 F7 E7 70 31 84 [binary data] ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/25 19:56:06 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/10/10 15:24:55 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\PROGRAM FILES\MCAFEE\SITEADVISOR [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/10/18 07:38:00 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{04292AF9-2B7A-475A-BD6B-29F7E7703184} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [2001/04/16 16:39:02 | 00,037,808 | ---- | M] ()
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [Search Helper] -> [2009/01/14 16:49:24 | 00,092,504 | ---- | M] (Microsoft Corp.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 09:22:16 | 00,062,784 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper] -> [2009/03/30 15:31:54 | 00,403,824 | ---- | M] (Microsoft Corporation)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2009/01/29 11:27:02 | 00,145,424 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/10 15:24:54 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/10/10 15:24:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/01/29 11:27:02 | 00,145,424 | ---- | M] ()
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"000StTHK" -> C:\WINDOWS\System32\000StTHK.exe [000StTHK.exe] -> [2001/06/23 20:28:06 | 00,024,576 | ---- | M] ()
"AGRSMMSG" -> C:\WINDOWS\agrsmmsg.exe [AGRSMMSG.exe] -> [2004/11/11 10:00:34 | 00,088,363 | ---- | M] (Agere Systems)
"Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2002/12/25 16:38:28 | 00,159,744 | R--- | M] (Alps Electric Co., Ltd.)
"lxdoamon" -> C:\Program Files\Lexmark 9500 Series\lxdoamon.exe ["C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"] -> [2007/08/10 01:11:54 | 00,020,480 | ---- | M] ()
"lxdomon.exe" -> C:\Program Files\Lexmark 9500 Series\lxdomon.exe ["C:\Program Files\Lexmark 9500 Series\lxdomon.exe"] -> [2007/09/06 15:38:58 | 00,450,560 | ---- | M] ()
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 13:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.)
"PRONoMgr.exe" -> C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] -> [2005/07/07 06:08:00 | 00,135,168 | ---- | M] (Intel(R) Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 16:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RegServer" -> C:\WINDOWS\System32\RegServe.exe [regserve.exe] -> [2003/06/08 18:48:22 | 00,024,576 | ---- | M] ()
"SoundMAXPnP" -> C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> [2004/04/01 10:52:06 | 01,368,064 | ---- | M] (Analog Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/10 15:24:54 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"TridentWatchDog" -> C:\WINDOWS\System32\TWatDog.exe [twatdog.exe] -> [2003/06/08 19:03:22 | 00,053,248 | ---- | M] ()
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation)
"ZCfgSvc.exe" -> C:\WINDOWS\System32\ZCfgSvc.exe [C:\WINDOWS\System32\ZCfgSvc.exe] -> [2006/08/03 03:19:18 | 00,639,040 | ---- | M] (Intel Corporation)
< Run [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"MSMSGS" -> C:\Program Files\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Update Agent.lnk -> C:\Program Files\3\3Connect\AutoUpdateSrv.exe -> [2008/09/24 09:33:00 | 00,479,232 | ---- | M] (Birdstep Technology)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< user Startup Folder > -> C:\Documents and Settings\user\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20
\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009/04/03 17:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/07/26 19:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/07/26 19:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 06:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 06:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 03:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [Reg Error: Value error.] -> [2001/08/01 17:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 729 domain(s) found. ->
39 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230769901637 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{B9E0224C-C7EE-45AB-9E28-184C1B4D0085}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
74651014687 -> Reg Error: Value error. -> File not found
Antiwpa -> Reg Error: Value error. -> File not found
Sebring -> C:\WINDOWS\System32\LgNotify.dll -> [2006/08/03 03:20:40 | 00,188,482 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 18:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation)
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 21:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Lexmark 9500 Series\lxdomon.exe" -> C:\Program Files\Lexmark 9500 Series\lxdomon.exe [C:\Program Files\Lexmark 9500 Series\lxdomon.exe:*:Enabled:Printer Device Monitor] -> [2007/09/06 15:38:58 | 00,450,560 | ---- | M] ()
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 21:16:44 | 01,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009/07/26 11:05:30 | 01,169,224 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lxdocfg.exe" -> C:\WINDOWS\System32\lxdocfg.exe [C:\WINDOWS\system32\lxdocfg.exe:*:Enabled:Printer Communication System] -> [2007/09/20 15:05:48 | 00,360,448 | ---- | M] ( )
"C:\WINDOWS\system32\lxdocoms.exe" -> C:\WINDOWS\System32\lxdocoms.exe [C:\WINDOWS\system32\lxdocoms.exe:*:Enabled:9500 Series Server] -> [2007/09/20 15:05:06 | 00,589,824 | ---- | M] ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdojswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdojswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdojswx.exe:*:Enabled:Job Status Window Interface] -> [2007/09/18 01:25:32 | 00,393,216 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdopswx.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdopswx.exe:*:Enabled:Printer Status Window Interface] -> [2007/09/18 01:26:26 | 00,290,816 | ---- | M] ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdotime.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdotime.exe:*:Enabled:Lexmark Connect Time Executable] -> [2007/07/17 07:26:38 | 00,077,824 | ---- | M] (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdowbgw.exe" -> C:\WINDOWS\System32\spool\drivers\w32x86\3\lxdowbgw.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdowbgw.exe:*:Enabled:Lexmark Web Gateway] -> [2007/07/17 07:25:48 | 00,135,168 | ---- | M] ()
"C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\System32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2008/04/14 00:12:25 | 00,245,248 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [c:\smartdrv.exe /q | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/26 10:17:06 | 00,000,020 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\user\Desktop\OTS.exe -> [2009/10/25 06:36:01 | 00,521,728 | ---- | C] (OldTimer Tools)
microsoft -> C:\Documents and Settings\All Users\Documents\microsoft -> [2009/10/25 06:31:02 | 00,000,000 | ---D | C]
LastGood -> C:\WINDOWS\LastGood -> [2009/10/24 17:08:16 | 00,000,000 | ---D | C]
Windows Search -> C:\Documents and Settings\user\Application Data\Windows Search -> [2009/10/24 16:51:13 | 00,000,000 | ---D | C]
fssfltr_tdi.sys -> C:\WINDOWS\System32\drivers\fssfltr_tdi.sys -> [2009/10/24 06:42:22 | 00,054,752 | ---- | C] (Microsoft Corporation)
Microsoft Sync Framework -> C:\Program Files\Microsoft Sync Framework -> [2009/10/24 06:41:02 | 00,000,000 | ---D | C]
d3dx9_32.dll -> C:\WINDOWS\System32\d3dx9_32.dll -> [2009/10/24 06:39:20 | 03,426,072 | ---- | C] (Microsoft Corporation)
Microsoft SQL Server Compact Edition -> C:\Program Files\Microsoft SQL Server Compact Edition -> [2009/10/24 06:39:06 | 00,000,000 | ---D | C]
Windows Live SkyDrive -> C:\Program Files\Windows Live SkyDrive -> [2009/10/24 06:36:36 | 00,000,000 | ---D | C]
Windows Live -> C:\Program Files\Windows Live -> [2009/10/24 06:35:55 | 00,000,000 | ---D | C]
Windows Live -> C:\Program Files\Common Files\Windows Live -> [2009/10/24 06:27:14 | 00,000,000 | ---D | C]
Microsoft -> C:\Program Files\Microsoft -> [2009/10/24 06:25:22 | 00,000,000 | ---D | C]
windowspowershell -> C:\WINDOWS\System32\windowspowershell -> [2009/10/24 06:04:18 | 00,000,000 | ---D | C]
Windows Desktop Search -> C:\Documents and Settings\user\Application Data\Windows Desktop Search -> [2009/10/24 06:03:42 | 00,000,000 | ---D | C]
Windows Desktop Search -> C:\Program Files\Windows Desktop Search -> [2009/10/24 06:02:18 | 00,000,000 | ---D | C]
GroupPolicy -> C:\WINDOWS\System32\GroupPolicy -> [2009/10/24 06:02:17 | 00,000,000 | ---D | C]
nlhtml.dll -> C:\WINDOWS\System32\dllcache\nlhtml.dll -> [2009/10/24 06:01:08 | 00,098,304 | ---- | C] (Microsoft Corporation)
mimefilt.dll -> C:\WINDOWS\System32\dllcache\mimefilt.dll -> [2009/10/24 06:01:08 | 00,029,696 | ---- | C] (Microsoft Corporation)
offfilt.dll -> C:\WINDOWS\System32\dllcache\offfilt.dll -> [2009/10/24 06:01:07 | 00,192,000 | ---- | C] (Microsoft Corporation)
spmsg.dll -> C:\WINDOWS\System32\spmsg.dll -> [2009/10/24 06:00:37 | 00,016,760 | ---- | C] (Microsoft Corporation)
wmpns.dll -> C:\WINDOWS\System32\wmpns.dll -> [2009/10/24 05:59:49 | 00,221,184 | ---- | C] (Microsoft Corporation)
Windows Media Connect 2 -> C:\Program Files\Windows Media Connect 2 -> [2009/10/24 05:59:19 | 00,000,000 | ---D | C]
UMDF -> C:\WINDOWS\System32\drivers\UMDF -> [2009/10/24 05:55:09 | 00,000,000 | ---D | C]
URTTEMP -> C:\WINDOWS\System32\URTTEMP -> [2009/10/24 05:50:59 | 00,000,000 | ---D | C]
iecompat.dll -> C:\WINDOWS\System32\dllcache\iecompat.dll -> [2009/10/24 05:48:47 | 00,100,352 | ---- | C] (Microsoft Corporation)
Malwarebytes -> C:\Documents and Settings\user\Application Data\Malwarebytes -> [2009/10/22 21:03:39 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/10/22 21:03:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/10/22 21:03:09 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/10/22 21:03:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/22 21:03:06 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\user\Desktop\mbam-setup.exe -> [2009/10/22 19:22:16 | 04,045,544 | ---- | C] (Malwarebytes Corporation )
cmdcons -> C:\cmdcons -> [2009/10/21 19:56:13 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/10/21 18:08:45 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/10/21 18:08:45 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/10/21 18:08:45 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/10/21 18:08:45 | 00,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2009/10/21 18:08:30 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/10/21 18:07:49 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/20 17:20:44 | 00,000,000 | ---D | C]
HJTInstall.exe -> C:\Documents and Settings\user\Desktop\HJTInstall.exe -> [2009/10/20 17:17:59 | 00,812,344 | ---- | C] (Trend Micro Inc.)
VundoFix Backups -> C:\VundoFix Backups -> [2009/10/19 21:11:07 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/10/19 18:25:02 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/10/19 18:25:02 | 00,000,000 | ---D | C]
Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2009/10/19 17:18:43 | 00,000,000 | ---D | C]
eAcceleration -> C:\Documents and Settings\All Users\Application Data\eAcceleration -> [2009/10/18 07:28:16 | 00,000,000 | ---D | C]
eAcceleration -> C:\Program Files\Common Files\eAcceleration -> [2009/10/18 07:28:13 | 00,000,000 | ---D | C]
eAcceleration -> C:\Program Files\eAcceleration -> [2009/10/18 07:28:02 | 00,000,000 | ---D | C]
StopSign -> C:\Program Files\StopSign -> [2009/10/18 07:27:39 | 00,000,000 | ---D | C]
IECompatCache -> C:\Documents and Settings\user\IECompatCache -> [2009/10/17 20:46:30 | 00,000,000 | -HSD | C]
ptpusb.dll -> C:\WINDOWS\System32\ptpusb.dll -> [2009/10/17 20:38:56 | 00,005,632 | ---- | C] (Microsoft Corporation)
ptpusd.dll -> C:\WINDOWS\System32\ptpusd.dll -> [2009/10/17 20:38:44 | 00,159,232 | ---- | C] (Microsoft Corporation)
appmgmt -> C:\WINDOWS\System32\appmgmt -> [2009/10/17 07:49:01 | 00,000,000 | ---D | C]
Microsoft CAPICOM 2.1.0.2 -> C:\Program Files\Microsoft CAPICOM 2.1.0.2 -> [2009/10/17 06:42:44 | 00,000,000 | ---D | C]
SiteAdvisor -> C:\Documents and Settings\All Users\Application Data\SiteAdvisor -> [2009/10/17 06:31:23 | 00,000,000 | ---D | C]
mfeavfk.sys -> C:\WINDOWS\System32\drivers\mfeavfk.sys -> [2009/10/17 06:22:36 | 00,079,816 | ---- | C] (McAfee, Inc.)
mfesmfk.sys -> C:\WINDOWS\System32\drivers\mfesmfk.sys -> [2009/10/17 06:22:36 | 00,040,552 | ---- | C] (McAfee, Inc.)
mfebopk.sys -> C:\WINDOWS\System32\drivers\mfebopk.sys -> [2009/10/17 06:22:36 | 00,035,272 | ---- | C] (McAfee, Inc.)
mfehidk.sys -> C:\WINDOWS\System32\drivers\mfehidk.sys -> [2009/10/17 06:22:35 | 00,214,664 | ---- | C] (McAfee, Inc.)
Mpfp.sys -> C:\WINDOWS\System32\drivers\Mpfp.sys -> [2009/10/17 06:22:22 | 00,120,136 | ---- | C] (McAfee, Inc.)
McAfee -> C:\Program Files\Common Files\McAfee -> [2009/10/17 06:19:47 | 00,000,000 | ---D | C]
McAfee.com -> C:\Program Files\McAfee.com -> [2009/10/17 06:19:37 | 00,000,000 | ---D | C]
McAfee -> C:\Program Files\McAfee -> [2009/10/17 06:18:10 | 00,000,000 | ---D | C]
mferkdk.sys -> C:\WINDOWS\System32\drivers\mferkdk.sys -> [2009/10/16 20:38:50 | 00,034,248 | ---- | C] (McAfee, Inc.)
CleanUp! -> C:\Program Files\CleanUp! -> [2009/10/16 19:36:26 | 00,000,000 | ---D | C]
CSC -> C:\WINDOWS\CSC -> [2009/10/16 19:19:28 | 00,000,000 | -HSD | C]
muweb.dll -> C:\WINDOWS\System32\muweb.dll -> [2009/10/16 18:25:37 | 00,208,744 | ---- | C] (Microsoft Corporation)
mucltui.dll.mui -> C:\WINDOWS\System32\mucltui.dll.mui -> [2009/10/16 18:25:37 | 00,027,496 | ---- | C] (Microsoft Corporation)
mucltui.dll -> C:\WINDOWS\System32\mucltui.dll -> [2009/10/16 18:25:36 | 00,268,648 | ---- | C] (Microsoft Corporation)
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2009/10/16 14:12:10 | 00,195,440 | ---- | C] (Microsoft Corporation)
PCHealth -> C:\Documents and Settings\user\Local Settings\Application Data\PCHealth -> [2009/10/16 13:57:34 | 00,000,000 | ---D | C]
Windows Defender -> C:\Program Files\Windows Defender -> [2009/10/16 13:55:23 | 00,000,000 | ---D | C]
pgdfgsvc.exe -> C:\WINDOWS\System32\pgdfgsvc.exe -> [2009/10/16 13:33:50 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com)
Download -> C:\Download -> [2009/10/16 13:32:16 | 00,000,000 | ---D | C]
LimeWire -> C:\Documents and Settings\user\My Documents\LimeWire -> [2009/10/10 15:27:22 | 00,000,000 | ---D | C]
Mozilla -> C:\Documents and Settings\user\Application Data\Mozilla -> [2009/10/10 15:26:48 | 00,000,000 | ---D | C]
LimeWire -> C:\Documents and Settings\user\Application Data\LimeWire -> [2009/10/10 15:26:00 | 00,000,000 | ---D | C]
Java -> C:\Program Files\Java -> [2009/10/10 15:24:49 | 00,000,000 | ---D | C]
Sun -> C:\Documents and Settings\user\Application Data\Sun -> [2009/10/10 15:20:51 | 00,000,000 | ---D | C]
LimeWire -> C:\Program Files\LimeWire -> [2009/10/10 15:20:42 | 00,000,000 | ---D | C]
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2009/09/27 20:31:25 | 00,000,000 | ---D | C]
lxdoserv.dll -> C:\WINDOWS\System32\lxdoserv.dll -> [2009/08/14 10:14:50 | 01,069,056 | ---- | C] ( )
lxdousb1.dll -> C:\WINDOWS\System32\lxdousb1.dll -> [2009/08/14 10:14:50 | 00,954,368 | ---- | C] ( )
lxdohcp.dll -> C:\WINDOWS\System32\lxdohcp.dll -> [2009/08/14 10:14:50 | 00,438,272 | ---- | C] ( )
lxdoinpa.dll -> C:\WINDOWS\System32\lxdoinpa.dll -> [2009/08/14 10:14:50 | 00,360,448 | ---- | C] ( )
lxdoiesc.dll -> C:\WINDOWS\System32\lxdoiesc.dll -> [2009/08/14 10:14:50 | 00,339,968 | ---- | C] ( )
lxdohbn3.dll -> C:\WINDOWS\System32\lxdohbn3.dll -> [2009/08/14 10:14:49 | 00,663,552 | ---- | C] ( )
lxdopmui.dll -> C:\WINDOWS\System32\lxdopmui.dll -> [2009/08/14 10:14:49 | 00,643,072 | ---- | C] ( )
lxdolmpm.dll -> C:\WINDOWS\System32\lxdolmpm.dll -> [2009/08/14 10:14:49 | 00,569,344 | ---- | C] ( )
lxdoprox.dll -> C:\WINDOWS\System32\lxdoprox.dll -> [2009/08/14 10:14:49 | 00,053,248 | ---- | C] ( )
lxdocomc.dll -> C:\WINDOWS\System32\lxdocomc.dll -> [2009/08/14 10:14:48 | 00,851,968 | ---- | C] ( )
lxdocomm.dll -> C:\WINDOWS\System32\lxdocomm.dll -> [2009/08/14 10:14:48 | 00,364,544 | ---- | C] ( )
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
[Files/Folders - Modified Within 30 Days]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/10/25 06:42:52 | 00,001,393 | ---- | M] ()
OTS.exe -> C:\Documents and Settings\user\Desktop\OTS.exe -> [2009/10/25 06:38:14 | 00,521,728 | ---- | M] (OldTimer Tools)
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/10/25 06:25:44 | 00,462,628 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/10/25 06:25:44 | 00,078,806 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/10/25 06:25:43 | 00,540,522 | ---- | M] ()
User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job -> [2009/10/25 06:19:50 | 00,000,420 | -H-- | M] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2009/10/24 16:49:00 | 00,000,330 | -H-- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/10/24 16:46:38 | 00,013,646 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/10/24 16:45:02 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/10/24 16:44:56 | 00,002,048 | --S- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/10/24 16:44:50 | 00,157,160 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/10/24 06:26:51 | 00,030,240 | ---- | M] ()
Windows Search.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> [2009/10/24 06:02:47 | 00,001,787 | ---- | M] ()
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2009/10/24 06:00:15 | 00,023,392 | ---- | M] ()
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2009/10/24 06:00:15 | 00,016,832 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/10/24 05:59:54 | 00,000,533 | ---- | M] ()
MsftWdf_user_01_00_00.Wdf -> C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/10/24 05:55:24 | 00,000,000 | -H-- | M] ()
CKScanner.exe -> C:\Documents and Settings\user\Desktop\CKScanner.exe -> [2009/10/24 05:14:47 | 00,440,832 | ---- | M] ()
Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2009/10/24 05:11:46 | 00,008,881 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\user\ntuser.ini -> [2009/10/23 21:39:40 | 00,000,178 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\user\NTUSER.DAT -> [2009/10/23 21:39:39 | 03,407,872 | -H-- | M] ()
IconCache.db -> C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db -> [2009/10/23 17:30:53 | 05,348,594 | -H-- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/22 21:03:19 | 00,000,696 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/10/22 20:46:18 | 00,000,472 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/10/22 20:34:10 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/10/22 20:31:43 | 00,000,027 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\user\Desktop\mbam-setup.exe -> [2009/10/22 19:13:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation )
boot.ini -> C:\boot.ini -> [2009/10/21 19:56:21 | 00,000,318 | RHS- | M] ()
ComboFix.exe -> C:\Documents and Settings\user\Desktop\ComboFix.exe -> [2009/10/21 17:53:54 | 03,351,153 | R--- | M] ()
HijackThis.lnk -> C:\Documents and Settings\user\Desktop\HijackThis.lnk -> [2009/10/20 17:20:47 | 00,001,734 | ---- | M] ()
HJTInstall.exe -> C:\Documents and Settings\user\Desktop\HJTInstall.exe -> [2009/10/20 17:05:38 | 00,812,344 | ---- | M] (Trend Micro Inc.)
scud.udf -> C:\WINDOWS\System32\scud.udf -> [2009/10/19 19:58:52 | 00,000,042 | ---- | M] ()
pgdfgsvc.exe -> C:\WINDOWS\System32\pgdfgsvc.exe -> [2009/10/17 08:21:13 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com)
McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2009/10/17 06:21:25 | 00,000,338 | ---- | M] ()
McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2009/10/17 06:21:22 | 00,000,316 | ---- | M] ()
wpa.bak -> C:\WINDOWS\System32\wpa.bak -> [2009/10/16 19:32:02 | 00,013,646 | ---- | M] ()
crash.dmp -> C:\crash.dmp -> [2009/10/16 14:38:57 | 00,053,806 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/10/16 13:46:08 | 00,000,284 | ---- | M] ()
housecall.guid.cache -> C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache -> [2009/10/16 13:41:40 | 00,000,036 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/10/11 07:10:09 | 00,236,544 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/10/02 10:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation)
MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2009/10/01 09:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation)
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
[Files - No Company Name]
Windows Search.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> [2009/10/24 06:02:47 | 00,001,787 | ---- | C] ()
MsftWdf_user_01_00_00.Wdf -> C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2009/10/24 05:55:24 | 00,000,000 | -H-- | C] ()
CKScanner.exe -> C:\Documents and Settings\user\Desktop\CKScanner.exe -> [2009/10/24 05:14:33 | 00,440,832 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/22 21:03:19 | 00,000,696 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2009/10/21 19:56:21 | 00,000,247 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/10/21 19:56:17 | 00,260,272 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/10/21 18:08:45 | 00,236,544 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2009/10/21 18:08:45 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/10/21 18:08:45 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/10/21 18:08:45 | 00,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\user\Desktop\ComboFix.exe -> [2009/10/21 18:03:28 | 03,351,153 | R--- | C] ()
HijackThis.lnk -> C:\Documents and Settings\user\Desktop\HijackThis.lnk -> [2009/10/20 17:20:45 | 00,001,734 | ---- | C] ()
scud.udf -> C:\WINDOWS\System32\scud.udf -> [2009/10/19 19:58:52 | 00,000,042 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2009/10/19 17:37:07 | 00,000,472 | ---- | C] ()
User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{44A06D5E-0FB9-46F6-BFFE-B88F37FDA91F}.job -> [2009/10/17 20:46:17 | 00,000,420 | -H-- | C] ()
Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2009/10/17 06:32:13 | 00,008,881 | ---- | C] ()
McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2009/10/17 06:21:24 | 00,000,338 | ---- | C] ()
McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2009/10/17 06:21:21 | 00,000,316 | ---- | C] ()
wpa.bak -> C:\WINDOWS\System32\wpa.bak -> [2009/10/16 19:32:03 | 00,013,646 | ---- | C] ()
MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2009/10/16 13:59:26 | 00,000,330 | -H-- | C] ()
housecall.guid.cache -> C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache -> [2009/10/16 13:41:40 | 00,000,036 | ---- | C] ()
FASTWiz.log -> C:\Documents and Settings\user\Local Settings\Application Data\FASTWiz.log -> [2009/09/15 22:03:36 | 00,000,078 | ---- | C] ()
mdvrmng.sys -> C:\WINDOWS\System32\drivers\mdvrmng.sys -> [2009/08/30 21:00:55 | 00,010,240 | ---- | C] ()
lxdovs.dll -> C:\WINDOWS\System32\lxdovs.dll -> [2009/08/14 10:22:40 | 00,040,960 | ---- | C] ()
lxdocoin.dll -> C:\WINDOWS\System32\lxdocoin.dll -> [2009/08/14 10:22:32 | 00,348,160 | ---- | C] ()
lxdodrs.dll -> C:\WINDOWS\System32\lxdodrs.dll -> [2009/08/14 10:21:08 | 00,692,224 | ---- | C] ()
lxdocnv4.dll -> C:\WINDOWS\System32\lxdocnv4.dll -> [2009/08/14 10:21:08 | 00,069,632 | ---- | C] ()
lxdocaps.dll -> C:\WINDOWS\System32\lxdocaps.dll -> [2009/08/14 10:21:08 | 00,065,536 | ---- | C] ()
lxdoinst.dll -> C:\WINDOWS\System32\lxdoinst.dll -> [2009/08/14 10:14:50 | 00,348,160 | ---- | C] ()
lxdogrd.dll -> C:\WINDOWS\System32\lxdogrd.dll -> [2009/08/14 10:14:48 | 00,208,896 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/12 18:32:03 | 00,030,240 | ---- | C] ()
RemoveDevice.dll -> C:\WINDOWS\System32\RemoveDevice.dll -> [2007/12/12 12:44:44 | 00,466,944 | ---- | C] ()
IconCache.db -> C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db -> [2007/11/14 08:05:59 | 05,348,594 | -H-- | C] ()
NTDisUn.dll -> C:\WINDOWS\System32\NTDisUn.dll -> [2007/11/14 07:56:25 | 00,036,864 | ---- | C] ()
csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2007/11/14 07:55:50 | 00,128,113 | ---- | C] ()
csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2007/11/14 07:55:50 | 00,045,056 | ---- | C] ()
tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2007/11/14 07:55:50 | 00,010,165 | ---- | C] ()
cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2007/11/14 07:55:50 | 00,007,671 | ---- | C] ()
desktop.ini -> C:\Documents and Settings\user\Application Data\desktop.ini -> [2007/11/14 07:02:58 | 00,000,062 | -HS- | C] ()
desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2007/11/14 06:29:00 | 00,000,062 | -HS- | C] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 00,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 00,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 00,031,698 | ---- | C] ()
TosBtAcc.dll -> C:\WINDOWS\System32\TosBtAcc.dll -> [2006/12/05 13:05:06 | 00,114,688 | ---- | C] ()
LsaWrApi.dll -> C:\WINDOWS\System32\LsaWrApi.dll -> [2006/08/03 03:24:08 | 00,045,124 | ---- | C] ()
ShellNav.dll -> C:\WINDOWS\System32\ShellNav.dll -> [2006/08/03 03:16:54 | 00,139,264 | ---- | C] ()
C1XStngs.dll -> C:\WINDOWS\System32\C1XStngs.dll -> [2006/08/03 03:15:16 | 00,528,453 | ---- | C] ()
D8021Xps.dll -> C:\WINDOWS\System32\D8021Xps.dll -> [2006/08/03 03:14:18 | 00,069,632 | ---- | C] ()
TosCommAPI.dll -> C:\WINDOWS\System32\TosCommAPI.dll -> [2005/07/22 21:30:20 | 00,065,536 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2005/01/13 03:00:14 | 00,147,456 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2005/01/13 03:00:10 | 00,651,264 | ---- | C] ()
Multview.dll -> C:\WINDOWS\System32\Multview.dll -> [2003/03/18 17:11:54 | 00,061,440 | ---- | C] ()
DTMenuEx.dll -> C:\WINDOWS\System32\DTMenuEx.dll -> [2003/03/16 18:42:18 | 00,036,864 | ---- | C] ()
TVCtrl.dll -> C:\WINDOWS\System32\TVCtrl.dll -> [2003/03/16 18:37:22 | 00,073,728 | ---- | C] ()
LCDCtrl.dll -> C:\WINDOWS\System32\LCDCtrl.dll -> [2003/03/16 18:37:08 | 00,061,440 | ---- | C] ()
GenCtrl.dll -> C:\WINDOWS\System32\GenCtrl.dll -> [2003/03/16 18:37:00 | 00,110,592 | ---- | C] ()
CRTCtrl.dll -> C:\WINDOWS\System32\CRTCtrl.dll -> [2003/03/16 18:36:52 | 00,049,152 | ---- | C] ()
ColorCtr.dll -> C:\WINDOWS\System32\ColorCtr.dll -> [2003/03/16 18:36:46 | 00,086,016 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [1980/01/01 00:00:00 | 00,000,533 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [1980/01/01 00:00:00 | 00,000,227 | ---- | C] ()
< End of report >
[/code]
------------------------------
Unable to attach logfile as it was too big
Hi GuyAB
Do you know anything about :O20 - Winlogon Notify: Antiwpa?
Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag (http://go.microsoft.com/fwlink/?linkid=56062) to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.
Thanks peku006
Hi Peku
Thanks for your help so far
-----------------------------------------
Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-H7YDR-9BFVW-DBVFY
Windows Product Key Hash: 9Vlg8EdVw0rco9gkEyUam7ySGTY=
Windows Product ID: 55274-OEM-2246043-31052
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {336ACD69-F1AE-4C8E-939F-147FD61EF145}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{336ACD69-F1AE-4C8E-939F-147FD61EF145}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DBVFY</PKey><PID>55274-OEM-2246043-31052</PID><PIDType>3</PIDType><SID>S-1-5-21-1935655697-1060284298-1957994488</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>PORTEGE R100</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>Version 1.20</Version><SMBIOSVersion major="2" minor="3"/><Date>20030919000000.000000+000</Date></BIOS><HWID>04B70600018400DC</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>4F00007B0B26B1E</Val><Hash>pNIxp73OL0/dEZy9Q7QSZGdwkCk=</Hash><Pid>81602-399-1895892-68561</Pid><PidType>10</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 73EE:Semp Toshiba Informatica Ltda|73EE:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
Hi GuyAB
Run OTS
Under the Paste Fix Here box on the right, paste in the following
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {04292AF9-2B7A-475A-BD6B-29F7E7703184} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
NY -> {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live ID Sign-in Helper]
NY -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO]
NY -> {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper]
NY -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper]
NY -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
NY -> "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar]
NY -> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
NY -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> 74651014687 -> Reg Error: Value error.
YN -> Antiwpa -> Reg Error: Value error.
[Files/Folders - Created Within 30 Days]
NY -> appmgmt -> C:\WINDOWS\System32\appmgmt
NY -> LimeWire -> C:\Documents and Settings\user\My Documents\LimeWire
NY -> LimeWire -> C:\Documents and Settings\user\Application Data\LimeWire
NY -> LimeWire -> C:\Program Files\LimeWire
[Custom Items]
:clearrestorepoints
:end
[Empty Temp Folders]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
This will create a log in C:\_OTS\MovedFiles\<date>_<time>.txt where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste the contents of that file here.
Thanks peku006
Hi Peku006
Here are the next set of results that you have requested in two parts due to its size.
-------------------------------------------------------
All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04292AF9-2B7A-475A-BD6B-29F7E7703184}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04292AF9-2B7A-475A-BD6B-29F7E7703184}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files\Java\jre6\bin\jp2ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
C:\Program Files\Windows Live\Toolbar\wltcore.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-1060284298-1957994488-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
File C:\Program Files\Windows Live\Toolbar\wltcore.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\74651014687\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa\ deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\appmgmt\S-1-5-21-1935655697-1060284298-1957994488-1003 folder moved successfully.
C:\WINDOWS\System32\appmgmt\MACHINE folder moved successfully.
C:\WINDOWS\System32\appmgmt folder moved successfully.
C:\Documents and Settings\user\My Documents\LimeWire\Store Purchased folder moved successfully.
C:\Documents and Settings\user\My Documents\LimeWire\Saved folder moved successfully.
C:\Documents and Settings\user\My Documents\LimeWire\Incomplete folder moved successfully.
C:\Documents and Settings\user\My Documents\LimeWire folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\promotion folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\mozilla-profile folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\certificate folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser\xulrunner folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\browser folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\user\Application Data\LimeWire folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
[Custom Items]
:clearrestorepoints
Restorepoints cleared and new one set!
[Empty Temp Folders]
User: Administrator
->Temp folder emptied: 0 bytes
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y1UXFPSG\desktop.ini deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K7NGI38T\desktop.ini deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ICGT37EJ\desktop.ini deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G8PTK9H1\desktop.ini deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 402 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\ZMUKVS3X\desktop.ini deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\UQ7Q8Y1Q\desktop.ini deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\LXE1IRDH\desktop.ini deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\EFWZEIZJ\desktop.ini deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ZZAG4I5\desktop.ini deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 32969 bytes
User: NetworkService
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log deleted successfully.
->Temp folder emptied: 8860 bytes
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6922F0GX\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5ZHE7RQL\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\592AGGTI\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1ENAAD6Y\desktop.ini deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 33170 bytes
User: user
C:\Documents and Settings\user\Local Settings\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-msi.0.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\NDP1.1sp1-KB953297-X86\NDP1.1sp1-KB953297-X86-wrapper.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ASPNETSetup.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\dotNetFx.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\java_install_reg.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\jusched.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\lxdoscan.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\mmc03A0CD5C.xml deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\netfx.log deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\netfxupdate.log deleted successfully.
->Temp folder emptied: 5436735 bytes
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Sqm\iesqmdata0.sqm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\21[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\angel[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\au_bg_rightbottom[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\au_button_left[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\au_shieldgreen[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\banner-bg[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\brand3_c[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\broker[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\bullet[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\CKScanner[1].exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\commontop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\content[6].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\cool[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\crowned[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\dashboards[1].xml deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\domo[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\email[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\errorPageStrings[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\favicon[1].ico deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\fcue-sprite[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\footer[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\forumdisplay[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\forumdisplay[3].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\Glenfinnan_EN-GB737686325s[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\goldbar2[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\grids_2.0.0[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\hdr_finish_left[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\hdr_options_left[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\heart[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\html[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\icon4[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\icon5[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\icon6[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\icon7[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\insertimage[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\jpg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\laugh[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\lipsrsealed2[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\lsmfonts_1.1[2].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\mbam.check[1].program deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\mstoolbar[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\newattachment[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\newreply[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\newreply[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\news_bg_rightbottom[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\news_bg_rightmiddle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\news_bg_righttop[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\news_bg_topmiddle[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\news_info[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\noparse[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\note1[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\overlib_vbglossar[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\pdf[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\poster_oops[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\post_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\quote[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\redirect[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\redo[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\remaining-lg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\reply[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\resultslist[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\rss_latestukworldnews[1].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\rules[1].ref deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\search[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\showthread[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\showthread[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\smile[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\SMProviderEnum[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\SMSubscriptionData[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\SMUIContainer[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\snlgradient_panelsurround[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\snlgradient_tcat[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\Snorkle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\sortasc[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\spelling[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\spupdateids[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\subscribe[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tag[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[6].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[7].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[8].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tgar[9].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\thread_hot[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\thread_hot_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\thread_moved_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\toc[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\toc[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\toc[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\toc[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\tongue[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\trans_pixel[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\vbulletin_ajax_taglist[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\vbulletin_ajax_threadrate[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\vbulletin_md5[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\vbulletin_pt_read_marker[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\webcomtop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\yahoo-dom-event[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\ybb_s_1.1[2].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P0F2WR3J\yregml_1.2[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\11x11progress[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\au_bg_lefttop[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\background_gradient[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\broker[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\br_9a9a9a_fff[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\clear[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\code[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\collapse_tcat[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\commontop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\confused1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\connection-min[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\content[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\content[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\content[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\content[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\cowboy[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\errorinformation[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\ErrorPageTemplate[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\favicon[1].ico deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\favicon[2].ico deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\favicon[3].ico deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\forums_spybot_info[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\forum_link[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\forum_old[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\hcp[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\hov_target3[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\icon10[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\icon13[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\icon1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\icon2[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\info_16x[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\insertunorderedlist[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\jpeg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\justifyleft[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\justifyright[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\login[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\mode_linear[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\navbits_start[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\newreply[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\newreply[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\news_bg_bottommiddle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\news_bg_leftmiddle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\oreo[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\outdent[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\paperclip[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\ph34r[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\php[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\present[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\printer[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\rating_1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\rating_2[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\resultslist[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\resultslist[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\resultslist[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\rss_latestukworldnews[1].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\rss_latestukworldnews[2].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\searchscope[1].xml deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\sendtofriend[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\separator[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\serp2_c[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\share[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\showthread[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\showthread[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SiteRecruit_PageConfiguration_2944mt1-2943mt60-MU[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SiteRecruit_PageConfiguration_2944mt1-2943mt60-MU[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SiteRecruit_PageConfiguration_2944mt1-2943mt60-MU[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMConstantsdef[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMInstrumentation[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMShowMessage[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMStylesheet[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMUtils[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\SMVersionMgr[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\spupdateids[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\spupdateids[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\spupdateids[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\success-sm[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tgar[6].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\thanks[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\thread[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\thread_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\tl_9a9a9a_fff[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\toc_expanded[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\trans_pixel[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\undo[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\uninstall[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\unlink[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\vbulletin_editor[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\vbulletin_post_loader[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\webcomtop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\webcomtop[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\welcome-bg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\welcome-left[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\welcome-right[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\wsus3setup[1].cab deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\wsus3setup[2].cab deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\wsus3setup[3].cab deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\ybb_1.1[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\ycs_usrmenu_1.1[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\ylib_list[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OFXX22DM\zip[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\attach[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\au_bg_righttop[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\au_button_right[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\banner-right[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\bigthumb[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\blank[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\CapPreAndPopAndAjax2[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\collapse_thead[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\commontop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\commontop[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\content[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\createlink[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\cs[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\devil[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\down[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\firstnew[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\gif[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\gradient[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\hdr_custominstall[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\httpErrorPagesScripts[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\http_403[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\icon12[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\icon14[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\icon3[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\icon8[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\icon9[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\indent[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\italic[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\justifycenter[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\j[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\lastpost[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\login_md5_1.1[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\menu_open[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\mode_hybrid[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\mode_threaded[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\navbits_finallink_ltr[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\newattachment[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\newreply[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\newreply[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\news[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\news[1].txt deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\news_bg_leftbottom[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\png[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\police[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\post_old[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\quote[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\rating_4[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\redirect[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\redirect[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\redirect[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\remaining-sm[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\removeformat[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\report[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\resize_0[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\resultslist[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\resultslist[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\rolleyes[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\rss_latestukworldnews[1].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\rss_latestukworldnews[2].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\sbsdlogo[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\Shared[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\showthread[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\showthread[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\SMAppData[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\SMClientDB[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\smilie[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\SMSyncMessage[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\SMVersion1[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\snlgradient_panel[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\snlgradient_thead[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\spider[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\spupdateids[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\spupdateids[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\sticky[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\style-af56ceaf-00002[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\syncmessage[1].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\syncmessage[2].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\syncmessage[3].aspx deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[6].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[7].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[8].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tgar[9].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\thread_dot[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\thread_hot_lock[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\toc[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\toc[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\tr_9a9a9a_fff[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\user_offline[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\vbulletin_ajax_tagsugg[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\vbulletin_attachment[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\webcomtop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\webcomtop[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\woo1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\I68F2JBZ\yahoo_dom_event_animation_2.0.0-b5[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\21-96836%20[][1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\aliensmiley[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\arrow[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_bg_bottommiddle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_bg_leftbottom[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_bg_leftmiddle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_bg_rightmiddle[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_button_middle[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_shieldred[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\au_shieldyellow[2].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\bcr_2.0.4[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\bl_9a9a9a_fff[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\bold[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\broker[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\btyb1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\CFScriptB-4[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\clown2[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\color[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\commontop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\commontop[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\commontop[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\content[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\content[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\content[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\content[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\content[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\euro[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\evil[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\fadeInImage2_c[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\failed-lg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\failed-sm[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\forumdisplay[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\forumdisplay[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\forum_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\hdr_expressresults_left[1].jpg deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\icon11[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\icon_funny[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\ico_help_yellow[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\info_48[1] deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\insertorderedlist[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\InstallStatus[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\j1[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\jpe[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\key[1].png deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\lassh_inline[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\lassh_main[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\login[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\mbam.check[1].database deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\menupop[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\MGADiag[1].exe deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\MrGreen[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\ms_masthead_ltr[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\multipage[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\multiquote_off[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\newattachment[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\newreply[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\news_bg_lefttop[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\newthread[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\rating_3[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\rating_5[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\redirect[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\redirect[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\redirect[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\redirect[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\resize_1[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\resultslist[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\resultslist[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\rockon[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\settings[1].xml deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\showthread[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\sick[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\signin[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\signin[2].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\SMRegistry[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\SMSystemData[1].vbs deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\spupdateids[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\success-lg[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\switchmode[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[3].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[4].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[5].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[6].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\tgar[7].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\thread_lock[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\thread_lock_new[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\thread_moved[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\toc_collapsed[1].gif deleted successfully
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\txt[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\underline[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\user_online[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_global[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_important[1].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_lightbox[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_menu[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_multi_quote[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_read_marker[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\vbulletin_textedit[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\webcomtop[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\webcomtop[2].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\welcome[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\windowsupdate_microsoft_com[1].htm deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\wink[1].gif deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\ycsa[2].css deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\2IC3CZM7\ylib_dom[1].js deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\desktop.ini deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\SuggestedSites.dat deleted successfully.
->Temporary Internet Files folder emptied: 16790015 bytes
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2cc996d6-n\jogl.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2cc996d6-n\jogl_awt.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2cc996d6-n\jogl_cg.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2cc996d6 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2cc996d6.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-544c5b2e deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\59\1ea183bb-544c5b2e.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-17069b6e-1.0b06a- deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\48\26760070-17069b6e-1.0b06a-.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-408322c5-n\gluegen-rt.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-408322c5 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-408322c5.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-1f2e0f09 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-1f2e0f09.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\44\50f3f12c-34f75592.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-71984f49 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\32\6c34baa0-71984f49.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-5779aa8b deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\27\20d3eedb-5779aa8b.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-44a1cc28-1.1.1a- deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\26\2d280e1a-44a1cc28-1.1.1a-.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-26a52e19 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\24\2a20e358-26a52e19.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612-n\jmc.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-3f4c6612.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089-n\decora-d3d.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089-n\decora-sse.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089-n\jmc.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089-n\msvcp71.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089-n\msvcr71.dll deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-28e6e089.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-5478d509 deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\11\2b98eb8b-5478d509.idx deleted successfully.
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed deleted successfully.
->Java cache emptied: 25493543 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
%systemroot%\System32 .tmp files removed: 2577 bytes
C:\WINDOWS\temp\ASPNETSetup.log deleted successfully.
C:\WINDOWS\temp\mcafee_0msicyqzgIHFHeW deleted successfully.
C:\WINDOWS\temp\mcafee_kxHSHkMtko8aJ68 deleted successfully.
C:\WINDOWS\temp\mcmsc_C32SpnjARAVWwMB deleted successfully.
File delete failed. C:\WINDOWS\temp\mcmsc_jZ7EsMcbyaQSlGX scheduled to be deleted on reboot.
C:\WINDOWS\temp\mcmsc_lp2PB7dLqCTWGau deleted successfully.
C:\WINDOWS\temp\mcmsc_ugX1KbGd8D1JCkw deleted successfully.
C:\WINDOWS\temp\mcmsc_usFliriqHcGQ5bp deleted successfully.
C:\WINDOWS\temp\mcmsc_zXnw8hrId468RVf deleted successfully.
C:\WINDOWS\temp\MpCmdRun.log deleted successfully.
C:\WINDOWS\temp\MpSigStub.log deleted successfully.
C:\WINDOWS\temp\netfxsl.log deleted successfully.
C:\WINDOWS\temp\netfxupdate.log deleted successfully.
C:\WINDOWS\temp\Perflib_Perfdata_544.dat deleted successfully.
C:\WINDOWS\temp\sqlite_01Esdx35fKDwn37 deleted successfully.
C:\WINDOWS\temp\sqlite_0fPNQ9fEsHxvCye deleted successfully.
C:\WINDOWS\temp\sqlite_2DP1dPWWfieft7C deleted successfully.
C:\WINDOWS\temp\sqlite_2FXO9JGgGMjYM21 deleted successfully.
C:\WINDOWS\temp\sqlite_5jRuY04QcWvRM6Q deleted successfully.
C:\WINDOWS\temp\sqlite_5LrGUuRha9zRIAB deleted successfully.
C:\WINDOWS\temp\sqlite_9eor9iIXnLDLwch deleted successfully.
C:\WINDOWS\temp\sqlite_A34NgNx172lpQ3R deleted successfully.
C:\WINDOWS\temp\sqlite_CobWJOLhmfEYwJn deleted successfully.
C:\WINDOWS\temp\sqlite_EsRrB7L0w3vhheJ deleted successfully.
C:\WINDOWS\temp\sqlite_F4yGflF5CbOajjb deleted successfully.
C:\WINDOWS\temp\sqlite_HcbFFLm3NeM576h deleted successfully.
C:\WINDOWS\temp\sqlite_jbM5w9ZbgYyVYdu deleted successfully.
C:\WINDOWS\temp\sqlite_jVjbevniUXF8EfF deleted successfully.
C:\WINDOWS\temp\sqlite_mOBWpvMNYtnbxrx deleted successfully.
C:\WINDOWS\temp\sqlite_mUFbSh7JIyZAdAx deleted successfully.
C:\WINDOWS\temp\sqlite_pcpWx5LMf8PZm79 deleted successfully.
C:\WINDOWS\temp\sqlite_QmJdRAgOkbM5sch deleted successfully.
C:\WINDOWS\temp\sqlite_xLtksQqXFo81SYc deleted successfully.
C:\WINDOWS\temp\sqlite_YfkXMbqirj1CBkc deleted successfully.
C:\WINDOWS\temp\sqlite_YXGmr7n4apnCe2t deleted successfully.
File delete failed. C:\WINDOWS\temp\TMP00000001F3F64CCC2BC13DFA scheduled to be deleted on reboot.
C:\WINDOWS\temp\WGAErrLog.txt deleted successfully.
C:\WINDOWS\temp\~DF270D.tmp deleted successfully.
C:\WINDOWS\temp\~DF31EC.tmp deleted successfully.
C:\WINDOWS\temp\~DF5BD0.tmp deleted successfully.
C:\WINDOWS\temp\~DF73B3.tmp deleted successfully.
C:\WINDOWS\temp\~DF74AF.tmp deleted successfully.
C:\WINDOWS\temp\~DFC049.tmp deleted successfully.
C:\WINDOWS\temp\~DFC458.tmp deleted successfully.
Windows Temp folder emptied: 598862 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 46.19 mb
< End of fix log >
OTS by OldTimer - Version 3.0.24.0 fix logfile created on 10272009_183524
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_jZ7EsMcbyaQSlGX not found!
File\Folder C:\WINDOWS\temp\TMP00000001F3F64CCC2BC13DFA not found!
Registry entries deleted on Reboot...
Hi GuyAB
1 - Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.
Go to Java Site (http://java.sun.com/javase/downloads/index.jsp)
Click to Download Java SE Runtime Environment (JRE) 6 Update 16
In Platform box choose Windows.
Check the box to Accept License Agreement and click Continue.
Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586-p.exe" and save the downloaded file to your desktop.
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer
2- Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?
Thanks peku006
Hi Peku006
The computer is now starting to run so much better, thank you.
The Kaspersky log is as follows.
----------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 28, 2009 19:44:14
Records in database: 3096805
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
Scan statistics:
Objects scanned: 44698
Threats found: 11
Infected objects found: 14
Suspicious objects found: 0
Scan duration: 10:15:59
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\313.crack.zip.vir Infected: Trojan-Downloader.Win32.Injecter.dmg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\314.keygen.zip.vir Infected: Trojan.Win32.Agent.czrk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\314.keygen.zip.vir Infected: Trojan.Win32.Agent.czrj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\315.serial.zip.vir Infected: Trojan.Win32.Agent.czri 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\315.serial.zip.vir Infected: Trojan.Win32.Agent.czrh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\316.setup.zip.vir Infected: Trojan-Dropper.Win32.Agent.bghq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\316.setup.zip.vir Infected: Trojan-Dropper.Win32.Agent.bghp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\321.crack.zip.vir Infected: Trojan-Dropper.Win32.Delf.ecl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\322.keygen.zip.vir Infected: Trojan-Dropper.Win32.Delf.ebo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\324.setup.zip.vir Infected: Trojan-Dropper.Win32.Delf.ebm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\325.music.au.vir Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\326.music2.au.vir Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\327.music3.au.vir Infected: Trojan-Downloader.WMA.GetCodec.s 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\LocalService\328.music4.au.vir Infected: Trojan-Downloader.WMA.GetCodec.s 1
Selected area has been scanned.
----------------------------------------
The HJT log is as follows
----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:24, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdoserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\lxdocoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Lexmark 9500 Series\lxdoamon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/showthread.php?t=52738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [TridentWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\System32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [lxdomon.exe] "C:\Program Files\Lexmark 9500 Series\lxdomon.exe"
O4 - HKLM\..\Run: [lxdoamon] "C:\Program Files\Lexmark 9500 Series\lxdoamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Update Agent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230769901637
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0298141256240844) (0298141256240844mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\029814~1.EXE (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdoCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdoserv.exe
O23 - Service: lxdo_device - - C:\WINDOWS\system32\lxdocoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8805 bytes
---------------------------------------------------
Are we nearly there yet?
Sorry for my poor taste humour but I had no idea it would be this complex to sort and I have been doing IT support for over 20 years. You guy's really are the experts with this malicious software though. Thank you again.
Hi GuyAB
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete CKScanner from your desktop
Double-click OTS.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913).
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help