View Full Version : FakeAlert Damage
Hello
I desperately need your help.
On 22nd June I lost control of my computer and was invited to purchase remedial software, taking this to be extortion I refused. I ran McAfee anti-virus (this is always live on my machine) and MalwareBytes to discover that there were versions of the FakeAlert trojan present. These were cleared, but left the machine with no icons or background on the desktop and access only to programs on the C: drive ( the hard-drives are partitioned and most applications are on the D: drive, with some on other drives.
Research on the net led me to your site and SpyBot. The advice provided by “tashi” I downloaded and ran ERUNT, DDS and SpyBot. Unfortunately I ran the remedial option on SpyBot which did not eliminate all problems, but did seem to inhibit the restarting of the computer.
I booted in safe-mode and scanned with both MalwareBytes and McAfee, both reported no problems. It was then, perhaps coincidentally, possible to boot normally. Only recent added icons and no wallpaper was available on the desktop. Investigation showed that there was no access to drives holding programs (but using Run, browse I was able to run MS Outlook which is on the C: drive. I again ran ERUNT, DDS and SpyBot (did not invoke remedial action in SpyBot) and discovered that I could not access the SpyBot folder to view the report. The “Applications” folder could not been seen in eithe Explorer or Run/Browse. I ran SpyBot again and recorded the report in another folder using copy/paste.
This report is given here:
--- Report generated: 2011-06-24 20:46 ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
DoubleClick: Tracking cookie (Internet Explorer: WEL) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Please can you help me?
I have tried SupportSpace and was told that files are damaged and advised to reload XP Pro. I can't accept this because I believe the file are still there but access is blocked e.g. I can run SpyBot from the desktop icon, but cannot find it with Win Explorer.
William Lewis
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
Thank you for responding.
Here is DDSreport:
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by WEL at 14:59:53 on 2011-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1239 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\USB Disk Tool\USNDISKT.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe
D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
svchost.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
C:\progra~1\brainbullet\Brain Bullet.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\progra~1\brainbullet\mblit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Documents and Settings\WEL\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by BT Yahoo!
uStart Page = hxxp://home.bt.yahoo.com/
uDefault_Page_URL = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511113155.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Uniblue RegistryBooster 2009] d:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM_Monitor] d:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [UIWatcher] d:\program files\ashampoo\ashampoo uninstaller 4\UIWatcher.exe
uRun: [BrainBullet] c:\progra~1\brainbullet\Brain Bullet.exe STARTUP
uRun: [GTV GlobalIM] d:\program files\business dashboard\global.im.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "d:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [USB Disk Tool] d:\program files\usb disk tool\USNDISKT.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DefragTaskBar] "c:\program files\ashampoo\ashampoo magical defrag 2\bin\defragTaskBar.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [OM_Monitor] d:\program files\olympus\olympus master\FirstStart.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ashampoo Core Tuner] "d:\program files\ashampoo\ashampoo core tuner\ct.exe" -TRAY
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Ashampoo HDD Control Guard] d:\program files\ashampoo\ashampoo hdd control\HDDControlGuard.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TaskTray]
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{07DC44C0-BEF6-4D56-8786-1D8366ED48F9} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: "c:\progra~1\google\google desktop search\GoogleDesktopNetwork3.dll"
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-3-3 38448]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-24 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\boomerang software\guardian pc security tools\PfftWrk.exe [2008-9-18 98304]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 366640]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-29 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-21 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-24 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-24 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-24 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-24 56064]
S3 cpuz132;cpuz132;\??\c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-24 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [2008-6-30 53083]
.
=============== Created Last 30 ================
.
2011-06-27 10:43:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 10:43:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 20:11:19 -------- d-----w- c:\documents and settings\wel\Security 201106
2011-06-23 11:02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-23 11:02:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-21 15:57:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02:12 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50:38 -------- d-----w- c:\documents and settings\wel\application data\McAfee
2011-06-19 17:52:38 -------- d-----w- c:\program files\Serif
2011-06-15 15:54:33 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26:15 -------- d--h--w- c:\documents and settings\wel\application data\alot
2011-06-12 09:26:15 -------- d-----w- c:\program files\alot
2011-06-10 16:16:07 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16:07 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57:39 -------- d-----w- c:\documents and settings\all users\application data\Driver Boost
.
==================== Find3M ====================
.
2011-06-15 15:48:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 16:18:22 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-06-10 16:18:22 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-06-10 16:18:17 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-16 11:23:31 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19:22 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 15:01:13.84 ===============
Sorry I have lost winzip and will have to reinstall. Will post again later with the "attach ".
Than you.:thanks:
secWEL
Sorry for the delay. As stated earlier I have lost access to nearly all programs.
I have copied the "attach" file to an OpenOffice Write document and compressed it with 7 Zip, which I had to done load despite the instruction not to add any files. Sorry but it was the only way.
Thanks again
secWEL
All scans we run will open a log in Notepad so need to to zip, just copy and paste.
You have uTorrent installed, using P2P programs guarantee you will become infected, I need you to uninstall it via Add Remove Programs in the Control Panel.
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Hello ken545
Thank you for the fast response.
I cannot find uTorrent on the Add/Remove software list, nor can I find it with the XP search utility but this does not seem to be able to access the D: and other drives. Windows Explorer shows the D: dirve and other drives as being empty.
Despite not being able to remove uTorrent, I have run “CKScanner. The contents of the “CKFiles.txt “ are:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OCAPUB
----- EOF -----
I was surprised by how quickly the scan was completed and by the result; should I run it again?
Looking forward to hearing from you.
Regards
SecWEL
Not a problem, just want to alert you to the dangers of these type programs
P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Den ken545
Thanks for another prompt reply - very much appreciated.
I Disable McAfee but ComboFix thought it was still running and warned about possible problems, but I ran it anyway.
The report is below. I am amazed by the number of temporry files listed, I thought they had all been cleared.
ComboFix said:
ComboFix 11-07-02.03 - WEL 03/07/2011 17:05:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1161 [GMT 1:00]
Running from: c:\documents and settings\WEL\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
..
Other Deletions .
.
c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\documents and settings\WEL\Application Data\.#
c:\documents and settings\WEL\Application Data\.#\MBX@1124@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FB0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FE0.###
c:\documents and settings\WEL\Application Data\alot
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\WEL\Application Data\alot\products\products.xml
c:\documents and settings\WEL\Application Data\alot\products\products.xml.backup
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\clear.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\cloudy.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\mcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\pcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\rain.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\shower.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\icon_configure.JPG
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbar.xml
c:\documents and settings\WEL\Application Data\alot\toolbar.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\WEL\Application Data\PriceGong
c:\documents and settings\WEL\Application Data\PriceGong\Data\1.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\a.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\b.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\c.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\d.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\e.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\f.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\g.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\h.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\i.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\J.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\k.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\l.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\m.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\n.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\o.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\p.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\q.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\r.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\s.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\t.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\u.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\v.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\w.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\x.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\y.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\z.xml
c:\documents and settings\WEL\Desktop\Internet Explorer.lnk
c:\documents and settings\WEL\Desktop\Windows XP Repair.lnk
c:\documents and settings\WEL\g2mdlhlpx.exe
c:\documents and settings\WEL\GoToAssistDownloadHelper.exe
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc109.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc110.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc128.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc129.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc131.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc133.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc137.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc138.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc140.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc141.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc144.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc145.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc146.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc147.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc148.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc149.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc153.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc154.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc155.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc157.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc158.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc159.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc160.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc161.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc162.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc166.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc167.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc168.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc169.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc172.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc175.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc177.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc180.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc184.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc185.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc186.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc187.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc188.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1AA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1F6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc207.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc20C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc22D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc238.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc239.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc23C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc241.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc242.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc24C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc256.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc261.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc264.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc273.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc27C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc29D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2A5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2DA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc362.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3CD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc469.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4F3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc582.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc778.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc784.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFF.tmp
ken545 THIS POST IS TOO LONG WILL SEND SECOND PART IMMEDIATELY.
Many thanks.
secWEL
Dear ken545
Second part of CombFix report:
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\documents and settings\WEL\WINDOWS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\ini
c:\windows\system32\ini\DTYPE.CPG
c:\windows\system32\ini\DTYPE.FLS
c:\windows\system32\ini\DTYPE.PAT
c:\windows\system32\ini\DTYPE.PHY
c:\windows\system32\ini\DTYPE.STL
c:\windows\system32\ini\gs002.gsl
c:\windows\system32\ini\gs004.gsl
c:\windows\system32\ini\gs006.gsl
c:\windows\system32\ini\gs016.gsl
c:\windows\system32\ini\gs256.gsl
c:\windows\system32\ini\gssqrt.gsl
c:\windows\system32\LocalService
c:\windows\system32\rnaph.dll
C:\xcrashdump.dat
D:\uninstall.exe
W:\autorun.inf
.
Files Created from 2011-06-03 to 2011-07-03 .
.
2011-06-27 10:43 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 10:43 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 20:11 . 2011-07-03 09:45 -------- d-----w- c:\documents and settings\WEL\Security 201106
2011-06-23 11:02 . 2011-06-23 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-23 11:02 . 2011-06-23 11:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 18:56 . 2011-06-22 18:57 -------- d-----w- c:\program files\ERUNT
2011-06-21 15:57 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02 . 2011-06-21 15:02 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50 . 2011-06-21 13:50 -------- d-----w- c:\documents and settings\WEL\Application Data\McAfee
2011-06-19 17:52 . 2011-06-19 17:52 -------- d-----w- c:\program files\Serif
2011-06-15 15:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26 . 2011-06-12 09:26 -------- d-----w- c:\program files\alot
2011-06-10 16:16 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57 . 2011-06-10 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost
..
.
Find3M Report
.
2011-06-15 15:48 . 2011-05-14 09:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-02-24 16:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05 . 2008-06-11 19:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-25 06:09 . 2011-04-07 21:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-07 21:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-04-07 21:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-05-12 14:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-05-12 14:42 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-05-12 14:42 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-04-07 21:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2006-08-16 07:35 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2011-05-12 14:42 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2008-05-16 13:01 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2006-08-16 07:35 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2006-08-16 07:35 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2006-08-16 07:35 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-16 11:23 . 2011-05-16 11:23 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31 . 2008-06-10 14:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19 . 2011-04-20 13:19 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01 . 2011-02-24 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2011-02-24 16:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01 . 2011-02-24 16:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2011-02-24 16:16 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01 . 2011-02-24 16:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2011-02-24 16:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01 . 2011-02-24 16:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01 . 2011-02-24 16:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2011-01-29 20:02 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2010-10-13 22:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01 . 2010-10-13 22:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-08 05:14 . 2011-05-12 14:42 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-12 14:42 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-16 04:32 . 2011-03-25 12:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-30 16:15 . 2010-03-03 10:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 13:01 . 2011-02-24 16:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
..
Reg Loading Points
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"UIWatcher"="d:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-01-04 2530648]
"BrainBullet"="c:\progra~1\brainbullet\Brain Bullet.exe" [2006-12-15 140800]
"GTV GlobalIM"="d:\program files\Business Dashboard\global.im.exe" [2006-05-11 188416]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-05-10 1205760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"USB Disk Tool"="d:\program files\USB Disk Tool\USNDISKT.EXE" [2003-04-02 122880]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Ashampoo Core Tuner"="d:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-09-25 3334488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Ashampoo HDD Control Guard"="d:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-02-16 3994456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\WEL\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2010-4-2 403968]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-7-27 29696]
EPSON Background Monitor.lnk - c:\program files\EPSON\ESM2\STMS.exe [1999-6-7 233984]
hueyPROTray.lnk - d:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-1-18 1081344]
InterVideo WinCinema Manager.lnk - d:\program files\Corel\Common\Bin\WinCinemaMgr.exe [2008-12-8 114688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-22 805392]
Portfolio Express 8.5.lnk - d:\program files\Extensis\Portfolio 8.5\Portfolio Express.exe [2010-4-26 3280896]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [03/03/2010 20:13 38448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [24/02/2011 17:16 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe [18/09/2008 10:10 98304]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2011 16:57 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [24/02/2011 17:17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [29/01/2011 21:02 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 15:49 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [01/04/2011 05:11 428640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [24/02/2011 17:16 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2011 16:57 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [24/02/2011 17:16 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/03/2010 11:19 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [24/02/2011 17:16 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [30/06/2008 19:28 53083]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://home.bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - d:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-TaskTray - (no file)
Notify-70e961f0658 - (no file)
AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe
AddRemove-JESSOPS - D:\uninstall.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Relaxation-CDs.com Screensaver - c:\windows\uninstall Relaxati.exe...
**************************************************************************.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 17:31
Windows 5.1.2600 Service Pack 3 NTFS.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0.
**********************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-07-03 17:35:18
ComboFix-quarantined-files.txt 2011-07-03 16:35
.
Pre-Run: 58,444,079,104 bytes free
Post-Run: 59,194,941,440 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 654024D73E2E79C52B8896708317F628
I hope the split file does not make things more difficult for you.
Thank you
secWEL
You did just fine
MyAshampoo<-- Do you use this toolbar, it appears to fall somewhere in the gray area ?
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again
c:\windows\system32\drivers\oxrsavq.sys<--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
Keep Combofix on your desktop, we may need to run it again
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Hello ken545,
Thanks again for very quick response.
Ashampoo is a very good German company that produces a variety of software packages, some of which I have used for years without problems, so I think their toolbar is probably OK, but I do not use so will remove later.
I have unhidden the files and all my icons are back and Win Explorer now lists the files in the D: drive. Thank you very much.
VirusTotal does not list the “oxrsavq.sys” file and I cannot find on my machine so have not been able to submit it. What should I do?
Tried to run TFC and ended up with two instances both “not responding” and I could not clear them so reset the machine. Several attemps at a normal boot failed, so I started in “Safe-mode” and ran TFC successfully.
Had warning from McAfee that “Real time Scanning” was off and it would not reset, so I shut-down. Domestic pressures and lateness forced break at this time.
Have now downloaded and run MBAM, the report is below and shows no infections.
Is this progress?
MBAM Report:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 7013
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
03/07/2011 22:46:10
mbam-log-2011-07-03 (22-46-10).txt
Scan type: Quick scan
Objects scanned: 206345
Time elapsed: 2 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I really do appreciate your help, I wish I had the skills and knowledge.
Thanks again. (Am going to bed now!)
secWEL
Lets do this
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Hello ken545
Thank you.
I have run “OTL” and include the ”OTL.text” below and will send the “Extras.txt” with the next post.
A brief summary of the status this morning:
a) machine would not boot normally so I ran in “Safe-mode” with boot logging. The log covered 300 pages and the last 3 entries were:
“Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Did not load driver cfwids.SYS”
Prior to those there was a long list of “Did not load”
b) the machine is slow.
McAfee seems to have lost its database and it had to be renewed, also there is an error:
Error Signature
szAppName : McSvHost.exe szAppVer : 1.5.109.0 szModName : HWAPI.dll
szModVer : 11.5.109.0 offset : 000427ae
Error Report
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\McSvHost.exe.mdmp
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\appcompat.txt
I do not know whether these are related to the main problem.
Sorry text is too long so will send "OTL.txt" in two parts.
OTL.txt (Part 1)
OTL logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32
Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - c:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\BrainBullet\Brain Bullet.exe ()
PRC - C:\Program Files\BrainBullet\mblit.exe ()
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/03 17:30:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
**** END PART 1 ******
Thanks
secWEL
ken%$%
**** OTL.txt Part 2 *****
========== Files/Folders - Created Within 30 Days ==========
[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS
========== Files - Modified Within 30 Days ==========
[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:24:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 10:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 10:11:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:11:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:09:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 10:07:08 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 10:06:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 10:06:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:30:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/20 16:23:20 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
========== Files Created - No Company Name ==========
[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
========== LOP Check ==========
[2010/05/28 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2008/11/11 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2008/06/14 19:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/03 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celartem
[2009/10/06 10:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/25 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
[2008/08/30 20:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/06/10 15:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/05/12 19:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/05/09 19:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2011/03/04 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensis
[2011/02/24 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iBaAgAi08200
[2011/03/04 10:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/03/03 11:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2011/03/23 20:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2011/05/22 20:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/21 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/28 20:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2008/06/20 10:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/15 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/12/07 11:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/05/08 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/02/01 15:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/09/23 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 17:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/12 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B9F9E1D5-C790-4BF3-916E-3090346AFDEB}
[2009/08/29 14:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/20 10:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2011/06/08 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PDF Software
[2010/04/02 17:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\111701
[2009/10/14 14:13:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Ashampoo
[2008/07/23 15:24:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Canon
[2009/08/28 14:41:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ChaosPro
[2008/10/06 19:43:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CheckPoint
[2009/10/12 19:43:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CoffeeCup Software
[2010/10/23 17:54:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DocumentsToGoDesktop
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DriverCure
[2011/03/04 11:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Extensis
[2009/10/12 15:20:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\FileZilla
[2010/04/09 15:46:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\InterVideo
[2008/06/29 15:29:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Konrad Papala
[2011/03/23 20:59:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Kybtec Software
[2008/12/08 17:35:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Leadertech
[2009/10/15 10:03:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\LimeWire
[2009/10/18 19:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/10/20 12:02:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MipKukSoft
[2008/12/07 17:38:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Moyea
[2008/06/12 16:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NCode
[2009/03/04 20:27:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NetCentrics
[2008/06/28 12:23:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NewSoft
[2011/01/27 16:46:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Notepad++
[2009/10/12 15:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Nvu
[2009/08/01 15:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OLYMPUS
[2009/10/13 16:59:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OpenOffice.org
[2010/01/19 15:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Pantone
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ParetoLogic
[2011/06/09 10:33:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PDF Software
[2009/11/05 15:53:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PersonalBrain
[2010/01/30 13:45:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Quo2
[2010/06/28 20:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\RootsMagic
[2008/06/20 10:53:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ScanSoft
[2009/06/30 20:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Scooter Software
[2009/10/09 17:20:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Serif
[2009/10/15 10:03:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\System Tweaker
[2011/01/04 18:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Thunderbird
[2011/05/08 18:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Titanium Gears
[2010/02/01 16:46:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Uniblue
[2008/07/03 11:09:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Windows Desktop Search
[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
========== Purity Check ==========
< End of report >
I will send "extras.txt" with next post.
Thanks
secWEL
Hello ken545
Here is "Extas.txt":
OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32
Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3
Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.
Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.
[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.
Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.
Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.
Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.
Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.
Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.
Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2
Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
< End of report >
Thanks
secWEL
Hi,
The alerts and errors your getting are related to McAfee, you may want to uninstall that program and reinstall it.
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="
:Services
:Reg
:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Hi ken545
Reports:
First OTL report using yr code:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.AMD2-3A4FB6A446
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.AMD2-3A4FB6A446.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: WEL
->Temp folder emptied: 2212624 bytes
->Temporary Internet Files folder emptied: 2710856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37991656 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 810 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108728235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 145.00 mb
OTL by OldTimer - Version 3.2.25.0 log created on 07042011_143807
Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_edc.dat moved successfully.
C:\Documents and Settings\WEL\Local Settings\Temp\WCESLog.log moved successfully.
Registry entries deleted on Reboot...
The reports from the scan will be in the next two posts.
Thanks secWEL
Hello again
The OTL.txt file:
OTL logfile created on: 04/07/2011 14:52:43 - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.60% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.45 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.36 Gb Free Space | 91.23% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32
Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2011/07/04 14:38:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKCU..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKCU..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/07/04 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/04 14:07:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS
========== Files - Modified Within 30 Days ==========
[2011/07/04 14:48:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:39 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 14:48:09 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 14:43:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 14:43:38 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 14:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 14:43:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/04 14:38:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 14:24:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 13:54:37 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/04 12:11:15 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
========== Files Created - No Company Name ==========
[2011/07/04 12:11:15 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
< End of report >
I will send the other file in the next post.
Regards
secWEL
Hi
The OTL Extras file:
OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32
Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3
Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.
Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.
[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.
Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.
Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.
Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.
Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.
Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.
Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.
Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2
Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
< End of report >
I will reload McAfee and delete the Ashampoo toolbar; I don not know who Conduit are.
Question: Do you ever sleep? Your replies come so quickly that I suspect your always awake.
Many thanks
secWEL
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
:Services
nlwkxq
:Reg
:Files
c:\windows\system32\drivers\oxrsavq.sys
c:\program files\alot
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Hello ken545
Sorry I was waiting for an email to tell me you had replied, it will not happen againg I will check the thread frequently.
I have had trouble with running your "fix" code; yestarday I ranit twice and each there was two copies of the report text displayed on reboot and the computer was locked up. I have tried twice today and was successful with the seconde attempt.
Here is the report:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ALOT Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.AMD2-3A4FB6A446
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrator.AMD2-3A4FB6A446.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
User: NetworkService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: WEL
->Temp folder emptied: 219913 bytes
->Temporary Internet Files folder emptied: 241585 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9209259 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 810 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9.00 mb
OTL by OldTimer - Version 3.2.25.0 log created on 07102011_114406
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_cd8.dat not found!
C:\Documents and Settings\WEL\Local Settings\Temp\WCESLog.log moved successfully.
Registry entries deleted on Reboot...
END OF REPORT.
The computer is very slow and the icons that we retrieved earlier are dimmed,
but they do run OK. I cannot find many programs using Win Exploerer or Run/Start, but can run them by opening appropriate text files e.g. opening a photograph file starts the photo editor.
Once again, many thanks for your help.
secWEL
Lets see if this finds anything
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Hello ken545
Sorry, when I try to run aswMBR.exe I get a messge saying it is not a valid Win32 file. I cannot access the Command Prompt to run it as a DOS file.
How shall I proceed?
Thanks
secWEL
Lets try this instead
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
Hello ken545
Here is GMER log.
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-11 12:37:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port3Path0Target0Lun0 MAXTOR_S rev.3.AA
Running: gmer.exe; Driver: C:\DOCUME~1\WEL\LOCALS~1\Temp\pfdiypob.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB7E51210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7E51224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7E51250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7E512A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB7E511FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7E511D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7E511E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB7E5123A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB7E5127C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7E51266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7E512D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7E512BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7E51290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B7E51294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B7E512AA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B7E512C0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B7E51280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B7E511D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B7E511EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP B7E512D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B7E5126A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B7E5123E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B7E51214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B7E51228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B7E51254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B7E51200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB633F3A0, 0x88C445, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00970000
.text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00970011
.text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00970FDB
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00960000
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00960F7E
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00960073
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00960062
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00960FA5
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00960036
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00960F57
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0096009F
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009600F0
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009600CB
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00960F3C
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00960047
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00960011
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0096008E
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00960FCA
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00960FE5
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009600BA
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01590FDB
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01590073
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0159002C
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0159001B
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01590FB6
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01590000
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01590062
.text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01590047
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01570F7C
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!system 77C293C7 5 Bytes JMP 01570F8D
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01570FCD
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01570FEF
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01570FB2
.text C:\WINDOWS\Explorer.EXE[632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01570FDE
.text C:\WINDOWS\Explorer.EXE[632] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00980000
.text C:\WINDOWS\Explorer.EXE[632] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00980FE5
.text C:\WINDOWS\Explorer.EXE[632] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00980FD4
.text C:\WINDOWS\Explorer.EXE[632] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00980FC3
.text C:\WINDOWS\Explorer.EXE[632] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
.text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0005001B
.text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0004004A
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0004002F
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F55
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040F7C
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0004001E
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040093
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040078
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F04
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F15
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040EE9
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040F97
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FDE
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0004005B
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FB2
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FCD
.text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F30
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F9B
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FCA
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770062
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00770051
.text C:\WINDOWS\system32\services.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770040
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070031
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FB0
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FC1
.text C:\WINDOWS\system32\services.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1152] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE0036
.text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE001B
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40093
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40082
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40FA8
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E4005B
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E4002F
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F70
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F8D
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40F29
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40F44
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E40F0E
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E4004A
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FD4
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E400B8
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FC3
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E40F55
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012F0F9E
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012F0F4D
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012F0FB9
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012F0FCA
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012F0014
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012F0FE5
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012F0F68
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4F, 89]
.text C:\WINDOWS\system32\lsass.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012F0F8D
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012E004C
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 012E0FC1
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012E0FD2
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012E0FEF
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012E0027
.text C:\WINDOWS\system32\lsass.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012E000C
.text C:\WINDOWS\system32\lsass.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AB0FC3
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB0FD4
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F8A
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA0089
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA006E
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0051
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA001B
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F6D
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA00B5
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA0106
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA00EB
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA0117
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA0036
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0FE5
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA00A4
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0FAF
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA0FC0
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA00DA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AE0036
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AE006C
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AE0025
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AE0FAF
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AE0FCA
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CE, 88]
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AE0051
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD0FC8
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0053
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD002E
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD0FE3
.text C:\WINDOWS\system32\svchost.exe[1372] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD001D
.text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FCA
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50000
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F5C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40047
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40F6D
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40F8A
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FAF
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40082
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F3A
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400C9
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400B8
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A400DA
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4002C
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F4B
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FC0
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40011
.text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A4009D
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FC3
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B9004A
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B90014
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90F8D
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B90FA8
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 88]
.text C:\WINDOWS\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B9002F
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A7002A
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A70F9F
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FC1
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70FB0
.text C:\WINDOWS\system32\svchost.exe[1464] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A70FD2
.text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A60000
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01AE0000
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01AE0FDB
.text C:\WINDOWS\System32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01AE0011
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01AD0F64
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01AD0F75
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01AD0F90
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01AD004D
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01AD0FBC
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01AD0F18
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01AD006A
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01AD0ED1
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01AD0EE2
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01AD0EB6
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01AD0FA1
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01AD0014
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01AD0F49
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01AD0FCD
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01AD0FDE
.text C:\WINDOWS\System32\svchost.exe[1588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01AD0EFD
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 028D0036
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 028D006C
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 028D001B
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 028D000A
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 028D005B
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 028D0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 028D0FB9
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AD, 8A]
.text C:\WINDOWS\System32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 028D0FCA
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0264004E
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!system 77C293C7 5 Bytes JMP 0264003D
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02640018
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02640FEF
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02640FCD
.text C:\WINDOWS\System32\svchost.exe[1588] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02640FDE
.text C:\WINDOWS\System32\svchost.exe[1588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 022D0000
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01AF000A
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01AF0FEF
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01AF0025
.text C:\WINDOWS\System32\svchost.exe[1588] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01AF0036
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A70FDB
.text C:\WINDOWS\system32\svchost.exe[1792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A7001B
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A60000
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A60076
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A6005B
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A6004A
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A60F8D
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A60039
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A60098
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A60F5C
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A60F24
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A60F3F
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A600E2
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A60FA8
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A60087
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A60FC3
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A60FD4
.text C:\WINDOWS\system32\svchost.exe[1792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A600B3
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FD4
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093006C
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930FAF
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC6
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FAB
.text C:\WINDOWS\system32\svchost.exe[1792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1792] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1792] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[1792] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FC3
.text C:\WINDOWS\system32\svchost.exe[1792] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00900014
.text C:\WINDOWS\system32\svchost.exe[1792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\SearchIndexer.exe[2552] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 34420FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 34420FCA
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 34420000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 34410FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 34410093
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 34410078
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 34410F9E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 3441005B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 34410039
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 344100CB
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 34410F83
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 34410F4D
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 34410F68
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 34410F32
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 3441004A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 34410FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 344100A4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 34410FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 34410014
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 344100E6
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 343F0FB7
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!system 77C293C7 5 Bytes JMP 343F0FC8
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 343F0027
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!_open 77C2F566 5 Bytes JMP 343F0000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 343F0042
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 343F0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 34400FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 34400F94
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 34400025
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 3440000A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 34400051
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 34400FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 34400FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [60, BC]
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 34400036
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[3320] WS2_32.dll!socket 71AB4211 5 Bytes JMP 343E0000
.text C:\WINDOWS\system32\svchost.exe[3700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0FE5
.text C:\WINDOWS\system32\svchost.exe[3700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[3700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F6F
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F8A
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0058
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0047
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FC0
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0095
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F4D
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F21
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F32
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE00D5
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FA5
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0F5E
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[3700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00B0
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD002C
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0062
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD0FDB
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0011
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0FA5
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0047
.text C:\WINDOWS\system32\svchost.exe[3700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0FC0
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FA4
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0FB5
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC0FD7
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FC6
.text C:\WINDOWS\system32\svchost.exe[3700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0011
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume12 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume10 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume11 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft@TechLevel 0xED 0x38 0x55 0x6A ...
Reg HKLM\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\LastSetupCommand@
Reg HKLM\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Rename\File20@ C:\Documents and Settings\WEL\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\pnup1.exe|rnupgagent.exe
Reg HKLM\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\UpgClasses@
Reg HKLM\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\UpgComps@
Reg HKLM\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\UpgProds@
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\WEL\Local Settings\Temporary Internet Files\Content.IE5\T7OHR148\extended[1].xml 133 bytes
---- EOF - GMER 1.0.15 ----
Thanks
secWEL
No rootkit Infection
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Hello ken545
Not having any success in running the ESET online scanner. I tried with Firefox but got a message that "esetsmartinstaller_enu.exe" is not a valid Win32 application.
Switched to IE8 and tried several times to run from your link, but each time it either hung after the "Accept terms" button was pressed. It loaded the onlins scanner pop-up and then either hung or closed IE.
Today I have tried running the scanner directly from the ESET site. The result was much the same, although on one occassion I did see the "Click here to download onlinescanner.cab", but always the program hung or closed IE.
When it hung I had to use Task Master to close the program.
On all attempts I had stopped McAfee and MalwareBytes.
Sorry I do not know what to try next and am feeling completely useless
Looking forward to your advice again.
Thanks
secWEL
Try one of these, just need one to run. Online virus scanners act differently on each system, one they run fine and the next it wont run, go figure
Trendmicro Housecall (http://housecall.trendmicro.com/)
BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)
Mcafee Online Scan (http://us.mcafee.com/root/mfs/default.asp?cid=9914)
Hello ken545
I have run the House Call scan (it looked only at the C: drive) and it reported "no infections". I am having problems with the others , but will try again later.
How is it that we can run programs (from icons or by opening previosly created files) but they are not listed by "Win Explorer", "All Programs", "Add or Remove" or "Run/Browse"? They are presumably hidden, but were not revealed by the "Unhide" we ran.
What fun these computers are!
Thanks
secWEL
No need to run the other scans, if Housecall says no threats found then thats fine.
Not all programs you install will be in add remove or All Programs, depends on the type of programs like the online virus scanners and the scanners we used to check your system will not be listed .
How are things running now, any browser redirects or unwanted pop up windows?
Hello
Thanks. I will abandon the other scans.
Current position is:
a) computer is slower than usual.
b) I cannot access various programs that were accessible via "All Programs" and/or "WinExplore" before FakeAlert visited (includes my password manager!).
c) Icons associated with some of the "before" programs are dim, but still work. The icons for the "after" programs are bright as usual.
Do you think it's time to bite the bullet and reinstall everything? Setting up new passwords will be a real pain, but if needs must..
I look forward to your comments.
Again, thank you for your interest and help.
secWEL
Lets try this quick scan
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Hello
The scan found no infections. The report text:
2011/07/14 11:26:46.0328 3840 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/14 11:26:46.0640 3840 ================================================================================
2011/07/14 11:26:46.0640 3840 SystemInfo:
2011/07/14 11:26:46.0640 3840
2011/07/14 11:26:46.0640 3840 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/14 11:26:46.0640 3840 Product type: Workstation
2011/07/14 11:26:46.0656 3840 ComputerName: AMD2-3A4FB6A446
2011/07/14 11:26:46.0656 3840 UserName: WEL
2011/07/14 11:26:46.0656 3840 Windows directory: C:\WINDOWS
2011/07/14 11:26:46.0656 3840 System windows directory: C:\WINDOWS
2011/07/14 11:26:46.0656 3840 Processor architecture: Intel x86
2011/07/14 11:26:46.0656 3840 Number of processors: 2
2011/07/14 11:26:46.0656 3840 Page size: 0x1000
2011/07/14 11:26:46.0656 3840 Boot type: Normal boot
2011/07/14 11:26:46.0656 3840 ================================================================================
2011/07/14 11:26:54.0984 3840 Initialize success
2011/07/14 11:32:29.0609 4724 ================================================================================
2011/07/14 11:32:29.0609 4724 Scan started
2011/07/14 11:32:29.0609 4724 Mode: Manual;
2011/07/14 11:32:29.0609 4724 ================================================================================
2011/07/14 11:32:30.0765 4724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/14 11:32:30.0812 4724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/14 11:32:30.0890 4724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/14 11:32:30.0953 4724 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/07/14 11:32:31.0062 4724 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/14 11:32:31.0484 4724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/14 11:32:31.0515 4724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/14 11:32:31.0578 4724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/14 11:32:31.0671 4724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/14 11:32:31.0812 4724 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/07/14 11:32:31.0937 4724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/14 11:32:32.0156 4724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/14 11:32:32.0203 4724 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/14 11:32:32.0328 4724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/14 11:32:32.0390 4724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/14 11:32:32.0453 4724 cdrbsdrv (248349293ca42ee5db61dc1fd85a2f49) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2011/07/14 11:32:32.0562 4724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/14 11:32:32.0609 4724 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/07/14 11:32:32.0781 4724 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/07/14 11:32:33.0140 4724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/14 11:32:33.0218 4724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/14 11:32:33.0281 4724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/14 11:32:33.0296 4724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/14 11:32:33.0343 4724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/14 11:32:33.0421 4724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/14 11:32:33.0500 4724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/14 11:32:33.0562 4724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/14 11:32:33.0640 4724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/14 11:32:33.0671 4724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/14 11:32:33.0765 4724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/14 11:32:33.0828 4724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/14 11:32:33.0859 4724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/14 11:32:33.0890 4724 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/07/14 11:32:33.0953 4724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/14 11:32:34.0359 4724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/14 11:32:34.0656 4724 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/14 11:32:35.0015 4724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/14 11:32:35.0281 4724 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) C:\WINDOWS\system32\drivers\hotcore3.sys
2011/07/14 11:32:35.0343 4724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/14 11:32:35.0468 4724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/14 11:32:35.0546 4724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/14 11:32:35.0734 4724 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/14 11:32:35.0796 4724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/14 11:32:35.0843 4724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/14 11:32:35.0875 4724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/14 11:32:35.0921 4724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/14 11:32:35.0968 4724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/14 11:32:36.0031 4724 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/07/14 11:32:36.0156 4724 iviVD (73778be4af895e27a55c648f0d287312) C:\WINDOWS\system32\DRIVERS\iviVD.sys
2011/07/14 11:32:36.0203 4724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/14 11:32:36.0250 4724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/14 11:32:36.0312 4724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/14 11:32:36.0375 4724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/14 11:32:36.0421 4724 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/07/14 11:32:36.0562 4724 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/07/14 11:32:36.0687 4724 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/07/14 11:32:36.0796 4724 LHidUsbK (f99fddb71da6a66ee2ebcc49f5bfadbb) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
2011/07/14 11:32:36.0984 4724 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/07/14 11:32:37.0109 4724 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/07/14 11:32:37.0234 4724 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2011/07/14 11:32:37.0359 4724 LUsbKbd (d707e03cebc1a19dd920366bb8a6a640) C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
2011/07/14 11:32:37.0609 4724 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/07/14 11:32:37.0890 4724 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/14 11:32:37.0968 4724 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/14 11:32:37.0984 4724 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/14 11:32:38.0109 4724 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/14 11:32:38.0156 4724 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/07/14 11:32:38.0296 4724 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/14 11:32:38.0359 4724 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/14 11:32:38.0453 4724 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/14 11:32:38.0546 4724 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/07/14 11:32:38.0671 4724 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/07/14 11:32:38.0796 4724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/14 11:32:38.0875 4724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/14 11:32:38.0937 4724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/14 11:32:38.0984 4724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/14 11:32:39.0062 4724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/14 11:32:39.0156 4724 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/14 11:32:39.0296 4724 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/14 11:32:39.0468 4724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/14 11:32:39.0515 4724 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/14 11:32:39.0546 4724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/14 11:32:39.0593 4724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/14 11:32:39.0640 4724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/14 11:32:39.0703 4724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/14 11:32:39.0828 4724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/14 11:32:39.0875 4724 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/14 11:32:39.0937 4724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/14 11:32:39.0984 4724 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/14 11:32:40.0078 4724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/14 11:32:40.0125 4724 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/14 11:32:40.0156 4724 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/14 11:32:40.0187 4724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/14 11:32:40.0218 4724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/14 11:32:40.0281 4724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/14 11:32:40.0390 4724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/14 11:32:40.0421 4724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/14 11:32:40.0515 4724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/14 11:32:40.0546 4724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/14 11:32:40.0593 4724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/14 11:32:40.0953 4724 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/14 11:32:41.0437 4724 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/07/14 11:32:41.0484 4724 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/07/14 11:32:41.0531 4724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/14 11:32:41.0578 4724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/14 11:32:41.0671 4724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/14 11:32:41.0734 4724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/14 11:32:41.0796 4724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/14 11:32:41.0812 4724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/14 11:32:41.0906 4724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/14 11:32:41.0953 4724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/14 11:32:42.0171 4724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/14 11:32:42.0234 4724 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/14 11:32:42.0296 4724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/14 11:32:42.0343 4724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/14 11:32:42.0390 4724 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/14 11:32:42.0562 4724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/14 11:32:42.0640 4724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/14 11:32:42.0656 4724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/14 11:32:42.0734 4724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/14 11:32:42.0781 4724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/14 11:32:42.0812 4724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/14 11:32:42.0859 4724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/14 11:32:42.0921 4724 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/14 11:32:42.0984 4724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/14 11:32:43.0078 4724 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/07/14 11:32:43.0203 4724 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/14 11:32:43.0250 4724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/14 11:32:43.0343 4724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/14 11:32:43.0390 4724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/14 11:32:43.0453 4724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/14 11:32:43.0546 4724 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/14 11:32:43.0640 4724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/14 11:32:43.0812 4724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/14 11:32:43.0890 4724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/14 11:32:43.0953 4724 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/14 11:32:44.0015 4724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/14 11:32:44.0046 4724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/14 11:32:44.0156 4724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/14 11:32:44.0234 4724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/14 11:32:44.0312 4724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/14 11:32:44.0359 4724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/14 11:32:44.0406 4724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/14 11:32:44.0500 4724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/14 11:32:44.0578 4724 UimBus (e3cfd4fce555784869a9243a71efcb22) C:\WINDOWS\system32\DRIVERS\UimBus.sys
2011/07/14 11:32:44.0671 4724 Uim_IM (5237bb4b8390325936a38b55d72c23b4) C:\WINDOWS\system32\Drivers\Uim_IM.sys
2011/07/14 11:32:44.0843 4724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/14 11:32:44.0921 4724 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/14 11:32:45.0218 4724 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/14 11:32:45.0281 4724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/14 11:32:45.0343 4724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/14 11:32:45.0375 4724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/14 11:32:45.0406 4724 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/14 11:32:45.0437 4724 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/14 11:32:45.0500 4724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/14 11:32:45.0546 4724 USBSNXSTOR (ec6397ef52080f1ad636df3d8e2ebe29) C:\WINDOWS\system32\DRIVERS\Usbsnx2k.SYS
2011/07/14 11:32:45.0687 4724 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/14 11:32:45.0750 4724 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/14 11:32:45.0781 4724 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/07/14 11:32:45.0890 4724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/14 11:32:45.0968 4724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/14 11:32:46.0046 4724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/14 11:32:46.0093 4724 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/14 11:32:46.0265 4724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/14 11:32:46.0375 4724 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/14 11:32:46.0421 4724 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/14 11:32:46.0515 4724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/14 11:32:46.0546 4724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/14 11:32:46.0593 4724 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/14 11:32:46.0718 4724 MBR (0x1B8) (bd58f6a1fe22e7d1550df0c62ade9830) \Device\Harddisk1\DR1
2011/07/14 11:32:46.0968 4724 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR13
2011/07/14 11:32:46.0984 4724 Boot (0x1200) (3dadafad81db6e2222574ae25839efb8) \Device\Harddisk0\DR0\Partition0
2011/07/14 11:32:47.0015 4724 Boot (0x1200) (f15bd1e8c609a1396c25efb745e2864c) \Device\Harddisk0\DR0\Partition1
2011/07/14 11:32:47.0031 4724 Boot (0x1200) (0b3274c68810a23fa8c14b3b9b189373) \Device\Harddisk1\DR1\Partition0
2011/07/14 11:32:47.0046 4724 Boot (0x1200) (616089e4188ca5f4c953600d74584f02) \Device\Harddisk1\DR1\Partition1
2011/07/14 11:32:47.0046 4724 Boot (0x1200) (72d57d9a51034c78e46b0c7ac743bc68) \Device\Harddisk1\DR1\Partition2
2011/07/14 11:32:47.0062 4724 Boot (0x1200) (d06b414010a4767708a01274b6d066bb) \Device\Harddisk1\DR1\Partition3
2011/07/14 11:32:47.0078 4724 Boot (0x1200) (62b6726c684c48a90205dd24108836bc) \Device\Harddisk1\DR1\Partition4
2011/07/14 11:32:47.0078 4724 Boot (0x1200) (ea82a9fb44b6c135bd1e4380ba155414) \Device\Harddisk1\DR1\Partition5
2011/07/14 11:32:47.0093 4724 Boot (0x1200) (faf775768c23b93ac48e29eab1cffef8) \Device\Harddisk1\DR1\Partition6
2011/07/14 11:32:47.0109 4724 Boot (0x1200) (d9af543480082164286dfcb87cffdc61) \Device\Harddisk1\DR1\Partition7
2011/07/14 11:32:47.0109 4724 Boot (0x1200) (0aacdc8067d4e2310cc52fa255f707e5) \Device\Harddisk1\DR1\Partition8
2011/07/14 11:32:47.0125 4724 Boot (0x1200) (5c4d7bc7806a9c484dd66bae80683e56) \Device\Harddisk2\DR13\Partition0
2011/07/14 11:32:47.0140 4724 ================================================================================
2011/07/14 11:32:47.0140 4724 Scan finished
2011/07/14 11:32:47.0140 4724 ================================================================================
2011/07/14 11:32:47.0140 2120 Detected object count: 0
2011/07/14 11:32:47.0140 2120 Actual detected object count: 0
END OF REPORT
I ran the scan twice because I could not find the log of the first run.
The result was the same - no infection.
I suppose the problem now is to find and repair all the damage done by FakeAlert. What would have happened if I paid them? Probably another event and demand for cash in the near future.
Thanks again.
secWEL
The greater percentage of this garbage comes from the uKraine, where there are actually gangs of cyber criminals, these dirt bags make a lot of money duping clueless people into taking the bait. If you would have purchased the program, first off it would not have changed things, you would still be infected, by there rogue program, nothing else, second you would have given your credit card number and whatever else they asked for to Cyber Criminals. :sad:
Looks like there is no rootkit , thats good :bigthumb:
Why dont you post here in this windows forum and let them help you sort out those problems, we just do malware removal on this one, but all us forums work together so link them to this thread so they can see what we have done and if they feel its not windows related and still malware we can dig deeper if need be.
Like Safer its free but you will need to register
http://forums.whatthetech.com/index.php?showforum=119
Ken
Hello Ken
I am trying the "Tech".
Thank you for all your time and help. I would like to learn to work with you, but at 80 I am a bit long in the tooth.
Be lucky.
Thank you.
Bill Lewis
secWEL
Hello Bill,
Thank you for all your time and help. I would like to learn to work with you, but at 80 I am a bit long in the tooth. :laugh:
Well, I am 72 myself, been at this for almost 10 years, been in computing since windows 3.1, malware knows no age boundaries :)
Good luck on the tech forum, I will keep this open for you for about a week in case you need to come back, if its closed just start a new topic
Hello Ken
jimbo1 at the "Tech" suggested I try another unhide and it worked. All programs now appear in all lists, my password manager is back and all icons are bright. Magic!
I am truly grateful for your help and will make a donation to the funds (circumstances mean it will be modest and by no means an assessment of value received).
I need to make changes in my computer setup and will certainly try to tighten security.
Perhaps circumstances wil allow me to take the training so that I can try to help you folks.
Fight the good fight and be lucky!
With many thanks
Bill Lewis
secWEL:thanks:
Thats great Bill, glad to hear all is well :bigthumb:
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
Malwarebytes is the free version and yours to keep and will not be removed
Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Hello Ken
Thanks for your further help. I will put all of your recommendatios into practice.
Be lucky
Bill
Your welcome Bill,
Take care,
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.