FakeAlert Damage

**secWEL** · 2011-06-28, 16:32

Hello
I desperately need your help.
On 22nd June I lost control of my computer and was invited to purchase remedial software, taking this to be extortion I refused. I ran McAfee anti-virus (this is always live on my machine) and MalwareBytes to discover that there were versions of the FakeAlert trojan present. These were cleared, but left the machine with no icons or background on the desktop and access only to programs on the C: drive ( the hard-drives are partitioned and most applications are on the D: drive, with some on other drives.
Research on the net led me to your site and SpyBot. The advice provided by “tashi” I downloaded and ran ERUNT, DDS and SpyBot. Unfortunately I ran the remedial option on SpyBot which did not eliminate all problems, but did seem to inhibit the restarting of the computer.

I booted in safe-mode and scanned with both MalwareBytes and McAfee, both reported no problems. It was then, perhaps coincidentally, possible to boot normally. Only recent added icons and no wallpaper was available on the desktop. Investigation showed that there was no access to drives holding programs (but using Run, browse I was able to run MS Outlook which is on the C: drive. I again ran ERUNT, DDS and SpyBot (did not invoke remedial action in SpyBot) and discovered that I could not access the SpyBot folder to view the report. The “Applications” folder could not been seen in eithe Explorer or Run/Browse. I ran SpyBot again and recorded the report in another folder using copy/paste.

This report is given here:

--- Report generated: 2011-06-24 20:46 ---

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

DoubleClick: Tracking cookie (Internet Explorer: WEL) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Please can you help me?

I have tried SupportSpace and was told that files are damaged and advised to reload XP Pro. I can't accept this because I believe the file are still there but access is blocked e.g. I can run SpyBot from the desktop icon, but cannot find it with Win Explorer.

William Lewis

**ken545** · 2011-07-02, 03:08

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Information on A/V control Here

**secWEL** · 2011-07-02, 16:18

Thank you for responding.

Here is DDSreport:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by WEL at 14:59:53 on 2011-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1239 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\USB Disk Tool\USNDISKT.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe
D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
svchost.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
C:\progra~1\brainbullet\Brain Bullet.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\progra~1\brainbullet\mblit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Documents and Settings\WEL\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by BT Yahoo!
uStart Page = hxxp://home.bt.yahoo.com/
uDefault_Page_URL = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511113155.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Uniblue RegistryBooster 2009] d:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM_Monitor] d:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [UIWatcher] d:\program files\ashampoo\ashampoo uninstaller 4\UIWatcher.exe
uRun: [BrainBullet] c:\progra~1\brainbullet\Brain Bullet.exe STARTUP
uRun: [GTV GlobalIM] d:\program files\business dashboard\global.im.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "d:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [USB Disk Tool] d:\program files\usb disk tool\USNDISKT.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DefragTaskBar] "c:\program files\ashampoo\ashampoo magical defrag 2\bin\defragTaskBar.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [OM_Monitor] d:\program files\olympus\olympus master\FirstStart.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ashampoo Core Tuner] "d:\program files\ashampoo\ashampoo core tuner\ct.exe" -TRAY
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Ashampoo HDD Control Guard] d:\program files\ashampoo\ashampoo hdd control\HDDControlGuard.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TaskTray]
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{07DC44C0-BEF6-4D56-8786-1D8366ED48F9} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: "c:\progra~1\google\google desktop search\GoogleDesktopNetwork3.dll"
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-3-3 38448]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-24 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\boomerang software\guardian pc security tools\PfftWrk.exe [2008-9-18 98304]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 366640]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-29 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-21 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-24 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-24 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-24 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-24 56064]
S3 cpuz132;cpuz132;\??\c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-24 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [2008-6-30 53083]
.
=============== Created Last 30 ================
.
2011-06-27 10:43:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 10:43:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 20:11:19 -------- d-----w- c:\documents and settings\wel\Security 201106
2011-06-23 11:02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-23 11:02:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-21 15:57:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02:12 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50:38 -------- d-----w- c:\documents and settings\wel\application data\McAfee
2011-06-19 17:52:38 -------- d-----w- c:\program files\Serif
2011-06-15 15:54:33 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26:15 -------- d--h--w- c:\documents and settings\wel\application data\alot
2011-06-12 09:26:15 -------- d-----w- c:\program files\alot
2011-06-10 16:16:07 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16:07 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57:39 -------- d-----w- c:\documents and settings\all users\application data\Driver Boost
.
==================== Find3M ====================
.
2011-06-15 15:48:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 16:18:22 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-06-10 16:18:22 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-06-10 16:18:17 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-16 11:23:31 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19:22 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 15:01:13.84 ===============

Sorry I have lost winzip and will have to reinstall. Will post again later with the "attach ".

Than you.

secWEL

**secWEL** · 2011-07-02, 16:39

Sorry for the delay. As stated earlier I have lost access to nearly all programs.
I have copied the "attach" file to an OpenOffice Write document and compressed it with 7 Zip, which I had to done load despite the instruction not to add any files. Sorry but it was the only way.

Thanks again

secWEL

**ken545** · 2011-07-02, 19:06

All scans we run will open a log in Notepad so need to to zip, just copy and paste.

You have uTorrent installed, using P2P programs guarantee you will become infected, I need you to uninstall it via Add Remove Programs in the Control Panel.

Download CKScanner by askey127 from Here & save it to your Desktop.

Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

**secWEL** · 2011-07-03, 15:48

Hello ken545

Thank you for the fast response.

I cannot find uTorrent on the Add/Remove software list, nor can I find it with the XP search utility but this does not seem to be able to access the D: and other drives. Windows Explorer shows the D: dirve and other drives as being empty.

Despite not being able to remove uTorrent, I have run “CKScanner. The contents of the “CKFiles.txt “ are:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OCAPUB
----- EOF -----

I was surprised by how quickly the scan was completed and by the result; should I run it again?

Looking forward to hearing from you.

Regards

SecWEL

**ken545** · 2011-07-03, 16:47

Not a problem, just want to alert you to the dangers of these type programs

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**secWEL** · 2011-07-03, 18:50

Den ken545

Thanks for another prompt reply - very much appreciated.

I Disable McAfee but ComboFix thought it was still running and warned about possible problems, but I ran it anyway.

The report is below. I am amazed by the number of temporry files listed, I thought they had all been cleared.

ComboFix said:

ComboFix 11-07-02.03 - WEL 03/07/2011 17:05:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1161 [GMT 1:00]
Running from: c:\documents and settings\WEL\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
..
Other Deletions .
.
c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\documents and settings\WEL\Application Data\.#
c:\documents and settings\WEL\Application Data\.#\MBX@1124@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FB0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FE0.###
c:\documents and settings\WEL\Application Data\alot
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\WEL\Application Data\alot\products\products.xml
c:\documents and settings\WEL\Application Data\alot\products\products.xml.backup
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\clear.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\cloudy.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\mcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\pcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\rain.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\shower.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\icon_configure.JPG
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbar.xml
c:\documents and settings\WEL\Application Data\alot\toolbar.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\WEL\Application Data\PriceGong
c:\documents and settings\WEL\Application Data\PriceGong\Data\1.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\a.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\b.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\c.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\d.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\e.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\f.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\g.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\h.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\i.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\J.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\k.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\l.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\m.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\n.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\o.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\p.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\q.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\r.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\s.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\t.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\u.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\v.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\w.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\x.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\y.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\z.xml
c:\documents and settings\WEL\Desktop\Internet Explorer.lnk
c:\documents and settings\WEL\Desktop\Windows XP Repair.lnk
c:\documents and settings\WEL\g2mdlhlpx.exe
c:\documents and settings\WEL\GoToAssistDownloadHelper.exe
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc109.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc110.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc128.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc129.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc131.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc133.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc137.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc138.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc140.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc141.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc144.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc145.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc146.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc147.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc148.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc149.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc153.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc154.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc155.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc157.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc158.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc159.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc160.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc161.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc162.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc166.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc167.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc168.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc169.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc172.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc175.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc177.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc180.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc184.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc185.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc186.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc187.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc188.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1AA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1F6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc207.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc20C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc22D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc238.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc239.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc23C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc241.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc242.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc24C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc256.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc261.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc264.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc273.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc27C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc29D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2A5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2DA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc362.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3CD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc469.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4F3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc582.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc778.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc784.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFF.tmp

ken545 THIS POST IS TOO LONG WILL SEND SECOND PART IMMEDIATELY.

Many thanks.
secWEL

**secWEL** · 2011-07-03, 18:53

Dear ken545

Second part of CombFix report:

c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\documents and settings\WEL\WINDOWS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\ini
c:\windows\system32\ini\DTYPE.CPG
c:\windows\system32\ini\DTYPE.FLS
c:\windows\system32\ini\DTYPE.PAT
c:\windows\system32\ini\DTYPE.PHY
c:\windows\system32\ini\DTYPE.STL
c:\windows\system32\ini\gs002.gsl
c:\windows\system32\ini\gs004.gsl
c:\windows\system32\ini\gs006.gsl
c:\windows\system32\ini\gs016.gsl
c:\windows\system32\ini\gs256.gsl
c:\windows\system32\ini\gssqrt.gsl
c:\windows\system32\LocalService
c:\windows\system32\rnaph.dll
C:\xcrashdump.dat
D:\uninstall.exe
W:\autorun.inf
.
Files Created from 2011-06-03 to 2011-07-03 .
.
2011-06-27 10:43 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 10:43 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 20:11 . 2011-07-03 09:45 -------- d-----w- c:\documents and settings\WEL\Security 201106
2011-06-23 11:02 . 2011-06-23 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-23 11:02 . 2011-06-23 11:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 18:56 . 2011-06-22 18:57 -------- d-----w- c:\program files\ERUNT
2011-06-21 15:57 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02 . 2011-06-21 15:02 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50 . 2011-06-21 13:50 -------- d-----w- c:\documents and settings\WEL\Application Data\McAfee
2011-06-19 17:52 . 2011-06-19 17:52 -------- d-----w- c:\program files\Serif
2011-06-15 15:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26 . 2011-06-12 09:26 -------- d-----w- c:\program files\alot
2011-06-10 16:16 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57 . 2011-06-10 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost
..
.
Find3M Report
.
2011-06-15 15:48 . 2011-05-14 09:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-02-24 16:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05 . 2008-06-11 19:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-25 06:09 . 2011-04-07 21:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-07 21:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-04-07 21:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-05-12 14:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-05-12 14:42 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-05-12 14:42 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-04-07 21:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2006-08-16 07:35 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2011-05-12 14:42 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2008-05-16 13:01 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2006-08-16 07:35 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2006-08-16 07:35 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2006-08-16 07:35 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-16 11:23 . 2011-05-16 11:23 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31 . 2008-06-10 14:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19 . 2011-04-20 13:19 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01 . 2011-02-24 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2011-02-24 16:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01 . 2011-02-24 16:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2011-02-24 16:16 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01 . 2011-02-24 16:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2011-02-24 16:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01 . 2011-02-24 16:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01 . 2011-02-24 16:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2011-01-29 20:02 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2010-10-13 22:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01 . 2010-10-13 22:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-08 05:14 . 2011-05-12 14:42 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-12 14:42 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-16 04:32 . 2011-03-25 12:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-30 16:15 . 2010-03-03 10:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 13:01 . 2011-02-24 16:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
..
Reg Loading Points
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"UIWatcher"="d:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-01-04 2530648]
"BrainBullet"="c:\progra~1\brainbullet\Brain Bullet.exe" [2006-12-15 140800]
"GTV GlobalIM"="d:\program files\Business Dashboard\global.im.exe" [2006-05-11 188416]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-05-10 1205760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"USB Disk Tool"="d:\program files\USB Disk Tool\USNDISKT.EXE" [2003-04-02 122880]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Ashampoo Core Tuner"="d:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-09-25 3334488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Ashampoo HDD Control Guard"="d:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-02-16 3994456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\WEL\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2010-4-2 403968]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-7-27 29696]
EPSON Background Monitor.lnk - c:\program files\EPSON\ESM2\STMS.exe [1999-6-7 233984]
hueyPROTray.lnk - d:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-1-18 1081344]
InterVideo WinCinema Manager.lnk - d:\program files\Corel\Common\Bin\WinCinemaMgr.exe [2008-12-8 114688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-22 805392]
Portfolio Express 8.5.lnk - d:\program files\Extensis\Portfolio 8.5\Portfolio Express.exe [2010-4-26 3280896]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [03/03/2010 20:13 38448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [24/02/2011 17:16 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe [18/09/2008 10:10 98304]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2011 16:57 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [24/02/2011 17:17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [29/01/2011 21:02 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 15:49 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [01/04/2011 05:11 428640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [24/02/2011 17:16 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2011 16:57 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [24/02/2011 17:16 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/03/2010 11:19 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [24/02/2011 17:16 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [30/06/2008 19:28 53083]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://home.bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - d:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-TaskTray - (no file)
Notify-70e961f0658 - (no file)
AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe
AddRemove-JESSOPS - D:\uninstall.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Relaxation-CDs.com Screensaver - c:\windows\uninstall Relaxati.exe...
**************************************************************************.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 17:31
Windows 5.1.2600 Service Pack 3 NTFS.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0.
**********************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-07-03 17:35:18
ComboFix-quarantined-files.txt 2011-07-03 16:35
.
Pre-Run: 58,444,079,104 bytes free
Post-Run: 59,194,941,440 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 654024D73E2E79C52B8896708317F628

I hope the split file does not make things more difficult for you.

Thank you

secWEL

**ken545** · 2011-07-03, 20:09

You did just fine

MyAshampoo<-- Do you use this toolbar, it appears to fall somewhere in the gray area ?

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\system32\drivers\oxrsavq.sys<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

Keep Combofix on your desktop, we may need to run it again

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

Thread: FakeAlert Damage

Thread Tools

Display