Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

requesting help


  • This topic is locked This topic is locked
50 replies to this topic

#1 hopelessgirl

hopelessgirl

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 12:25 PM

I scanned my pc with malwarebytes antimalware, and after the scan malwarebytes found 2 infections which are malware.traces and trojan.vundo I press the remove button.And after the second scan malware.traces and trojan.vundo show up again.I dont know what to do with malware.traces and trojan.vundo. I really neeeded help. Thanks you for advance.
Posted Image

BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 12:36 PM

Hello, hopelessgirl

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
DDS

Posted Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
  • Paste the contents of DDS.txt in your next reply.
OTViewIt

We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


In your next reply, please post:
  • DDS log
  • OTViewIt logs

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 01:00 PM

how do you disable your script blocker?
Posted Image

#4 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 01:16 PM

on my next reply do i post attach.txt and extra.txt
Posted Image

#5 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 01:17 PM

You may not have one, if you experience trouble running the scan, then let me know what it was.

Note: When you see the black dos window like this:

Posted Image

The scan is taking place. A log will pop up when complete. It should not take longer than 3 minutes.

Edited by Jat90, 03 January 2009 - 01:18 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#6 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 03 January 2009 - 01:20 PM

DDS Log:


DDS (Version 1.1.0) - NTFSx86
Run by alma pacturan at 18:13:50.76 on 03/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.959.496 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\alma pacturan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo! UK & Ireland
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {b559b59d-8a5a-7c7b-a794-224fcad3969d}: {d9693dac-f422-497a-b7c7-a5a8d95b955b} - c:\windows\system32\ywobmr.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: PBUKV2: {4e7bd74f-2b8d-469e-a0e8-f479b685fa7d} - c:\windows\system32\pbukv2.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DB] c:\windows\db\winlogon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [btbb_wcm_McciTrayApp] c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [Motive SmartBridge] c:\progra~1\bttota~1\help\smartb~1\BTHelpNotifier.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\almapa~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\almapa~1\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\docume~1\almapa~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\almapa~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt total broadband 220v\help\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digima~1.lnk - c:\program files\samsung\digimax viewer 2.1\STImgBrowser.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - ?p=ZUxdm021YYGB
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROPROJ.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\MSERO.DLL
AppInit_DLLs: ywobmr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: msxn32.dll - {68793502-30DD-C48A-01C7-98CD00B7FB5D} - c:\windows\system32\msxn32.dll

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-16 99376]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-8-12 1245064]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-2 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys --> c:\ijji\english\gunbound revolution\gameguard\dump_wmimmc.sys [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081219.053\NAVENG.SYS [2008-12-20 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081219.053\NAVEX15.SYS [2008-12-20 876112]
S3 ZSMC302;PCL-W310;c:\windows\system32\drivers\usbvm302.sys [2005-11-11 93962]

=============== Created Last 30 ================

2008-12-28 10:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2008-12-23 17:39 <DIR> --d----- C:\VundoFix Backups
2008-12-23 10:18 <DIR> --d----- c:\docume~1\almapa~1\applic~1\Malwarebytes
2008-12-23 10:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-23 10:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 10:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 10:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-23 10:01 131,584 a------- c:\windows\system32\ywobmr.dll
2008-12-23 10:01 131,584 a------- c:\windows\system32\hjsxmylq.dll
2008-12-21 20:58 <DIR> --d----- C:\ProgramData
2008-12-21 20:58 <DIR> --d----- c:\program files\Angle Interactive
2008-12-21 14:47 135,680 a------- c:\windows\system32\mxockr.dll
2008-12-21 14:47 135,680 a------- c:\windows\system32\oeryvrkv.dll
2008-12-21 14:32 135,680 a------- c:\windows\system32\xfjqve.dll
2008-12-21 14:32 135,680 a------- c:\windows\system32\lytfjrnr.dll

==================== Find3M ====================

2008-12-13 06:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2008-11-28 21:47 31 a------- c:\documents and settings\alma pacturan\jagex_runescape_preferences.dat
2008-11-21 20:48 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-01 14:14 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-20 10:00 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-01-02 17:23 472,408 a------- c:\program files\BackUpSet.exe
2008-01-02 16:49 4,098,560 a------- c:\program files\SymADataWeb.msi
2008-01-02 16:15 3,457,504 a------- c:\program files\lusetup.exe

============= FINISH: 18:14:24.35 ===============



OTViewIt logfile created on: 03/01/2009 18:18:03 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\alma pacturan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.73 Mb Total Physical Memory | 458.12 Mb Available Physical Memory | 47.78% Memory free
2.26 Gb Paging File | 1.86 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.29 Gb Total Space | 155.43 Gb Free Space | 86.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: alma
Current User Name: alma pacturan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2004/02/25 09:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/02/21 22:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2005/01/28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
[2005/01/28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
[2005/01/28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
[2005/01/07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HIDSERVICE.exe
[2005/01/28 10:11:42 | 00,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
[2008/11/21 20:49:00 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/08/28 23:53:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
[2008/04/14 00:12:35 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slrundll.exe
[2005/01/20 19:04:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2005/01/28 10:10:32 | 00,110,740 | ---- | M] (CyberLink Corp.) -- C:\Apps\Powercinema\PCMService.exe
[2003/05/08 11:00:58 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[2006/07/21 16:19:46 | 00,129,536 | ---- | M] (Yahoo! Inc.) -- C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2008/09/11 06:55:40 | 01,517,056 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
[2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/08/28 19:33:03 | 01,516,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
[2005/11/10 13:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2006/03/03 14:18:10 | 00,200,704 | ---- | M] (Yahoo!, Inc.) -- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
[2008/07/11 17:06:38 | 00,223,984 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[2005/10/26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2006/11/28 00:12:24 | 02,658,304 | ---- | M] () -- C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
[2006/06/27 15:21:14 | 01,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[2008/02/20 16:19:44 | 00,356,352 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[2004/08/20 13:58:24 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
[2005/06/08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
[2006/06/05 12:59:18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
[2006/06/09 09:37:18 | 00,471,552 | ---- | M] (Nokia Corporation) -- C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
[2005/01/04 15:52:52 | 00,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[1996/11/17 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
[2006/12/06 03:09:30 | 00,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
[2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
[2005/08/10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
[2006/03/16 09:43:28 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2008/08/12 11:49:54 | 01,245,064 | ---- | M] () -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/01/03 18:17:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alma pacturan\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

File not found -- -- (Alerter [Disabled | Stopped])
File not found -- -- (AOL ACS [Auto | Running])
File not found -- -- (Apple Mobile Device [Auto | Running])
File not found -- -- (AppMgmt [On_Demand | Stopped])
File not found -- -- (aspnet_state [On_Demand | Stopped])
File not found -- -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/11/01 14:10:53 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\bits -- (BITS [On_Demand | Stopped])
File not found -- -- (ccEvtMgr [On_Demand | Stopped])
File not found -- -- (ccSetMgr [Auto | Running])
File not found -- -- (CLCapSvc [Auto | Running])
File not found -- -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (CLSched [Auto | Running])
File not found -- -- (CLTNetCnService [Auto | Running])
File not found -- -- (comHost [On_Demand | Stopped])
File not found -- -- (COMSysApp [On_Demand | Stopped])
File not found -- -- (CyberLink Media Library Service [Auto | Running])
File not found -- -- (DcomLaunch [Auto | Running])
[2005/11/12 02:40:44 | 00,000,000 | ---D | M] -- C:\WINDOWS\System32\dhcp -- (Dhcp [Auto | Running])
File not found -- -- (Dnscache [Disabled | Stopped])
File not found -- -- (EapHost [On_Demand | Stopped])
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll -- (Eventlog [Auto | Running])
[2008/12/27 18:00:44 | 00,161,144 | ---- | M] () -- C:\WINDOWS\EventSystem.log -- (EventSystem [On_Demand | Running])
File not found -- -- (FastUserSwitchingCompatibility [On_Demand | Running])
File not found -- -- (GenericHidService [Auto | Running])
File not found -- -- (gusvc [On_Demand | Stopped])
File not found -- -- (helpsvc [Auto | Running])
File not found -- -- (HidServ [Disabled | Stopped])
File not found -- -- (hkmsvc [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Running])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (JavaQuickStarterService [Auto | Running])
File not found -- -- (lanmanserver [Auto | Running])
File not found -- -- (lanmanworkstation [Auto | Running])
File not found -- -- (LiveUpdate [On_Demand | Stopped])
File not found -- -- (LiveUpdate Notice [Auto | Running])
File not found -- -- (LmHosts [Auto | Running])
File not found -- -- (McciCMService [Auto | Running])
File not found -- -- (Messenger [Disabled | Stopped])
[2005/11/12 02:43:26 | 00,000,000 | ---D | M] -- C:\WINDOWS\system32\msdtc -- (MSDTC [On_Demand | Stopped])
File not found -- -- (MSIServer [On_Demand | Stopped])
File not found -- -- (napagent [On_Demand | Stopped])
File not found -- -- (NetDDEdsdm [Disabled | Stopped])
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
File not found -- -- (Nla [On_Demand | Running])
File not found -- -- (NtLmSsp [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
[2008/04/14 00:12:03 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll -- (RasMan [On_Demand | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (RemoteAccess [Auto | Running])
File not found -- -- (RpcLocator [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (Schedule [Auto | Running])
File not found -- -- (ServiceLayer [On_Demand | Running])
File not found -- -- (SharedAccess [Auto | Running])
File not found -- -- (ShellHWDetection [Auto | Running])
File not found -- -- (SLService [Auto | Stopped])
File not found -- -- (Spooler [Auto | Running])
File not found -- -- (srservice [Auto | Running])
File not found -- -- (stisvc [Auto | Running])
[2004/08/04 13:00:00 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\swprv.dll -- (SwPrv [On_Demand | Stopped])
File not found -- -- (Symantec Core LC [On_Demand | Running])
File not found -- -- (SysmonLog [On_Demand | Stopped])
File not found -- -- (TermService [On_Demand | Running])
File not found -- -- (Themes [Auto | Running])
File not found -- -- (usprserv [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
File not found -- -- (WebClient [Auto | Running])
File not found -- -- (winmgmt [Auto | Running])
File not found -- -- (WmdmPmSN [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
File not found -- -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfSvc.dll -- (WudfSvc [Auto | Running])
[2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\System32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Driver Services ==========

[2005/01/28 16:48:58 | 02,310,272 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
File not found -- -- (cbidf [Boot | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2008/07/30 17:28:04 | 00,010,537 | ---- | M] () -- C:\WINDOWS\System32\drivers\COH_Mon.cat -- (COH_Mon [On_Demand | Stopped])
[2007/08/09 15:32:24 | 00,010,588 | R--- | M] () -- C:\WINDOWS\System32\drivers\co_mon.cat -- (CO_Mon [Auto | Running])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
File not found -- -- (eeCtrl [System | Running])
File not found -- -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
File not found -- -- (Gpc [On_Demand | Running])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
File not found -- -- (MRESP50 [On_Demand | Running])
[2003/07/16 11:30:26 | 00,221,736 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
[2003/07/02 15:26:36 | 01,301,128 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Running])
[2005/01/01 00:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
[2003/07/02 14:57:10 | 00,167,384 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])
File not found -- -- (PptpMiniport [On_Demand | Running])
[2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/11/02 15:57:04 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2004/08/03 21:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\drivers\RecAgent.sys -- (RecAgent [On_Demand | Running])
File not found -- -- (RTL8023xp [On_Demand | Running])
[2007/11/02 13:22:36 | 00,083,496 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217bus.sys -- (s217bus [On_Demand | Stopped])
[2007/11/02 13:22:36 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217mdfl.sys -- (s217mdfl [On_Demand | Stopped])
[2007/11/02 13:22:36 | 00,109,992 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217mdm.sys -- (s217mdm [On_Demand | Stopped])
[2007/11/02 13:22:38 | 00,103,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217mgmt.sys -- (s217mgmt [On_Demand | Stopped])
[2007/11/02 13:22:38 | 00,024,872 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217nd5.sys -- (s217nd5 [On_Demand | Stopped])
[2007/11/02 13:22:38 | 00,100,008 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s217obex.sys -- (s217obex [On_Demand | Stopped])
[2007/11/02 13:22:38 | 00,105,896 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\s217unic.sys -- (s217unic [On_Demand | Stopped])
[2006/04/28 17:24:42 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\SE27bus.sys -- (SE27bus [On_Demand | Stopped])
[2006/04/28 17:25:40 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])
[2006/04/28 17:25:44 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])
[2006/04/28 17:26:46 | 00,088,688 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])
[2006/04/28 15:24:06 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\drivers\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])
[2006/04/28 17:27:48 | 00,086,560 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\SE27obex.sys -- (SE27obex [On_Demand | Stopped])
[2006/04/28 17:24:00 | 00,090,800 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\se27unic.sys -- (se27unic [On_Demand | Stopped])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
File not found -- -- (SiS315 [On_Demand | Running])
File not found -- -- (SiSkp [System | Running])
[2004/09/03 12:43:00 | 00,046,464 | ---- | M] (Silicon Integrated Systems) -- C:\WINDOWS\System32\drivers\SiSRaid.sys -- (SiSRaid [Boot | Stopped])
[2003/08/20 16:34:50 | 00,548,952 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])
[2003/07/02 15:24:36 | 00,086,128 | ---- | M] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Running])
[2003/07/02 15:12:52 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\System32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])
[2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2008/02/01 22:55:22 | 00,010,545 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat -- (SRTSP [On_Demand | Stopped])
[2008/02/01 22:55:22 | 00,010,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat -- (SRTSPL [On_Demand | Stopped])
[2008/02/01 22:55:22 | 00,010,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat -- (SRTSPX [System | Running])
[2005/03/29 21:47:42 | 00,052,416 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/03/29 21:47:58 | 00,006,096 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/03/29 21:48:02 | 00,084,512 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2008/06/13 13:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/10/20 10:00:44 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT -- (SymEvent [On_Demand | Running])
[2008/06/13 13:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2008/06/13 13:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
File not found -- -- (SYMIDSCO [On_Demand | Running])
[2008/06/13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])
File not found -- -- (SymIMMP [On_Demand | Running])
[2008/06/13 13:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2008/06/13 13:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2008/06/13 13:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2008/04/13 18:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ultra.sys -- (ultra [Boot | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
File not found -- -- (VgaSave [System | Running])
[2005/05/24 16:00:32 | 00,006,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\w800bus.inf -- (w800bus [On_Demand | Stopped])
[2005/06/13 10:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
[2005/06/13 10:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
[2005/06/13 10:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
[2005/06/13 10:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])
File not found -- -- (wanatw [On_Demand | Running])
[2004/08/04 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://uk.yahoo.com
"Default_Search_URL"=http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://uk.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
"SearchDefaultBranded"=
"Secondary Start Pages"=
"Start Page"=http://uk.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"provider"=MSN

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
"SearchDefaultBranded"=
"Secondary Start Pages"=
"Start Page"=http://uk.yahoo.com/

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (909 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{d9693dac-f422-497a-b7c7-a5a8d95b955b} (HKLM) -- C:\WINDOWS\system32\ywobmr.dll ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} (HKLM) -- C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}" (HKLM) -- C:\WINDOWS\system32\pbukv2.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}" (HKLM) -- C:\WINDOWS\system32\pbukv2.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}" (HKLM) -- C:\WINDOWS\system32\pbukv2.dll File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}" (HKLM) -- C:\WINDOWS\system32\pbukv2.dll File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" File not found
"btbb_wcm_McciTrayApp"=C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe File not found
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
"DB"=C:\WINDOWS\db\winlogon.exe File not found
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"Motive SmartBridge"=C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe File not found
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup File not found
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" File not found
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" File not found
"PCMService"="c:\Apps\Powercinema\PCMService.exe" File not found
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent (Silicon Integrated Systems Corporation)
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions File not found
"SoundMan"=SOUNDMAN.EXE File not found
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe File not found
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe File not found
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe File not found
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet File not found
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe File not found
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon File not found
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet File not found
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found

========== (O4) Startup Folders ==========

File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
File not found -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray
File not found -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\desktop
File not found -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST
File not found -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
File not found -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA
File not found -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher
File not found -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop
File not found -- C:\Documents and Settings\Guest\Start Menu\Programs\Startup\desktop

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: File not found
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Resource.dll [2004/08/26 11:26:36 | 00,200,704 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: BT Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{9455301C-CF6B-11D3-A266-00C04F689C50}: Button: Researcher -- %CommonProgramFiles%\Microsoft Shared\Encarta Researcher\EROPROJ.DLL [2002/11/27 19:29:56 | 00,344,064 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 16:33:54 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger [Messenger Class] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1764631813-4046242721-497955979-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
33 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll -- Installation Support
{4BFD075D-C36E-4F28-BB0A-5D472795197A}: http://www.powerchallenge.com/applet/PowerLoader.cab -- PowerLoader Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1144152189750 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMesse...pDownloader.cab -- MsnMessengerSetupDownloadControl Class
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_05
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{26519A12-8D3E-475F-97E7-F002EEEBD96F} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)
{8E05901F-80B5-4F9D-8605-B121CD3C39FD} (Servers: | Description: )
{F163761F-4390-449D-B969-9858AC92F31C} (Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5))
{FBD1248E-ED6A-444A-88E4-BB2DC9F73FBE} (Servers: | Description: Sony Ericsson Device 217 USB Ethernet Emulation (NDIS 5))

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=ywobmr.dll
>[2008/12/23 10:01:37 | 00,131,584 | ---- | M] () -- C:\WINDOWS\system32\ywobmr.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>File not found -- C:\WINDOWS\explorer

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>File not found -- C:\WINDOWS\system32\userinit

"UIHost"=logonui.exe
>File not found -- C:\WINDOWS\system32\logonui

"VMApplet"=rundll32 shell32,Control_RunDLL "sysdm.cpl"
>File not found -- C:\WINDOWS\system32\sysdm


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msxn32.dll"={68793502-30DD-C48A-01C7-98CD00B7FB5D} (HKLM) -- c:\windows\system32\msxn32.dll File not found

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Files/Folders - Created Within 30 Days ==========

[2009/01/03 18:17:49 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\alma pacturan\Desktop\OTViewIt.exe
[2009/01/03 17:58:23 | 00,368,784 | ---- | C] () -- C:\Documents and Settings\alma pacturan\Desktop\dds.scr
[2008/12/28 14:42:39 | 00,166,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\alma pacturan\My Documents\FixVundo.exe
[2008/12/28 10:51:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2008/12/28 10:46:03 | 00,001,865 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
[2008/12/28 10:46:03 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
[2008/12/28 10:46:03 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
[2008/12/28 10:46:03 | 00,000,764 | ---- | C] () -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
[2008/12/28 10:46:03 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\alma pacturan\Start Menu\Programs\Startup\Office Startup.lnk
[2008/12/24 13:49:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/12/23 17:39:04 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/23 10:18:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\alma pacturan\Application Data\Malwarebytes
[2008/12/23 10:18:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/23 10:18:54 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 10:18:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/23 10:18:50 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/23 10:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/23 10:01:37 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\ywobmr.dll
[2008/12/23 10:01:37 | 00,131,584 | ---- | C] () -- C:\WINDOWS\System32\hjsxmylq.dll
[2008/12/21 20:58:13 | 00,000,000 | ---D | C] -- C:\ProgramData
[2008/12/21 20:58:13 | 00,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2008/12/21 14:47:17 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\mxockr.dll
[2008/12/21 14:47:15 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\oeryvrkv.dll
[2008/12/21 14:32:20 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\xfjqve.dll
[2008/12/21 14:32:20 | 00,135,680 | ---- | C] () -- C:\WINDOWS\System32\lytfjrnr.dll
[2008/12/20 10:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\alma pacturan\Local Settings\Application Data\Symantec

========== Files - Modified Within 30 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/01/03 18:17:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\alma pacturan\Desktop\OTViewIt.exe
[2009/01/03 17:58:31 | 00,368,784 | ---- | M] () -- C:\Documents and Settings\alma pacturan\Desktop\dds.scr
[2009/01/03 17:02:03 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/03 17:01:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/03 17:01:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/03 16:59:52 | 06,922,272 | -H-- | M] () -- C:\Documents and Settings\alma pacturan\Local Settings\Application Data\IconCache.db
[2009/01/02 16:25:31 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\alma pacturan\My Documents\Shortcut to Dani California.lnk
[2008/12/28 14:42:41 | 00,166,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\alma pacturan\My Documents\FixVundo.exe
[2008/12/28 10:46:06 | 00,001,022 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/28 10:46:06 | 00,000,281 | -HS- | M] () -- C:\BOOT.INI
[2008/12/28 10:46:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/27 18:41:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/24 13:50:57 | 00,477,670 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/24 13:50:57 | 00,407,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/24 13:50:57 | 00,063,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/23 10:18:54 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/23 10:01:37 | 00,131,584 | ---- | M] () -- C:\WINDOWS\System32\ywobmr.dll
[2008/12/23 10:01:37 | 00,131,584 | ---- | M] () -- C:\WINDOWS\System32\hjsxmylq.dll
[2008/12/21 14:47:17 | 00,135,680 | ---- | M] () -- C:\WINDOWS\System32\oeryvrkv.dll
[2008/12/21 14:47:17 | 00,135,680 | ---- | M] () -- C:\WINDOWS\System32\mxockr.dll
[2008/12/21 14:32:20 | 00,135,680 | ---- | M] () -- C:\WINDOWS\System32\xfjqve.dll
[2008/12/21 14:32:20 | 00,135,680 | ---- | M] () -- C:\WINDOWS\System32\lytfjrnr.dll
[2008/12/21 10:06:39 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/20 13:59:32 | 00,001,506 | ---- | M] () -- C:\Documents and Settings\alma pacturan\Desktop\Paint.lnk
[2008/12/18 18:06:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/14 19:07:42 | 00,007,062 | ---- | M] () -- C:\WINDOWS\alma pacturan8.xlb
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/07 17:20:48 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\alma pacturan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >
Posted Image

#7 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 07:43 AM

Hello, sorry for the delay.

Registry Backup

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Registry Fix

Launch Notepad, and copy/paste the box below into a new text file. Save it on your desktop as fixme.reg. For the "save as type" choose all files
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=1
"EnableLUA"=1
  • Locate fixme.reg on your Desktop and double-click on it.
  • You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
  • Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
OTMoveIt

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\WINDOWS\System32\*.tmp
    C:\WINDOWS\*.tmp
    c:\windows\system32\ywobmr.dll
    c:\windows\system32\hjsxmylq.dll
    c:\windows\system32\mxockr.dll
    c:\windows\system32\oeryvrkv.dll
    c:\windows\system32\xfjqve.dll
    c:\windows\system32\lytfjrnr.dll
    c:\windows\system32\pbukv2.dll
    c:\windows\db\winlogon.exe
    c:\windows\system32\msxn32.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9693dac-f422-497a-b7c7-a5a8d95b955b}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_Dlls"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}"=-
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    {5CBE2611-C31B-401F-89BC-4CBB25E853D7}=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DB"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "msxn32.dll"=-
    
    :commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Once rebooted, do the following:

MyWebSearch

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • MyWebSearch
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

Java Update

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Rescan

Please rescan with a new DDS log (BOTH dds.txt and extra.txt) and a new OTViewIt log

In your next reply, please post:
  • OTMoveIt log
  • DDS logs
  • OTViewIt log
  • MBAM log
  • How is your pc running now?

Edited by Jat90, 05 January 2009 - 11:16 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#8 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 10:32 AM

i have got MBAM already but will install MBAM again?
Posted Image

#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 10:41 AM

If you have it already, then just Update it and then run a Quick Scan.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:04 AM

i clicked fixme.reg but the the message"Do you wish to merge the information into the registry?"
Posted Image

#11 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:09 AM

Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#12 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:19 AM

when i click erunt.rxr a message showed up "error opening localization file:C:\DOCUME~1\ALMAPA~1\LOCALS~1\Temp\Temporary Directory 2 for erunt.zip\ERUNT.LOC
Posted Image

#13 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:19 AM

when i click erunt.exe a message showed up "error opening localization file:C:\DOCUME~1\ALMAPA~1\LOCALS~1\Temp\Temporary Directory 2 for erunt.zip\ERUNT.LOC
Posted Image

#14 hopelessgirl

hopelessgirl
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:united kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:19 AM

when i click erunt.exr a message showed up "error opening localization file:C:\DOCUME~1\ALMAPA~1\LOCALS~1\Temp\Temporary Directory 2 for erunt.zip\ERUNT.LOC
Posted Image

#15 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:17 PM

Posted 05 January 2009 - 11:22 AM

Hi,

When you download ERUNT.zip, right click the file and choose "Extract All" to your documents.

Then find ERUNT.exe in your documents and double click it, it will backup up your registry.

Note: Do this BEFORE you do the Registryfix and OTMoveIt. If anything goes wrong, its our only source of backup.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users