Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Defender


  • This topic is locked This topic is locked
11 replies to this topic

#1 davecw

davecw

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 24 November 2009 - 08:32 AM

Hello there, thank you in advance for any assistance you can provide.

I'm using Windows XP and seem to be infected with System Defender - In Control Panel > Security Center, I'm told that both the firewall and virus protection are being provided by System Defender.

The main symptom seems to be occasional browser windows popping open, showing ad sites, often with javascript alert boxes when I try to close them.

When using google, clicking on search results will often take me to some spammy site, rather than the URL I clicked on in google.
I also can't boot in Safe Mode at present - I hold down f8 while booting, choose to boot in safe mode, then choose XP (which is the only choice there), but then the screen briefly flashes blue then goes back to asking me how I'd like to boot (i.e. safe mode, safe mode with networking, normally, etc).

I've run up to date Spybot Search and Destroy, and Malwarebytes Anti Malware, and they report that I'm clean. When trying to immunise with Spybot, I'm told at the end that 1290 items remain unprotected, which spybot suggests might be due to other security software mistakenly blocking them, thinking they're malware.

The DDS.txt file is below:


DDS (Ver_09-10-26.01) - NTFSx86
Run by david.williams at 15:33:54.09 on 22/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1068 [GMT 0:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: System Defender *On-access scanning enabled* (Updated) {A0B3A6BF-2BFC-44D6-918C-A740324F7A08}
FW: System Defender *enabled* {141769AE-B6D5-4F75-951D-E509EA2C50B5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\david.williams\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://cms.jisc.ac.uk/sitecore/login/
uInternet Settings,ProxyOverride = *.local
BHO: {16CCF92A-B649-4CA9-9A6C-3A82FE0297A7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {8F395BCD-5EFB-43BE-B963-E250889F13DF} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {AFB8A4C5-3570-49C1-A796-976E95836CEB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\david.williams\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\KHost.exe -all
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [XeroxRegistation] "c:\docume~1\simone~1.spe\locals~1\temp\xerox\ereg\opbreg.exe" /Startup
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [CardDetectorICON225] c:\program files\carddetector\icon225\CardDetector.exe
mRun: [BEWINTERNET-UKSessionManager] c:\program files\orangebs\bewinternetuk\sessionmanager\SessionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david~1.wil\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icon2u~1.lnk - c:\program files\orange\icon2 usb connect\ICON2 USB Connect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\kyocera\fileutility\NsCatCom.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EA76A24C-9D04-4913-9757-96177DE8F744} - hxxp://jisc.cubeworks.co.uk/epi/ActiveX/EPiServerClientComponents.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: xkbkdr.dll tuwzkc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david~1.wil\applic~1\mozilla\firefox\profiles\tkm5uc35.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jisc-collections.ac.uk/
FF - component: c:\documents and settings\david.williams\application data\mozilla\firefox\profiles\tkm5uc35.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\david.williams\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 GtFlashSwitch;GtFlashSwitch;c:\program files\common files\gtflashswitch\GtFlashSwitch.exe [2007-2-9 176128]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [2009-1-16 10240]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [2004-10-27 22144]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-3-3 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-3-3 51968]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-4-14 122496]
S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-4-14 8064]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-4-14 37120]

=============== Created Last 30 ================

2009-11-18 16:05:56 0 d-sh--w- c:\docume~1\alluse~1\applic~1\09558e3

==================== Find3M ====================

2009-11-18 15:58:05 828674 ----a-w- c:\windows\system32\xa.tmp
2009-10-19 23:53:44 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll

============= FINISH: 15:35:19.98 ===============

I've attached attach.txt and ark.txt as per the instructions in the Preparation Guide post. I also attach ark_recent.txt - I re-ran RootRepeal today, and it contains extra entries in the report that may be relevant.


Thank you once again, please don't hesitate to let me know if I need to provide any other information or take any other action.



David

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 29 November 2009 - 10:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 davecw

davecw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 November 2009 - 01:29 PM

Hi Schrauber, thank you for your reply.

Nope, I've not yet resolved the problem.

Below is my cut and pasted dds.txt:

---------------------



DDS (Ver_09-11-29.01) - NTFSx86
Run by david.williams at 18:17:56.87 on 30/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1422 [GMT 0:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: System Defender *On-access scanning enabled* (Updated) {A0B3A6BF-2BFC-44D6-918C-A740324F7A08}
FW: System Defender *enabled* {141769AE-B6D5-4F75-951D-E509EA2C50B5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\david.williams\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://cms.jisc.ac.uk/sitecore/login/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mszqtm32.exe,
BHO: {16CCF92A-B649-4CA9-9A6C-3A82FE0297A7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {8F395BCD-5EFB-43BE-B963-E250889F13DF} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {AFB8A4C5-3570-49C1-A796-976E95836CEB} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\david.williams\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [kdx] c:\program files\KHost.exe -all
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [XeroxRegistation] "c:\docume~1\simone~1.spe\locals~1\temp\xerox\ereg\opbreg.exe" /Startup
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [CardDetectorICON225] c:\program files\carddetector\icon225\CardDetector.exe
mRun: [BEWINTERNET-UKSessionManager] c:\program files\orangebs\bewinternetuk\sessionmanager\SessionManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david~1.wil\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icon2u~1.lnk - c:\program files\orange\icon2 usb connect\ICON2 USB Connect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\progra~1.lnk - c:\program files\citrix\ica client\pnagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\kyocera\fileutility\NsCatCom.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {EA76A24C-9D04-4913-9757-96177DE8F744} - hxxp://jisc.cubeworks.co.uk/epi/ActiveX/EPiServerClientComponents.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: xkbkdr.dll tuwzkc.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 83.137.212.16 development.jisc-collections.ac.uk
Hosts: 83.137.214.22 tagging.jisccollections.co.uk

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david~1.wil\applic~1\mozilla\firefox\profiles\tkm5uc35.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jisc-collections.ac.uk/
FF - component: c:\documents and settings\david.williams\application data\mozilla\firefox\profiles\tkm5uc35.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\david.williams\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 GtFlashSwitch;GtFlashSwitch;c:\program files\common files\gtflashswitch\GtFlashSwitch.exe [2007-2-9 176128]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-10-4 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2006-11-30 54872]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [2004-10-27 22144]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-3-3 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-3-3 51968]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-4-14 122496]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-4-14 37120]
S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2006-11-30 144960]
S3 MfeAVFK;McAfee Inc.;c:\windows\system32\drivers\MfeAVFK.sys [2008-1-3 79880]
S3 MfeBOPK;McAfee Inc.;c:\windows\system32\drivers\MfeBOPK.sys [2008-1-3 35272]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-1-3 168776]
S3 mferkdk;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-5-16 34216]

=============== Created Last 30 ================

2009-11-22 19:13:34 0 d-----w- c:\windows\pss
2009-11-22 15:43:28 0 ----a-w- c:\documents and settings\david.williams\settings.dat
2009-11-18 16:05:56 0 d-sh--w- c:\docume~1\alluse~1\applic~1\09558e3

==================== Find3M ====================

2009-11-18 15:58:05 828674 ----a-w- c:\windows\system32\xa.tmp
2009-10-19 23:53:44 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:11 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2009-09-25 05:37:11 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll

============= FINISH: 18:20:02.42 ===============



I've not attached the Attach.txt file, but have it saved if requested.

The main symptom I'm suffering is having my browser hijacked. Every so often, a new tab will pop up in firefox, which I didn't open, advertising a poker site or something else equally tempting. When doing google searches I sometimes click on a search result, only to be redirected to a page other than the one I choose to click on.

I've run both Malwarebytes Anti Malware and Spybot S&D, but they'll either report that I'm clean, or find something and remove it, but the browser still gets hijacked. I have tried booting the computer in Safe Mode, but this doesn't seem possible at the moment: it'll ask me which mode I wish to boot in, then which OS, then after a few seconds go back to asking me which mode I wish to boot in. The only mode in which I can successfully boot is normal windows XP.

The Security Center, in my control panel, seems to think that my AV and Firewall are provided by System Defender, which I understand to be bad.


Thank you for any help you can provide.

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 01 December 2009 - 01:16 PM

Hello, davecw and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 davecw

davecw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 01 December 2009 - 06:45 PM

Hi Tom, thank you for your speedy response - I appreciate that you must be busy.


So, following your instructions, I disabled TeaTimer. McAfee OAS was already disabled.

I ran combofix and the c:\ComboFix.txt file is cut and pasted below:


ComboFix 09-12-01.01 - david.williams 01/12/2009 23:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1479 [GMT 0:00]
Running from: c:\documents and settings\david.williams\Desktop\schrauber.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\david.williams\My Documents\ZbThumbnail.info
C:\LOG.TXT
c:\recycler\S-1-5-21-1694951813-4259951672-953043223-500
c:\recycler\S-1-5-21-1948761991-1470351606-441205698-500
c:\recycler\S-1-5-21-2196898014-3683510020-1825465519-500
c:\recycler\S-1-5-21-4011737636-1391365406-1589127000-1005
c:\recycler\S-1-5-21-765920529-397289402-871779174-500
c:\windows\run.log
c:\windows\system32\kWab.dll
c:\windows\system32\tmp.reg
c:\windows\system32\xa.tmp
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-12-01 15:47 . 2009-12-01 15:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-01 15:45 . 2009-12-01 15:45 -------- d-----w- c:\program files\Microsoft
2009-11-25 22:08 . 2009-11-25 22:08 -------- d-----w- c:\documents and settings\david.williams\Local Settings\Application Data\Opera
2009-11-25 22:08 . 2009-11-25 22:08 -------- d-----w- c:\program files\Opera
2009-11-22 15:43 . 2009-11-22 15:43 0 ----a-w- c:\documents and settings\david.williams\settings.dat
2009-11-18 16:06 . 2009-10-28 11:15 443384 ----a-w- c:\documents and settings\All Users\Application Data\09558e3\sqlite3.dll
2009-11-18 16:06 . 2009-10-28 11:15 710136 ----a-w- c:\documents and settings\All Users\Application Data\09558e3\mozcrt19.dll
2009-11-18 16:05 . 2009-11-18 16:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\09558e3
2009-11-15 15:03 . 2009-11-15 15:03 -------- d-----w- c:\documents and settings\david.williams\Application Data\Leadertech
2009-11-04 10:46 . 2009-11-04 10:46 -------- d-----w- c:\documents and settings\david.williams\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 15:46 . 2008-09-05 13:14 -------- d-----w- c:\program files\Windows Live
2009-12-01 09:24 . 2008-01-07 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-30 17:52 . 2008-09-08 08:49 -------- d-----w- c:\documents and settings\david.williams\Application Data\FileZilla
2009-11-22 23:17 . 2009-02-27 21:34 -------- d-----w- c:\documents and settings\david.williams\Application Data\uTorrent
2009-11-21 12:31 . 2009-01-12 10:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 16:16 . 2009-01-14 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 16:16 . 2009-01-14 18:30 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-11 23:41 . 2009-01-02 10:48 -------- d-----w- c:\program files\WorldOfGooDemo
2009-11-11 23:41 . 2009-06-08 10:29 -------- d-----w- c:\program files\Oolite
2009-11-11 23:41 . 2007-09-25 08:23 -------- d-----w- c:\program files\NetWaiting
2009-11-11 23:41 . 2009-07-13 10:05 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-11 23:41 . 2009-08-09 12:47 -------- d-----w- c:\program files\Swarm Racer
2009-11-11 23:41 . 2008-11-12 13:53 -------- d-----w- c:\program files\Steam
2009-10-22 08:04 . 2008-06-02 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-25 05:37 . 2004-08-11 16:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-11 16:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-11 16:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2009-01-14 18:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2009-01-14 18:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-11 16:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 08:44 . 2009-09-03 08:44 152576 ----a-w- c:\documents and settings\david.williams\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\david.williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-UKSessionManager"="c:\program files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe" [2007-11-13 102400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-21 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\david.williams\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-25 50688]
ICON2 USB Connect.lnk - c:\program files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe [2007-7-20 794624]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-11-8 233744]
Scanner File Utility.lnk - c:\program files\Kyocera\FileUtility\NsCatCom.exe [2009-9-23 327680]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-1-16 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\mszqtm32.exe,"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\xampplite\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtPCS.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\OrangeBS\\BEWInternetUK\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kyocera\\FileUtility\\NsCatCom.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [09/02/2007 13:48 176128]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 11:32 97536]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [27/10/2004 16:05 22144]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [03/03/2009 13:42 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [03/03/2009 13:42 51968]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [14/04/2007 04:05 122496]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [14/04/2007 04:06 37120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34]

2009-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-07 13:33]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336772652-2827460797-2185236119-1015Core.job
- c:\documents and settings\david.williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 11:02]

2009-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2336772652-2827460797-2185236119-1015UA.job
- c:\documents and settings\david.williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 11:02]

2009-02-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-12 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://cms.jisc.ac.uk/sitecore/login/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {EA76A24C-9D04-4913-9757-96177DE8F744} - hxxp://jisc.cubeworks.co.uk/epi/ActiveX/EPiServerClientComponents.cab
FF - ProfilePath - c:\documents and settings\david.williams\Application Data\Mozilla\Firefox\Profiles\tkm5uc35.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jisc-collections.ac.uk/
FF - component: c:\documents and settings\david.williams\Application Data\Mozilla\Firefox\Profiles\tkm5uc35.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\david.williams\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{16CCF92A-B649-4CA9-9A6C-3A82FE0297A7} - (no file)
BHO-{8F395BCD-5EFB-43BE-B963-E250889F13DF} - (no file)
BHO-{AFB8A4C5-3570-49C1-A796-976E95836CEB} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-kdx - c:\program files\KHost.exe
HKLM-Run-XeroxRegistation - c:\docume~1\SIMONE~1.SPE\LOCALS~1\Temp\Xerox\EReg\opbreg.exe
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 23:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\netmsg.dll
.
Completion time: 2009-12-01 23:33
ComboFix-quarantined-files.txt 2009-12-01 23:33

Pre-Run: 13,821,353,984 bytes free
Post-Run: 14,543,601,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3852652F244DE3E104934015398D07DB




Thank you again for your assistance. I can confirm that I won't be making any changes to the computer, running scans etc, other than those you specify.

#6 davecw

davecw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 02 December 2009 - 04:36 AM

I keep getting a Windows Security Alert warning that I have no firewall or virus protection running - I'd guess because Windows no longer thinks that System Defender is doing that job.

Is it ok to switch these back on, please? Once again, I won't make any changes, such as switching these back on, until instructed to do so.

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 02 December 2009 - 01:02 PM

Hi :(

Yes you can enable it :(. How is your system running right now?

Did you set those sites to Trusted Zones?

Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www






Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.





  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 davecw

davecw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 06 December 2009 - 06:08 PM

Hi Tom. Everything seems to be running a lot better. I'm not getting my browser hijacked, and the Security Centre no longer thinks that System Defender is running things.

I'm not aware of manually setting the sites you listed as trusted zones, but I don't know for certain, I'm sorry - could they have been set as trusted by another program?

I've run Gmer and Rsit and the results are cut and pasted below.

GMer log:

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-05 17:43:26
Windows 5.1.2600 Service Pack 3
Running: grk9sf4d.exe; Driver: C:\DOCUME~1\DAVID~1.WIL\LOCALS~1\Temp\pwliakow.sys


---- Kernel code sections - GMER 1.0.15 ----

page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xBA1A2D4A]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00402926
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004028BE
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00402889
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\System32\svchost.exe[452] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 01022990
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01022990
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01022926
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 010228BE
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01022889
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01022990
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 01022F03
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 01022C49
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01022F03
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01022C49
IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01022F03
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F22990
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F22926
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F228BE
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F22889
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00F22926
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F22990
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00F22926
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00F228BE
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F22C49
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00F22F03
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F22F03
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F22C49
IAT C:\WINDOWS\system32\lsass.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F22F03
IAT C:\WINDOWS\system32\svchost.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00AF2889
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C92990
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C92926
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C928BE
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C92889
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C92C49
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C92F03
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C92F03
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C92C49
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C92F03
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C92990
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 027A2990
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 027A2926
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 027A28BE
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 027A2889
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 027A2C49
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 027A2F03
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 027A2F03
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 027A2C49
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 027A2F03
IAT C:\WINDOWS\System32\svchost.exe[1328] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 027A2990
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 013E2F03
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013E2990
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 013E2926
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013E28BE
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 013E2889
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 013E2C49
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 013E2F03
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 013E2F03
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 013E2F03
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 013E2C49
IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 013E2990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Documents and Settings\david.williams\Desktop\grk9sf4d.exe[2100] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[2136] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\WINDOWS\system32\igfxsrvc.exe[2336] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2492] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2528] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\CardDetector\ICON225\CardDetector.exe[2772] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\Common Framework\McTray.exe[2792] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[2848] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00402926
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004028BE
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00402889
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2884] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\iTunes\iTunesHelper.exe[2936] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\iPod\bin\iPodService.exe[2960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3004] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3056] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3264] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Digital Line Detect\DLG.exe[3288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe[3360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Citrix\ICA Client\pnagent.exe[3416] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Kyocera\FileUtility\NsCatCom.exe[3512] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00402926
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004028BE
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00402889
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\system32\svchost.exe[3524] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00132926
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001328BE
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00132889
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00132F03
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00132C49
IAT C:\Program Files\3\3Connect\AutoUpdateSrv.exe[3728] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00132990
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00402926
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004028BE
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00402889
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00402990
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00402F03
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00402C49
IAT C:\WINDOWS\System32\alg.exe[3908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00402F03

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\mszqtm32.exe 558592 bytes executable

---- EOF - GMER 1.0.15 ----




Next, log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by david.williams at 2009-12-05 17:47:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (34%) free of 40 GB
Total RAM: 2038 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:28, on 05/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\david.williams\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\david.williams.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cms.jisc.ac.uk/sitecore/login/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=1070925
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mszqtm32.exe,
O1 - Hosts: 83.137.212.16 development.jisc-collections.ac.uk
O1 - Hosts: 83.137.214.22 tagging.jisccollections.co.uk
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-UKSessionManager] C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\david.williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: ICON2 USB Connect.lnk = C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Scanner File Utility.lnk = ?
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {EA76A24C-9D04-4913-9757-96177DE8F744} (CEPiServerClientTools Object) - http://jisc.cubeworks.co.uk/epi/ActiveX/EP...tComponents.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13808 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2336772652-2827460797-2185236119-1015Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2336772652-2827460797-2185236119-1015UA.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-21 303104]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-02-20 1191936]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"CardDetectorICON225"=C:\Program Files\CardDetector\ICON225\CardDetector.exe [2007-11-13 278528]
"BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2007-11-13 102400]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\david.williams\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
ICON2 USB Connect.lnk - C:\Program Files\Orange\ICON2 USB Connect\ICON2 USB Connect.exe
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe
Scanner File Utility.lnk - C:\Program Files\Kyocera\FileUtility\NsCatCom.exe
Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe

C:\Documents and Settings\david.williams\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\xampplite\mysql\bin\mysqld.exe"="C:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\xampplite\apache\bin\apache.exe"="C:\xampplite\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe"="C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPCS.exe:*:Enabled:Bluetooth PAN Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\steamapps\common\left 4 dead demo\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead demo\left4dead.exe:*:Enabled:Left 4 Dead Demo"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Kyocera\FileUtility\NsCatCom.exe"="C:\Program Files\Kyocera\FileUtility\NsCatCom.exe:*:Enabled:Scanner File Utility"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-12-05 17:47:14 ----D---- C:\rsit
2009-12-01 23:33:23 ----A---- C:\ComboFix.txt
2009-12-01 23:09:04 ----A---- C:\Boot.bak
2009-12-01 23:08:42 ----RASHD---- C:\cmdcons
2009-12-01 23:04:51 ----A---- C:\WINDOWS\zip.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\SWSC.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\SWREG.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\sed.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\PEV.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\MBR.exe
2009-12-01 23:04:51 ----A---- C:\WINDOWS\grep.exe
2009-12-01 23:04:12 ----D---- C:\WINDOWS\ERDNT
2009-12-01 23:02:48 ----AD---- C:\Qoobox
2009-12-01 15:47:12 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-12-01 15:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-12-01 15:45:13 ----D---- C:\Program Files\Microsoft
2009-11-26 00:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 00:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 22:08:14 ----D---- C:\Program Files\Opera
2009-11-24 13:29:00 ----A---- C:\ark_recent.txt
2009-11-24 13:25:07 ----A---- C:\RootRepeal report 11-24-09 (13-25-07).txt
2009-11-22 19:13:34 ----D---- C:\WINDOWS\pss
2009-11-22 16:04:51 ----A---- C:\RootRepeal report 11-22-09 (16-04-51).txt
2009-11-18 16:05:56 ----SHD---- C:\Documents and Settings\All Users\Application Data\09558e3
2009-11-15 15:03:10 ----D---- C:\Documents and Settings\david.williams\Application Data\Leadertech
2009-11-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-05 17:47:30 ----D---- C:\WINDOWS\Prefetch
2009-12-05 17:43:40 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 14:26:11 ----SD---- C:\WINDOWS\Tasks
2009-12-05 13:28:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-05 10:34:13 ----D---- C:\Documents and Settings\david.williams\Application Data\Skype
2009-12-05 10:06:15 ----D---- C:\WINDOWS\Temp
2009-12-05 02:06:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-04 23:53:03 ----D---- C:\Documents and Settings\david.williams\Application Data\FileZilla
2009-12-04 21:11:46 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2009-12-04 21:11:42 ----HD---- C:\WINDOWS\inf
2009-12-04 21:11:39 ----D---- C:\MDT
2009-12-02 09:32:34 ----SHD---- C:\WINDOWS\Installer
2009-12-01 23:30:28 ----D---- C:\WINDOWS
2009-12-01 23:30:28 ----A---- C:\WINDOWS\system.ini
2009-12-01 23:28:40 ----D---- C:\RECYCLER
2009-12-01 23:28:39 ----D---- C:\WINDOWS\system32
2009-12-01 23:26:22 ----D---- C:\WINDOWS\system32\drivers
2009-12-01 23:26:22 ----D---- C:\WINDOWS\AppPatch
2009-12-01 23:26:10 ----D---- C:\Program Files\Common Files
2009-12-01 23:16:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-01 23:14:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-01 23:09:07 ----RASH---- C:\boot.ini
2009-12-01 23:04:36 ----SHD---- C:\System Volume Information
2009-12-01 23:04:36 ----D---- C:\WINDOWS\system32\Restore
2009-12-01 15:47:12 ----RD---- C:\Program Files
2009-12-01 15:46:05 ----D---- C:\Program Files\Windows Live
2009-12-01 11:26:51 ----D---- C:\scan
2009-11-26 00:03:43 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 00:03:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 00:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-26 00:03:00 ----D---- C:\WINDOWS\WinSxS
2009-11-25 22:08:26 ----D---- C:\Documents and Settings\david.williams\Application Data\Opera
2009-11-22 23:17:39 ----D---- C:\Documents and Settings\david.williams\Application Data\uTorrent
2009-11-22 22:25:00 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-11-21 12:31:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-18 16:16:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-12 11:04:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-12 08:01:27 ----D---- C:\WINDOWS\SxsCaPendDel
2009-11-12 03:05:37 ----A---- C:\WINDOWS\win.ini
2009-11-11 23:41:14 ----D---- C:\Program Files\WorldOfGooDemo
2009-11-11 23:41:13 ----D---- C:\Program Files\Oolite
2009-11-11 23:41:13 ----D---- C:\Program Files\NetWaiting
2009-11-11 23:41:13 ----D---- C:\Program Files\Messenger
2009-11-11 23:41:12 ----D---- C:\Program Files\AGEIA Technologies
2009-11-11 23:41:11 ----D---- C:\Program Files\Swarm Racer
2009-11-11 23:41:10 ----D---- C:\Program Files\Steam

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-04-26 64896]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-25 21425]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2007-01-31 12672]
R2 mdvrmng;Mobile IP Route Manager; \??\C:\WINDOWS\system32\drivers\mdvrmng.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-12 160256]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-01-31 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-01-31 209152]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-03-12 2203520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-08-09 156288]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-21 1228296]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2007-04-26 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-01-31 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 22144]
S3 catchme;catchme; \??\C:\DOCUME~1\DAVID~1.WIL\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS; C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 GTUQBUS;GT UQ BUS; C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-03 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101120]
S3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
S3 MfeAVFK;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-03 79880]
S3 MfeBOPK;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-03 35272]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776]
S3 mferkdk;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2009-03-03 34216]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-08-16 18560]
S3 pwliakow;pwliakow; \??\C:\DOCUME~1\DAVID~1.WIL\LOCALS~1\Temp\pwliakow.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-04 22528]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-26 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-04-26 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-04-26 73600]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2007-04-26 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-04-26 41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-11-14 65536]
R2 GtFlashSwitch;GtFlashSwitch; C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2006-11-30 54872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-02-20 475136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-24 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-24 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2007-05-21 90112]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-03 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2008-09-04 68096]
S3 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2006-11-30 144960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Then info.txt:

info.txt logfile of random's system information tool 1.06 2009-12-05 17:48:30

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
3Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\Setup.exe" -l0x9 -removeonly /z"Uninstall"
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bazooka Scanner-->"C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
BBC iPlayer Desktop-->MsiExec.exe /X{AA080212-A1D2-9FE2-978A-F5E8DAAB61FE}
BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord-->MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Card Detector for Option Icon 225-->C:\Program Files\CardDetector\ICON225\CardDetectorSetup.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Huawei Modems-->C:\WINDOWS\Huawei ModemsUninstall.exe
ICON2 USB Connect-->MsiExec.exe /X{B821EDEF-442F-4D65-8A47-BC6F7B1BD258}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kyocera Scanner File Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61C79AE1-5403-4687-AC68-28BFA5EF3895}\Setup.exe" -l0x9
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Client-->MsiExec.exe /I{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MySQL Server 5.1-->MsiExec.exe /I{FC874712-FA25-4DDA-9BFD-084CC0AE7327}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
O2Micro USB Smart Card Reader-->MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
Oolite Package-->"C:\Program Files\Oolite\UninstOolite.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 10.10-->MsiExec.exe /X{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Poladroid-->MsiExec.exe /I{90BC0F01-9D99-4686-AC14-2EEC0246FB84}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Ruby-186-26-->c:\ruby\uninstall.exe
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Swarm Racer 2.11-->C:\Program Files\Swarm Racer\uninst.exe
The Mana World 0.0.29.1-->C:\Program Files\The Mana World\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VNSoftphone-->MsiExec.exe /I{AA4740F4-B3B7-4F36-9118-EE5E9DAA4831}
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

83.137.212.16 development.jisc-collections.ac.uk
83.137.214.22 tagging.jisccollections.co.uk
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: McAfee VirusScan Enterprise (disabled) (outdated)

======System event log======

Computer Name: ESTELLELAP2
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 90343
Source Name: W32Time
Time Written: 20091119062400.000000+000
Event Type: warning
User:

Computer Name: ESTELLELAP2
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 90342
Source Name: SideBySide
Time Written: 20091118191907.000000+000
Event Type: error
User:

Computer Name: ESTELLELAP2
Event Code: 59
Message: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 90337
Source Name: SideBySide
Time Written: 20091118114631.000000+000
Event Type: error
User:

Computer Name: ESTELLELAP2
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 90336
Source Name: SideBySide
Time Written: 20091118114631.000000+000
Event Type: error
User:

Computer Name: ESTELLELAP2
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 90335
Source Name: SideBySide
Time Written: 20091118114631.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: ESTELLELAP2
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3526, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 14862
Source Name: Application Hang
Time Written: 20091026184625.000000+000
Event Type: error
User:

Computer Name: ESTELLELAP2
Event Code: 5004
Message: Could not contact Filter Driver.

Error = 0x7d1 : The specified driver is invalid.


Record Number: 14847
Source Name: McLogEvent
Time Written: 20091026091610.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: ESTELLELAP2
Event Code: 1517
Message: Windows saved user ESTELLELAP2\david.williams registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14839
Source Name: Userenv
Time Written: 20091026081841.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ESTELLELAP2
Event Code: 5004
Message: Could not contact Filter Driver.

Error = 0x7d1 : The specified driver is invalid.


Record Number: 14826
Source Name: McLogEvent
Time Written: 20091023201310.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: ESTELLELAP2
Event Code: 1517
Message: Windows saved user ESTELLELAP2\david.williams registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14818
Source Name: Userenv
Time Written: 20091023172811.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\ruby\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RUBYOPT"=-rubygems
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------




While running rsit, I had a warning when it tried to run Hijackthis, complaining that it couldn't edit my hosts file. I was advised to open start > run, then type "notepad <the location of hosts file>" and edit it manually. I've not done this yet, but am happy to do so if required. I seem to recall that Spybot SD locks down the hosts file, though I could be mistaken. Looking through the hosts file, all I can see are a list of domain names that have been set to point to the localhost IP address (listed in a block as set by Spybot), and three others that I've set for the purposes of work.

Thank you again,

David

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 07 December 2009 - 01:52 PM

Hi,


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\mszqtm32.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 davecw

davecw
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 11 December 2009 - 07:12 PM

Hi Tom,

My apologies for the delay.

I've tried running Jotti on this file, but it doesn't seem to exist - I've followed the instructions for making hidden files visible, but it still doesn't seem to be there. I can see it listed in the previous scan results, posted above, but it's apparently not there now.

I updated McAfee, but otherwise haven't run any scans of any kind, so really don't know what's happened.

If it's of any relevance, my browsers seem a little messed up - I had some trouble with a couple of sites (google wave, my online banking) claiming I didn't have a suitable browser, despite the fact that I'm running one that's listed as compatible. According to http://whatsmyuseragent.com/ , my user agent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.5) Gecko/20091102 Firefox 966903903 (.NET CLR 3.5.30729) - I'm running Windows XP, and Firefox.


Thank you again,

Dave

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 12 December 2009 - 09:02 AM

Hi,

Please post back with a fresh Gmer logfile :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:34 PM

Posted 18 December 2009 - 02:17 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users