Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 Mike Gribble

Mike Gribble

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 07 December 2011 - 09:02 AM

Some time in the last week I noticed that IE using google was sending requests to sites I was not expecting this was followed by (or could have been preceeded by) an infection by "Cloud AV 2012" v121 (which I stopped running using task manager) followed by a full scan using mcafee and a system restore - this seemed to cure the cloud infection but left the google problem

Almost immediately I got hit by a "Privacy Protection" infection which I stopped with task manager and removed its executable followed by a (clean) scan by mcafee

That just left me with the google problem (Plus increasing numbers of random warnings by mcafee about blocking unsafe IP's (macafee error prog TCP/IP Ping commands) - hense this post

I followed your process and had no problems but when I ran GMER the PC blue screened whilst running. Following a reboot GMER ran to completion and reported it had found system modification caused by rootkit activity

It could be coincidental but all my printers appeared to disappear and retarting the print spooler service wont even allow be to add a new printer (service not running)

The DDS.txt follows below and I have attached both the attach.txt & ark.txt

Thanks Mike Gribble

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mike Gribble at 17:22:45 on 2011-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3067.1972 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft SQL Server\80\Tools\BINN\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\TEMP\ledptr\setup.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msgsystems.com/
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/package.asp?pkgid=104&affid=105-34
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111011224609.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\mike gribble\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [{52BF3085-8B08-83D9-A89F-E63B6E12FF7B}] "c:\documents and settings\mike gribble\application data\okaqf\ypmiylz.exe"
uRun: [Privacy Protection] c:\documents and settings\all users\application data\privacy.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - c:\program files\active whois\ieshow.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mie2b7~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: novastor.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3370240E-4951-4499-8308-41ABEC40B2CD} - hxxp://admin-videostore.sky.com/sky_3_0_0_1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://videostore.sky.com/Entriq_3_7_0_2_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab
TCP: Interfaces\{AAF39F3E-57C6-413E-954F-9F0C1933DD2F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B42C42DB-850F-46DA-8BB7-A9F6BCAEBCEF} : NameServer = 205.188.146.145
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: fdewuqe - c:\documents and settings\networkservice\local settings\application data\fdewuqe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 461864]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-5 89624]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-5 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-5 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-5 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-5 166024]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-5 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-5 148520]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2011-11-11 371856]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-7-20 1444384]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2011-6-14 9216]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-1-4 112512]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-5 57432]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-24 73344]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-5 180072]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-5 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-5 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-5 83688]
S2 AMService;AMService;c:\windows\temp\ledptr\setup.exe run --> c:\windows\temp\ledptr\setup.exe run [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-5 214904]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2011-11-8 217600]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-10-15 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-10-15 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-10-15 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2011-10-15 64512]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2011-10-15 26624]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-5 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-5 87808]
S3 MSSQL$SQL2000;MSSQL$SQL2000;c:\progra~1\mi6841~1\mssql$~2\binn\sqlservr.exe -ssql2000 --> c:\progra~1\mi6841~1\mssql$~2\binn\sqlservr.exe -sSQL2000 [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2003-1-20 17018]
S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\c:\progra~1\netgea~1\scpmpr5.sys --> c:\progra~1\netgea~1\SCPMPR5.SYS [?]
S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;c:\progra~1\netgea~1\SCPNDIS5.SYS [2003-4-11 16000]
S3 SQLAgent$SQL2000;SQLAgent$SQL2000;c:\progra~1\mi6841~1\mssql$~2\binn\sqlagent.exe -i sql2000 --> c:\progra~1\mi6841~1\mssql$~2\binn\sqlagent.exe -i SQL2000 [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2011-12-06 16:38:25 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4cc9b474-8218-4521-a738-4a7b476d4f09}\offreg.dll
2011-12-06 12:24:39 -------- d-----w- c:\program files\fixredirectvirus
2011-12-05 15:08:26 -------- d-----w- c:\documents and settings\mike gribble\application data\Upokqi
2011-12-05 15:08:26 -------- d-----w- c:\documents and settings\mike gribble\application data\Okaqf
2011-12-05 14:51:27 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-12-05 14:51:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4cc9b474-8218-4521-a738-4a7b476d4f09}\mpengine.dll
2011-12-05 14:51:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-05 14:21:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-05 14:21:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-05 14:00:23 -------- d-----w- c:\documents and settings\mike gribble\application data\10A42
2011-12-05 14:00:22 -------- d-----w- c:\program files\LP
2011-12-05 13:59:49 -------- d-----w- c:\documents and settings\mike gribble\application data\Ifrio
2011-11-28 13:56:44 -------- d-----w- c:\documents and settings\mike gribble\application data\Garmin
2011-11-28 13:56:08 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-11-28 13:55:59 -------- d-----w- c:\program files\Garmin
2011-11-20 19:12:20 -------- d-----w- c:\program files\NovaStor
2011-11-19 08:41:31 -------- d-----w- c:\program files\iPod
2011-11-19 08:41:25 -------- d-----w- c:\program files\iTunes
2011-11-16 19:53:57 72080 ------w- c:\documents and settings\mike gribble\g2mdlhlpx.exe
2011-11-15 09:58:28 274944 ------w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
2011-11-15 09:58:28 117760 ------w- c:\windows\system32\hpzll5ha.dll
2011-11-15 09:43:17 21568 ------w- c:\windows\system32\drivers\HPZius12.sys
2011-11-15 09:43:17 16496 ------w- c:\windows\system32\drivers\HPZipr12.sys
2011-11-15 09:43:16 49920 ------w- c:\windows\system32\drivers\HPZid412.sys
.
==================== Find3M ====================
.
2011-11-14 19:16:49 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 14:29:02 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ------w- c:\windows\system32\crypt32.dll
2011-09-26 10:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ------w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ------w- c:\windows\system32\oleaccrc.dll
2005-12-29 16:54:47 27816008 ------w- c:\program files\Vs6sp6B.exe
2004-03-09 16:45:42 397072 ------w- c:\program files\mswless.ocx
2004-03-09 16:45:34 107008 ------w- c:\program files\msscript.ocx
2004-02-17 20:56:06 110080 ------w- c:\program files\sp698vbo.dll
2003-01-14 14:58:12 487481 ------w- c:\program files\jscript.dll
2003-01-14 14:58:02 438330 ------w- c:\program files\vbscript.dll
2000-07-15 14:10:06 26896 ------w- c:\program files\dispex.dll
2000-06-13 10:29:38 74352 ------w- c:\program files\setupsp6.exe
2000-06-13 10:29:38 371200 ------w- c:\program files\acmsetup.exe
2000-06-13 10:29:38 32256 ------w- c:\program files\selfreg.dll
2000-06-13 10:29:38 283136 ------w- c:\program files\mssetup.dll
.
============= FINISH: 17:30:53.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:06 AM

Posted 07 December 2011 - 04:02 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#3 Mike Gribble

Mike Gribble
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 09 December 2011 - 12:37 PM

All done & all appears ok (also got my printers back) - thanks for your help

Do I need to run defrogger in enable mode?
Also am I protected or could I get hit again (& if so any recommendations for prevention?)

Combofix log follows

ComboFix 11-12-09.02 - Mike Gribble 09/12/2011 12:59:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3067.2528 [GMT 0:00]
Running from: c:\documents and settings\Mike Gribble\Desktop\MikesComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110926163105.log
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Mike Gribble\Application Data\Ifrio
c:\documents and settings\Mike Gribble\Application Data\Ifrio\dafeo.tib
c:\documents and settings\Mike Gribble\Application Data\Ifrio\dafeo.tmp
c:\documents and settings\Mike Gribble\Desktop\EXPLORER.EXE
c:\documents and settings\Mike Gribble\g2mdlhlpx.exe
c:\documents and settings\Mike Gribble\GoToAssistDownloadHelper.exe
c:\documents and settings\Mike Gribble\WINDOWS
C:\install.exe
c:\program files\LP
c:\program files\LP\03B1\A77.tmp
c:\program files\LP\03B1\A7D.tmp
c:\program files\LP\03B1\A84.tmp
C:\Recycle.Bin
C:\Thumbs.db
c:\windows\$NtUninstallKB27083$
c:\windows\$NtUninstallKB27083$\398556682\@
c:\windows\$NtUninstallKB27083$\398556682\bckfg.tmp
c:\windows\$NtUninstallKB27083$\398556682\cfg.ini
c:\windows\$NtUninstallKB27083$\398556682\Desktop.ini
c:\windows\$NtUninstallKB27083$\398556682\keywords
c:\windows\$NtUninstallKB27083$\398556682\kwrd.dll
c:\windows\$NtUninstallKB27083$\398556682\L\lyaaobqr
c:\windows\$NtUninstallKB27083$\398556682\U\00000001.@
c:\windows\$NtUninstallKB27083$\398556682\U\00000002.@
c:\windows\$NtUninstallKB27083$\398556682\U\00000004.@
c:\windows\$NtUninstallKB27083$\398556682\U\80000000.@
c:\windows\$NtUninstallKB27083$\398556682\U\80000004.@
c:\windows\$NtUninstallKB27083$\398556682\U\80000032.@
c:\windows\$NtUninstallKB27083$\467986858
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\dasetup.log
c:\windows\Install
c:\windows\Install\setup.iss
c:\windows\system\VI30AUT.DLL
c:\windows\system32\AutoRun.inf
c:\windows\system32\imvalid.ico
c:\windows\system32\imvalid.ico.bak0
c:\windows\system32\my sex world.ico
c:\windows\system32\pthreadVC.dll
c:\windows\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
c:\windows\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL
c:\windows\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
c:\windows\system32\spool\prtprocs\w32x86\wfxprint2000.dll
c:\windows\system32\u2g.f
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 13:14 . 2011-12-09 13:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-12-09 13:13 . 2011-12-09 13:13 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{28007DBB-7C75-46EF-AAFA-DC564AD2D9CA}\offreg.dll
2011-12-09 10:59 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-07 19:16 . 2011-12-07 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\arcverify
2011-12-07 19:15 . 2011-12-07 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ibackup
2011-12-07 19:12 . 2011-12-07 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\restore
2011-12-07 19:12 . 2011-12-07 19:12 -------- d-----w- C:\archive_db
2011-12-07 19:09 . 2011-12-07 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\backup
2011-12-07 19:09 . 2011-11-11 18:14 249936 ----a-w- c:\windows\system32\prgiso.dll
2011-12-07 10:56 . 2011-12-07 10:56 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\DriverCure
2011-12-07 10:56 . 2011-12-07 10:56 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\SpeedMaxPc
2011-12-07 10:56 . 2011-12-07 10:56 -------- d-----w- c:\program files\Common Files\SpeedMaxPc
2011-12-07 10:56 . 2011-12-07 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2011-12-07 08:45 . 2011-11-30 02:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{28007DBB-7C75-46EF-AAFA-DC564AD2D9CA}\mpengine.dll
2011-12-07 02:27 . 2011-12-07 02:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-06 12:24 . 2011-12-06 12:52 -------- d-----w- c:\program files\fixredirectvirus
2011-12-05 15:08 . 2011-12-07 17:41 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\Upokqi
2011-12-05 15:08 . 2011-12-05 15:08 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\Okaqf
2011-12-05 14:51 . 2011-11-30 02:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-05 14:51 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-05 14:50 . 2011-12-05 14:50 -------- d-----w- c:\program files\Windows Defender
2011-12-05 14:21 . 2011-12-05 14:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-05 14:00 . 2011-12-05 14:20 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\10A42
2011-12-05 13:48 . 2011-12-05 13:48 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-28 13:56 . 2011-11-28 13:56 -------- d-----w- c:\documents and settings\Mike Gribble\Application Data\Garmin
2011-11-28 13:56 . 2011-11-28 13:56 -------- d-----w- c:\program files\Garmin GPS Plugin
2011-11-28 13:56 . 2011-11-28 13:56 -------- d-----w- c:\program files\DIFX
2011-11-28 13:55 . 2011-11-28 13:55 -------- d-----w- c:\program files\Garmin
2011-11-21 17:06 . 2011-11-21 17:06 -------- d-----w- c:\documents and settings\Ghada Rule\Bluetooth Software
2011-11-21 17:06 . 2011-11-21 17:06 -------- d-----w- c:\documents and settings\Ghada Rule\Application Data\Apple Computer
2011-11-21 17:06 . 2011-11-21 17:06 -------- d-----w- c:\documents and settings\Ghada Rule\Local Settings\Application Data\ArcSoft
2011-11-21 17:06 . 2011-11-21 17:06 -------- d-----w- c:\documents and settings\Ghada Rule\Application Data\ArcSoft
2011-11-21 17:05 . 2011-11-21 17:05 -------- d-sh--w- c:\documents and settings\Ghada Rule\IETldCache
2011-11-20 19:12 . 2011-11-20 19:12 -------- d-----w- c:\program files\NovaStor
2011-11-19 08:41 . 2011-11-19 08:41 -------- d-----w- c:\program files\iPod
2011-11-19 08:41 . 2011-11-19 08:42 -------- d-----w- c:\program files\iTunes
2011-11-15 09:58 . 2007-03-28 14:01 117760 ------w- c:\windows\system32\hpzll5ha.dll
2011-11-15 09:58 . 2007-03-28 13:57 274944 ------w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2011-11-15 09:43 . 2007-03-08 19:20 21568 ------w- c:\windows\system32\drivers\HPZius12.sys
2011-11-15 09:43 . 2007-03-08 19:20 16496 ------w- c:\windows\system32\drivers\HPZipr12.sys
2011-11-15 09:43 . 2007-03-08 19:20 49920 ------w- c:\windows\system32\drivers\HPZid412.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 12:28 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2011-11-14 19:16 . 2011-05-19 06:19 414368 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 14:29 . 2011-10-24 14:29 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ------w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2011-01-04 12:26 692736 ------w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ------w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 10:00 220160 ------w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 10:00 20480 ------w- c:\windows\system32\oleaccrc.dll
2005-12-29 16:54 . 2005-12-29 16:54 27816008 ------w- c:\program files\Vs6sp6B.exe
2004-03-09 16:45 . 2004-03-09 16:45 397072 ------w- c:\program files\mswless.ocx
2004-03-09 16:45 . 2004-03-09 16:45 107008 ------w- c:\program files\msscript.ocx
2004-02-17 20:56 . 2004-02-17 20:56 110080 ------w- c:\program files\sp698vbo.dll
2003-01-14 14:58 . 2003-01-14 14:58 487481 ------w- c:\program files\jscript.dll
2003-01-14 14:58 . 2003-01-14 14:58 438330 ------w- c:\program files\vbscript.dll
2000-07-15 14:10 . 2000-07-15 14:10 26896 ------w- c:\program files\dispex.dll
2000-06-13 10:29 . 2000-06-13 10:29 74352 ------w- c:\program files\setupsp6.exe
2000-06-13 10:29 . 2000-06-13 10:29 371200 ------w- c:\program files\acmsetup.exe
2000-06-13 10:29 . 2000-06-13 10:29 32256 ------w- c:\program files\selfreg.dll
2000-06-13 10:29 . 2000-06-13 10:29 283136 ------w- c:\program files\mssetup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-08 17:40 1362320 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 2220032]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-17 13590528]
"nwiz"="nwiz.exe" [2008-10-17 1630208]
"NVHotkey"="nvHotkey.dll" [2008-10-17 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-17 86016]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-20 729088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-20 483420]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2005-1-19 53314]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2011-1-5 6144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=c:\windows\pss\Service Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
backup=c:\windows\pss\Watch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\%FP%Friendly fts.exe]
2003-05-06 09:28 72192 ------w- c:\program files\VoyagerTest\fts.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-02-16 14:04 147456 ------w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2007-12-07 15:30 71008 ------r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-08-21 18:04 155648 ------w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
2003-06-02 18:25 270336 ------w- c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2004-10-07 19:44 610304 ------w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 01:05 122939 ------w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-11 11:43 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2006-10-17 01:20 398944 ------w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ------w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R265 Series]
2006-05-19 04:00 139264 ------w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBNE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ------w- c:\program files\Common Files\AOL\1229718071\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 15:51 118784 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 15:55 155648 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 10:44 249856 ------w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 03:40 86960 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2011-09-16 17:38 1318552 ------w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
2002-04-29 16:22 401408 ------w- c:\program files\Common Files\Nokia\NCLTools\NclTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2007-02-08 20:43 95800 ------w- c:\program files\Olympus\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 20:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
2006-01-13 02:02 106496 ------w- c:\program files\Winzip PDF Converter\registrycontroller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-05-28 17:32 86016 ------w- c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-01-12 18:26 26112 ------w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 16:46 14944136 ------r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-29 23:14 155648 ------r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 10:34 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 01:01 110592 ------w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [05/01/2011 14:45 89624]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [13/09/2010 17:18 308656]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/01/2011 14:45 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/01/2011 14:45 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [05/01/2011 14:45 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [05/01/2011 14:45 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [05/01/2011 14:32 148520]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [11/11/2011 18:33 371856]
R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [20/07/2009 20:47 1444384]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [14/06/2011 17:39 9216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [04/01/2011 13:26 112512]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [05/01/2011 14:45 57432]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [24/05/2011 06:57 73344]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [05/01/2011 14:45 338040]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [05/01/2011 14:45 83688]
S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [08/11/2011 04:40 217600]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [15/10/2011 03:02 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [15/10/2011 03:02 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [15/10/2011 03:02 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [15/10/2011 03:02 64512]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [15/10/2011 03:03 26624]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [05/01/2011 14:45 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [05/01/2011 14:45 87808]
S3 MSSQL$SQL2000;MSSQL$SQL2000;c:\progra~1\MI6841~1\MSSQL$~2\binn\sqlservr.exe -sSQL2000 --> c:\progra~1\MI6841~1\MSSQL$~2\binn\sqlservr.exe -sSQL2000 [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [20/01/2003 09:30 17018]
S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\c:\progra~1\NETGEA~1\SCPMPR5.SYS --> c:\progra~1\NETGEA~1\SCPMPR5.SYS [?]
S3 SCPNDIS5;SCPNDIS5 NDIS Protocol Driver;c:\progra~1\NETGEA~1\SCPNDIS5.SYS [11/04/2003 12:17 16000]
S3 SQLAgent$SQL2000;SQLAgent$SQL2000;c:\progra~1\MI6841~1\MSSQL$~2\binn\sqlagent.exe -i SQL2000 --> c:\progra~1\MI6841~1\MSSQL$~2\binn\sqlagent.exe -i SQL2000 [?]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-10-08 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-10-01 13:33]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1788223648-839522115-1029Core.job
- c:\documents and settings\Mike Gribble\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-03 10:23]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1788223648-839522115-1029UA.job
- c:\documents and settings\Mike Gribble\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-03 10:23]
.
2011-12-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
2011-12-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-08 17:40]
.
2011-12-08 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2011-10-27 21:14]
.
2011-12-07 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-10-27 21:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msgsystems.com/
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/package.asp?pkgid=104&affid=105-34
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - c:\program files\Active Whois\ieshow.exe
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3370240E-4951-4499-8308-41ABEC40B2CD} - hxxp://admin-videostore.sky.com/sky_3_0_0_1.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Privacy Protection - c:\documents and settings\All Users\Application Data\privacy.exe
Notify-fdewuqe - c:\documents and settings\NetworkService\Local Settings\Application Data\fdewuqe.dll
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-e-market UK 2005_is1 - c:\drive d\Research\MailingTonicDatabase\e-market UK 2005\unins000.exe
AddRemove-Market UK 2005_is1 - c:\drive d\Research\MailingTonicDatabase\Market UK 2005\unins000.exe
AddRemove-RecordPad - c:\program files\NCH Swift Sound\RecordPad\uninst.exe
AddRemove-WavePad - c:\program files\NCH Swift Sound\WavePad\uninst.exe
AddRemove-WZCLINE - c:\program files\WinZip\winzip32
AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{108A3~1\Setup.exe
AddRemove-{E34B59B8-F34F-404e-A0BE-61AC51B9F3DB} - c:\program files\SpeedMaxPc\SpeedMaxPc\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1788223648-839522115-1029\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8148391-D699-B43E-673C-19948568A28B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1900)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(6344)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\ftpxext.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\mssql7\binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\mssql7\binn\sqlagent.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Microsoft SQL Server\80\Tools\BINN\sqlmangr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-12-09 13:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 13:22
.
Pre-Run: 207,505,616,896 bytes free
Post-Run: 210,899,808,256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 92E64C3AD395A465152EAE81742D6B73

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:06 AM

Posted 09 December 2011 - 03:41 PM

Good evening. :)

We'll have a little scan to check for leftovers and then worry about any housekeeping after that.

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#5 Mike Gribble

Mike Gribble
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 10 December 2011 - 08:22 AM

Copy of eset Log below

C:\Documents and Settings\Mike Gribble\Application Data\Okaqf\ypmiylz.exe a variant of Win32/Kryptik.WWM trojan
C:\Documents and Settings\Mike Gribble\Application Data\Sun\Java\Deployment\cache\6.0\31\311f01df-41aad7ec a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Documents and Settings\Mike Gribble\Application Data\Sun\Java\Deployment\cache\6.0\49\43fd7071-41c9cf77 a variant of Win32/Kryptik.WLG trojan
C:\Documents and Settings\Mike Gribble\Application Data\Sun\Java\Deployment\cache\6.0\51\30765333-68f4701e Java/TrojanDownloader.OpenConnection.AP trojan
C:\Documents and Settings\Mike Gribble\Application Data\Sun\Java\Deployment\cache\6.0\57\514809f9-5794a2a0 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Documents and Settings\Mike Gribble\Application Data\Sun\Java\Deployment\cache\6.0\8\5d7ea888-3e098082 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Downloaded Installations\{22FA2064-F3D1-4F3E-8664-BA980ABA3128}\PCmover Professional.msi a variant of Win32/PSWTool.PWDump.A application
C:\Documents and Settings\Vostro 1520\Local Settings\Application Data\Downloaded Installations\{22FA2064-F3D1-4F3E-8664-BA980ABA3128}\PCmover Professional.msi a variant of Win32/PSWTool.PWDump.A application
C:\Drive D\Video Licensing Vault\gimp-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Program Files\Laplink\PCmover\x32\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application
C:\Program Files\Tiscali\Tiscali Internet\dlls\InstallDialer.exe a variant of Win32/Injector.AHE trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan


Copy of OTL Log Below

OTL logfile created on: 10/12/2011 12:26:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike Gribble\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.07% Memory free
4.84 Gb Paging File | 4.01 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 196.16 Gb Free Space | 65.81% Space Free | Partition Type: NTFS

Computer Name: VOSTRO1520-0 | User Name: Mike Gribble | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/10 12:25:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Gribble\Desktop\otl.scr
PRC - [2011/11/11 18:33:16 | 000,371,856 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/09/16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/14 17:39:42 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/16 09:51:08 | 001,408,080 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2009/07/15 11:01:40 | 001,444,384 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
PRC - [2009/05/08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/20 18:36:00 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe
PRC - [2009/02/20 18:35:00 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 15:43:28 | 001,428,360 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/05/17 15:43:18 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/26 00:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1229718071\ee\aolsoftware.exe
PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe
PRC - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlagent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 18:32:48 | 000,124,560 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
MOD - [2011/11/11 18:20:52 | 000,014,848 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\WindowsEventLogWriter.dll
MOD - [2011/11/11 18:17:12 | 000,179,344 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
MOD - [2011/09/16 15:40:14 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll
MOD - [2011/08/28 21:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/07 09:54:17 | 000,121,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Localization\5.4.6.4__5cc7ad8abd921325\Inkjet.Localization.dll
MOD - [2011/03/07 09:54:17 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Utilities\5.4.6.4__5cc7ad8abd921325\Inkjet.Utilities.dll
MOD - [2011/03/07 09:54:17 | 000,031,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Statistics\5.4.6.4__5cc7ad8abd921325\Inkjet.Statistics.dll
MOD - [2011/03/07 09:54:16 | 000,153,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Hardware\5.4.6.4__5cc7ad8abd921325\Inkjet.Hardware.dll
MOD - [2011/03/07 09:54:16 | 000,058,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Automation\5.4.6.4__5cc7ad8abd921325\Inkjet.Automation.dll
MOD - [2011/03/07 09:54:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Diagnostics\5.4.6.4__5cc7ad8abd921325\Inkjet.Diagnostics.dll
MOD - [2011/03/07 09:54:16 | 000,034,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.DeviceSettings\5.4.6.4__5cc7ad8abd921325\Inkjet.DeviceSettings.dll
MOD - [2010/10/10 22:19:15 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/09/23 10:28:28 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
MOD - [2010/09/23 10:28:26 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
MOD - [2010/09/23 10:27:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\daa33674d4250e38a24b70180d209ac8\System.Deployment.ni.dll
MOD - [2010/09/23 10:27:50 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
MOD - [2010/09/23 09:20:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2010/09/23 09:20:05 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
MOD - [2010/09/23 09:18:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
MOD - [2010/09/23 08:59:03 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2010/09/23 08:58:27 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/05/08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/10/24 13:00:32 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/10/24 13:00:12 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/06/19 18:08:52 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007/05/17 14:52:30 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/05/17 14:31:18 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [1998/11/13 04:22:18 | 000,020,480 | ---- | M] () -- C:\MSSQL7\Binn\sqlrgstr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CiscoVpnInstallService)
SRV - [2011/11/11 18:33:16 | 000,371,856 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2011/11/08 04:40:16 | 000,217,600 | ---- | M] (NovaStor Corporation) [On_Demand | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/06/14 17:39:42 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/16 09:51:08 | 001,408,080 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2009/07/15 11:01:40 | 001,444,384 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)
SRV - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/20 18:36:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe -- (STacSV)
SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2000/08/06 00:16:50 | 001,732,667 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\OLAP Services SQL 7\bin\msmdsrv.exe -- (MSSQLServerOLAPService)
SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer)
SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent)
SRV - [1998/06/05 23:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/06/10 15:06:02 | 000,026,624 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/06/10 15:06:00 | 000,089,856 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/06/10 15:06:00 | 000,073,344 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/06/10 15:06:00 | 000,064,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/12/30 12:19:40 | 000,191,872 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/12/30 12:19:40 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/12/30 12:19:32 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/04/30 23:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 23:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2009/04/30 23:01:48 | 000,066,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009/04/30 23:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/02/20 18:36:00 | 001,548,339 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/02/20 18:35:00 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/02 15:54:00 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/10/24 13:00:30 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/31 13:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/31 13:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/23 10:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 10:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/03/23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 10:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/06/16 11:20:18 | 000,012,416 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/01/09 09:49:52 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/04/11 12:17:50 | 000,016,000 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netgear WGX102 Configuration Utility\SCPNDIS5.SYS -- (SCPNDIS5)
DRV - [2003/01/20 09:30:56 | 000,017,018 | R--- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PLCNDIS5.SYS -- (PLCNDIS5)
DRV - [2003/01/10 21:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/22 20:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msgsystems.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Broadband\advisor\nprpspa.dll (Radialpoint Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/12 07:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/10 08:51:24 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Client Gateway 1.5.24 (Enabled) = C:\Program Files\Virgin Broadband\advisor\nprpspa.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2011/12/09 13:15:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111209181826.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Frontpage 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe ()
O9 - Extra 'Tools' menuitem : Active Whois - {BAB9A4F4-C201-4fcf-A5D3-BA77BC9FBEB2} - C:\Program Files\Active Whois\ieshow.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {3370240E-4951-4499-8308-41ABEC40B2CD} http://admin-videostore.sky.com/sky_3_0_0_1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} http://videostore.sky.com/Entriq_3_7_0_2_Silent.cab (MediaControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5488/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F54709-E383-4CF3-9DAA-85A754A36B22}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAF39F3E-57C6-413E-954F-9F0C1933DD2F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/04 12:28:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 12:25:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Gribble\Desktop\otl.scr
[2011/12/10 09:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/10 08:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/09 17:21:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/09 14:16:35 | 000,000,000 | ---D | C] -- C:\New Folder 1
[2011/12/09 13:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/09 10:40:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/09 10:29:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/09 10:29:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/09 10:29:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/09 10:29:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/09 10:28:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/09 09:56:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/09 09:46:29 | 004,333,097 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike Gribble\Desktop\MikesComboFix.exe
[2011/12/07 19:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\arcverify
[2011/12/07 19:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ibackup
[2011/12/07 19:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\restore
[2011/12/07 19:12:03 | 000,000,000 | ---D | C] -- C:\archive_db
[2011/12/07 19:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\backup
[2011/12/07 19:09:25 | 000,249,936 | ---- | C] (Paragon Software Group) -- C:\WINDOWS\System32\prgiso.dll
[2011/12/07 17:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Start Menu\Programs\SpeedMaxPc
[2011/12/07 10:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\DriverCure
[2011/12/07 10:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\SpeedMaxPc
[2011/12/07 10:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2011/12/07 10:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/12/07 02:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/06 17:22:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike Gribble\Desktop\dds.scr
[2011/12/06 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\fixredirectvirus
[2011/12/05 20:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/05 15:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\Upokqi
[2011/12/05 15:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\Okaqf
[2011/12/05 14:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/12/05 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\10A42
[2011/12/05 13:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/05 13:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/28 13:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Gribble\Application Data\Garmin
[2011/11/28 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2011/11/28 13:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/11/28 13:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011/11/24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike Gribble\Desktop\TDSSKiller.exe
[2011/11/20 19:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NovaBACKUP
[2011/11/20 19:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\NovaStor
[2011/11/19 08:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/19 08:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/19 08:41:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/05 13:03:17 | 000,012,416 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2005/12/29 16:54:41 | 027,816,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Vs6sp6B.exe
[2004/03/09 16:45:42 | 000,397,072 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mswless.ocx
[2004/03/09 16:45:34 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msscript.ocx
[2004/02/17 20:56:06 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\sp698vbo.dll
[2003/01/14 14:58:12 | 000,487,481 | ---- | C] (Microsoft Corporation) -- C:\Program Files\jscript.dll
[2003/01/14 14:58:02 | 000,438,330 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vbscript.dll
[2000/07/15 14:10:06 | 000,026,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dispex.dll
[2000/06/13 10:29:38 | 000,371,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\acmsetup.exe
[2000/06/13 10:29:38 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mssetup.dll
[2000/06/13 10:29:38 | 000,074,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setupsp6.exe
[2000/06/13 10:29:38 | 000,032,256 | ---- | C] (Microsoft) -- C:\Program Files\selfreg.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 13:01:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/12/10 12:28:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1788223648-839522115-1029UA.job
[2011/12/10 12:25:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Gribble\Desktop\otl.scr
[2011/12/10 10:28:02 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1788223648-839522115-1029Core.job
[2011/12/10 08:53:03 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/12/10 08:52:47 | 000,082,394 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/12/10 08:52:39 | 000,200,610 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/10 08:52:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/10 08:51:53 | 000,380,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/10 08:51:53 | 000,052,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/10 08:50:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/10 08:47:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 08:47:27 | 3215,933,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 08:47:25 | 000,260,501 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2011/12/09 18:00:02 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job
[2011/12/09 13:15:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 10:46:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/09 10:40:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/09 09:27:56 | 004,333,097 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike Gribble\Desktop\MikesComboFix.exe
[2011/12/07 11:33:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\defogger_reenable
[2011/12/07 10:56:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job
[2011/12/06 17:36:53 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Desktop\6qmzdmrt.exe
[2011/12/06 17:22:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike Gribble\Desktop\dds.scr
[2011/12/06 17:19:29 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Desktop\Defogger.exe
[2011/12/06 14:15:29 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/05 23:20:14 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike Gribble\Desktop\TDSSKiller.exe
[2011/12/05 23:14:55 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Desktop\tdsskiller.zip
[2011/12/05 14:37:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8qgjb01.dat
[2011/12/05 14:00:32 | 000,001,212 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Application Data\ahst.lni
[2011/12/03 08:41:09 | 000,001,886 | -H-- | M] () -- C:\Documents and Settings\Mike Gribble\My Documents\Default.rdp
[2011/12/03 08:29:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/28 10:24:48 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/21 17:05:09 | 000,082,394 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/11/21 07:06:46 | 000,061,682 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\.recently-used.xbel
[2011/11/20 19:13:27 | 000,001,416 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/11/20 19:13:11 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NovaBACKUP.lnk
[2011/11/20 19:12:19 | 000,000,053 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\1.12.5.lic
[2011/11/19 08:42:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/18 16:28:53 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Desktop\Google Chrome.lnk
[2011/11/18 16:28:53 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Mike Gribble\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/15 09:57:50 | 000,140,882 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2011/11/15 09:57:44 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2011/11/15 09:53:27 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/11/11 18:14:52 | 000,249,936 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\System32\prgiso.dll
[2011/11/11 06:52:58 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 10:40:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/09 10:40:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/09 10:29:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/09 10:29:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/09 10:29:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/09 10:29:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/09 10:29:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/07 17:53:00 | 3215,933,440 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/07 11:33:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\defogger_reenable
[2011/12/07 10:56:58 | 000,000,454 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job
[2011/12/07 10:56:29 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job
[2011/12/06 17:36:39 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Desktop\6qmzdmrt.exe
[2011/12/06 17:19:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Desktop\Defogger.exe
[2011/12/05 23:14:40 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Desktop\tdsskiller.zip
[2011/12/05 14:53:35 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/05 14:50:19 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/12/05 14:37:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8qgjb01.dat
[2011/12/05 14:00:30 | 000,001,212 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Application Data\ahst.lni
[2011/11/21 07:06:46 | 000,061,682 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\.recently-used.xbel
[2011/11/20 19:13:11 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NovaBACKUP.lnk
[2011/11/20 19:12:19 | 000,000,053 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.5.lic
[2011/11/20 19:11:21 | 000,001,416 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/11/19 08:42:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/15 09:57:44 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2011/11/15 09:53:27 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/11/15 09:41:33 | 000,140,882 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2011/11/15 09:41:33 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2011/09/27 17:41:43 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/09/27 07:22:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\pagebreeze.ini
[2011/09/27 07:22:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\formbreeze.ini
[2011/09/26 15:58:24 | 000,000,120 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2011/09/26 15:32:46 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2011/09/16 10:18:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/09/14 11:53:40 | 000,548,352 | ---- | C] () -- C:\WINDOWS\System32\srgc.dll
[2011/08/07 11:27:14 | 000,152,393 | ---- | C] () -- C:\Program Files\Prompt_7.5_Lite ReadMe.pdf
[2011/06/10 15:08:02 | 000,230,744 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2011/04/06 09:03:58 | 000,061,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/05 10:32:07 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe
[2011/01/04 13:32:11 | 000,082,394 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/01/04 13:24:11 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/01/04 13:24:10 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/01/04 13:24:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/01/04 13:24:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/01/04 13:24:08 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/01/04 13:24:07 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/01/04 13:24:01 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/01/04 13:23:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/01/04 12:38:04 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/01/04 12:38:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/01/04 12:38:04 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/01/04 12:30:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/04 12:25:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/04 12:19:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/04 12:18:38 | 000,294,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/17 22:08:03 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.0.lic
[2010/12/10 17:31:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI
[2010/11/13 06:20:20 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Application Data\usb.inf
[2010/10/09 10:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/10/09 09:54:38 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw8b.bin
[2010/10/09 09:53:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V30V300DEFGIPSRUk.ini
[2009/07/29 21:00:23 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/07/12 05:42:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/04 04:57:38 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/08 09:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 15:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/01/07 22:24:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/19 19:57:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2008/10/06 23:10:33 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2008/07/02 05:49:14 | 000,006,555 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Application Data\PrimoPDFSet.xml
[2008/07/02 05:49:10 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Application Data\APUSet.xml
[2008/07/02 05:39:24 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/06/28 07:51:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 17:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/04/28 16:13:33 | 000,000,292 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/04/16 11:54:25 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/04/16 11:54:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/04/07 10:11:56 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2008/04/07 10:11:55 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2008/04/07 10:11:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2008/04/07 05:50:28 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/16 16:35:45 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/16 16:33:22 | 000,303,186 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2008/02/16 16:33:21 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\SBSusd.dll
[2008/01/29 18:57:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2007/09/26 00:28:34 | 000,130,971 | ---- | C] () -- C:\WINDOWS\hpoins12.dat
[2007/09/26 00:28:34 | 000,001,470 | ---- | C] () -- C:\WINDOWS\hpomdl12.dat
[2007/08/15 08:47:52 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/08/15 08:47:52 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/08/15 08:47:52 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/08/15 08:47:52 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/08/15 08:47:52 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/08/15 08:47:52 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/08/15 08:47:52 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/08/15 08:47:52 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/08/15 08:47:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/08/15 08:47:52 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/08/15 08:47:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/08/15 08:47:52 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/08/15 08:47:52 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/08/15 08:47:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/08/15 08:47:52 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/08/15 08:47:52 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/08/15 08:47:52 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/08/15 08:47:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/08/15 08:47:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/08/15 08:43:22 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE SPR265DEFGIPS.ini
[2007/08/14 06:58:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/05/17 14:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 14:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/16 17:58:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/03 06:11:45 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\feal.dat
[2006/04/16 12:26:04 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/21 06:13:03 | 000,000,021 | ---- | C] () -- C:\WINDOWS\opt_3450.ini
[2005/12/20 15:22:35 | 000,000,449 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2005/12/20 15:22:35 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2005/12/20 15:22:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2005/10/31 20:28:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MobOlExt.dll
[2005/04/14 07:39:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2005/04/07 15:54:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/03/31 11:42:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2005/03/31 11:42:37 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2005/03/30 17:59:10 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/21 23:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 23:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/21 10:08:35 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/03/21 09:35:27 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2005/03/21 09:35:27 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/02/04 14:16:48 | 000,000,872 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/01/22 16:01:10 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\12kUBusd.dll
[2005/01/19 12:31:36 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/01/19 12:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005/01/19 12:17:33 | 000,002,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/19 09:10:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mike Gribble\Application Data\QSPMShare
[2005/01/12 18:30:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/15 21:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:13:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,380,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,052,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/19 16:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/03/11 16:11:56 | 000,995,042 | ---- | C] () -- C:\Program Files\VS6sp6B3.cab
[2004/03/11 16:11:56 | 000,025,080 | ---- | C] () -- C:\Program Files\sp698vbo.inf
[2004/03/11 16:11:48 | 010,010,624 | ---- | C] () -- C:\Program Files\VS6sp6B2.cab
[2004/03/11 16:10:16 | 009,036,800 | ---- | C] () -- C:\Program Files\VS6sp6B1.cab
[2004/03/11 16:08:48 | 000,055,791 | ---- | C] () -- C:\Program Files\sp698vbo.stf
[2004/03/11 16:08:48 | 000,001,636 | ---- | C] () -- C:\Program Files\setupsp6.lst
[2004/03/11 14:01:22 | 000,989,512 | ---- | C] () -- C:\Program Files\vbrun60.cab
[2004/03/10 21:40:10 | 000,697,692 | ---- | C] () -- C:\Program Files\Msvbvm60.cab
[2004/03/10 21:40:08 | 000,513,864 | ---- | C] () -- C:\Program Files\MSComCtl.CAB
[2004/03/10 21:40:08 | 000,143,598 | ---- | C] () -- C:\Program Files\comct332.cab
[2004/03/10 21:40:06 | 000,346,485 | ---- | C] () -- C:\Program Files\MSComCt2.CAB
[2004/03/10 21:40:06 | 000,246,297 | ---- | C] () -- C:\Program Files\msrdo20.cab
[2004/03/10 21:40:06 | 000,142,755 | ---- | C] () -- C:\Program Files\msdbrptr.cab
[2004/03/10 21:40:06 | 000,115,971 | ---- | C] () -- C:\Program Files\TabCtl32.CAB
[2004/03/10 21:40:04 | 000,133,247 | ---- | C] () -- C:\Program Files\MSDatGrd.CAB
[2004/03/10 21:40:04 | 000,118,085 | ---- | C] () -- C:\Program Files\MSFlxGrd.CAB
[2004/03/10 21:40:04 | 000,108,611 | ---- | C] () -- C:\Program Files\MSWcRun.CAB
[2004/03/10 21:40:04 | 000,070,077 | ---- | C] () -- C:\Program Files\ComDlg32.CAB
[2004/03/10 21:40:02 | 000,105,135 | ---- | C] () -- C:\Program Files\RichTx32.CAB
[2004/03/10 21:40:02 | 000,090,507 | ---- | C] () -- C:\Program Files\Mci32.cab
[2004/03/10 21:40:00 | 000,066,476 | ---- | C] () -- C:\Program Files\msinet.cab
[2004/03/10 21:40:00 | 000,064,259 | ---- | C] () -- C:\Program Files\MSAdoDc.CAB
[2004/03/10 21:40:00 | 000,063,773 | ---- | C] () -- C:\Program Files\mswinsck.cab
[2004/03/10 21:39:58 | 000,060,699 | ---- | C] () -- C:\Program Files\msstdfmt.cab
[2004/03/10 21:39:58 | 000,037,721 | ---- | C] () -- C:\Program Files\MSBind.CAB
[2004/02/23 20:35:04 | 003,027,068 | ---- | C] () -- C:\Program Files\msvbvm60.dbg
[2004/02/11 17:36:16 | 000,006,308 | ---- | C] () -- C:\Program Files\readme.htm
[2004/01/09 10:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 02:17:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 21:15:26 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 19:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/03/30 11:54:04 | 000,000,149 | ---- | C] () -- C:\Program Files\setup.ini
[2000/11/29 15:34:30 | 000,004,291 | ---- | C] () -- C:\Program Files\toc.htm
[2000/07/15 14:44:06 | 000,000,244 | ---- | C] () -- C:\Program Files\style.gif
[2000/07/15 14:44:06 | 000,000,227 | ---- | C] () -- C:\Program Files\comments.gif
[2000/07/15 14:44:06 | 000,000,216 | ---- | C] () -- C:\Program Files\clientsc.gif
[2000/07/15 14:44:06 | 000,000,207 | ---- | C] () -- C:\Program Files\anchorwi.gif
[2000/07/15 14:44:06 | 000,000,196 | ---- | C] () -- C:\Program Files\unknownt.gif
[2000/07/15 14:44:06 | 000,000,190 | ---- | C] () -- C:\Program Files\pend.gif
[2000/07/15 14:44:06 | 000,000,189 | ---- | C] () -- C:\Program Files\pbgn.gif
[2000/07/15 14:44:06 | 000,000,183 | ---- | C] () -- C:\Program Files\br.gif
[2000/07/15 14:44:06 | 000,000,175 | ---- | C] () -- C:\Program Files\spanend.gif
[2000/07/15 14:44:06 | 000,000,171 | ---- | C] () -- C:\Program Files\formend.gif
[2000/07/15 14:44:06 | 000,000,170 | ---- | C] () -- C:\Program Files\spanbgn.gif
[2000/07/15 14:44:06 | 000,000,168 | ---- | C] () -- C:\Program Files\formbgn.gif
[2000/07/15 14:44:06 | 000,000,164 | ---- | C] () -- C:\Program Files\divend.gif
[2000/07/15 14:44:06 | 000,000,160 | ---- | C] () -- C:\Program Files\divbgn.gif
[2000/07/15 14:43:40 | 000,000,084 | ---- | C] () -- C:\Program Files\setup.tdf
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\REGTLIB.EXE
[2000/06/13 10:33:50 | 000,002,482 | ---- | C] () -- C:\Program Files\mswless.dep
[2000/05/31 15:39:32 | 000,022,815 | ---- | C] () -- C:\Program Files\mscdrun.cab
[2000/05/31 15:39:26 | 000,062,411 | ---- | C] () -- C:\Program Files\MSDERUN.CAB
[2000/05/23 13:43:28 | 000,428,304 | ---- | C] () -- C:\Program Files\Oleaut.cab
[2000/05/23 13:43:28 | 000,047,533 | ---- | C] () -- C:\Program Files\PicClp32.CAB
[2000/05/23 13:43:26 | 000,204,656 | ---- | C] () -- C:\Program Files\MSHFlxGd.CAB
[2000/05/23 13:43:24 | 000,086,616 | ---- | C] () -- C:\Program Files\Msrdc20.cab
[2000/05/23 13:43:22 | 000,086,666 | ---- | C] () -- C:\Program Files\MSMask32.CAB
[2000/05/23 13:43:18 | 000,114,278 | ---- | C] () -- C:\Program Files\MSDatLst.CAB
[2000/05/23 13:43:14 | 000,447,654 | ---- | C] () -- C:\Program Files\MSChrt20.CAB
[2000/05/23 13:43:14 | 000,239,354 | ---- | C] () -- C:\Program Files\comctl32.cab
[2000/04/12 13:00:22 | 000,485,280 | ---- | C] () -- C:\Program Files\oleaut32.dbg
[2000/02/24 13:03:04 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1999/07/30 08:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/12 07:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[1998/06/09 23:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/23 23:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/05/09 09:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
[2011/12/07 19:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\arcverify
[2011/09/29 11:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2011/12/07 19:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2011/09/29 11:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/01/05 02:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/01/05 02:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2011/01/05 02:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/12/07 19:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibackup
[2011/01/05 02:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/01/05 02:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/01/04 17:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/01/05 02:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/04 21:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaStor
[2011/12/07 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\restore
[2011/01/05 02:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/01/05 05:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/12/07 10:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2011/09/05 08:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/12/10 08:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/05 02:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/01/05 02:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/05 02:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2011/10/15 03:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/01/05 02:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/03 17:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/05 14:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\10A42
[2011/01/10 21:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Active Whois
[2011/01/05 05:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/01/05 05:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Bytemobile
[2011/09/08 13:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\CoffeeCup Software
[2011/12/07 10:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\DriverCure
[2011/09/25 10:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\eBookPro6
[2011/11/28 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\EPSON
[2011/09/28 10:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\FileZilla
[2011/11/28 13:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Garmin
[2011/09/26 15:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\GetRightToGo
[2011/11/20 17:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\gtk-2.0
[2011/01/05 05:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\IcoFX
[2011/01/05 05:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Leadertech
[2011/01/05 05:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\NCH Swift Sound
[2011/12/05 15:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Okaqf
[2011/01/05 05:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Passware
[2011/01/05 05:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\RecordPad
[2011/05/09 06:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\S3Browser
[2011/01/05 05:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\ScanSoft
[2011/12/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\SpeedMaxPc
[2011/03/07 09:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Temp
[2011/01/05 05:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Template
[2011/12/07 17:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Upokqi
[2011/01/05 05:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Viewpoint
[2011/01/05 05:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Virgin Broadband
[2011/05/24 06:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Gribble\Application Data\Vodafone
[2011/10/08 08:23:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job
[2011/12/10 08:50:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/10 13:01:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/12/09 18:00:02 | 000,000,454 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Registration3.job
[2011/12/07 10:56:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedMaxPc Update3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mike Gribble\Desktop\TDSSKiller.exe:SummaryInformation
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766

< End of report >

#6 Mike Gribble

Mike Gribble
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 10 December 2011 - 08:23 AM

Copy of extras log

OTL Extras logfile created on: 10/12/2011 12:26:46 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike Gribble\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.07% Memory free
4.84 Gb Paging File | 4.01 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 196.16 Gb Free Space | 65.81% Space Free | Partition Type: NTFS

Computer Name: VOSTRO1520-0 | User Name: Mike Gribble | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover -- (Laplink Software Inc.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{054D4329-747F-44E9-9357-5F1F26D15900}" = Netgear WGX102 Configuration Utility
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06B4455B-1E1A-4307-9B2D-0DF9EAF0E84B}" = MSDN Library - April 2002
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1E69E536-07E4-4585-A53C-757E3689B746}" = Altova StyleVision® 2011 rel. 2 sp1 Enterprise Edition
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{27DB10FA-8A51-465C-9349-306FC620EEB7}" = Passware Kit Standard 9.0
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel® PROSet
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}" = BT Openworld Dell Signup
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{52733E5C-5769-4ECE-925A-5E78D9F74C1A}" = Passware Kit Standard Demo 9.1
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5CBD9E11-07B5-4AF7-9A6F-421A7E33D3A2}" = InstallShield 11 Express Edition
"{602A205F-8D02-48EE-8782-262B2103B984}" = ScanSoft PDF Converter 3.0
"{643DDB7A-E108-40B2-BE77-5FFD50F83CA5}" = ArcSoft VideoImpression 2
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{70A21F7B-3D5F-4026-8244-7DB3F09C5F34}" = ShadowProtect Desktop
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71AA2137-C3F3-45C6-A408-81697FE5A3B8}" = PCmover Professional
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76109814-439E-46A1-8BD3-A3D5DEEF1FD6}" = NETGEAR XE102 Powerline Encryption Utility
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D895187-2B31-4CFD-84F0-8AACA91DBEE3}" = USBDriversLite
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Who Wants To Be A Millionaire - Party Edition
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95F37B19-714D-4AF6-B2D4-4721B7E73065}" = Microsoft MapPoint 2002 Europe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8947B85-DB36-4803-A799-18939E28DB58}" = Laplink Defrag Professional
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B05DF256-0658-11D6-AEEE-0004AC965DB0}" = Modem Setup for Nokia 6310i
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB49B376-1136-44B4-83FA-036334B59937}" = OLYMPUS Master 2
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}" = ArcSoft MediaImpression
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF690C1A-8C14-40FA-877E-77372A579E61}" = FTP Explorer
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D47A18EF-38BC-4951-A344-9800D3BF4D53}" = ScreenCamera
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DA82F00E-7294-40E7-B7A6-60B4C16C605E}" = Visual Studio.NET Baseline - English
"{DC7D5602-F375-4C55-927C-1C5C246CD9E1}" = MSG Systems Ltd's MSGPDM_MSP.xls
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DE43AA92-E8C0-4620-AFE2-FBD623C71643}" = Sizer 3.33
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Centre
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}" = HP Smart Web Printing 1.0
"{E304E05B-A86B-4B3C-BB57-9D0197442B09}" = Nokia PC Suite 4.81
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E83C2D54-5E65-4595-B59D-601B4467DDB1}" = NovaBACKUP
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA4ABA3D-10ED-449F-8D79-503CA2CFB373}" = NETGEAR XE102 Powerline Ethernet Adapter
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0804-2950-8354-4050" = ezs3 4.6.3
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Active Whois_is1" = Active Whois 3.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"AVS Disc Creator_is1" = AVS Disc Creator version 5.0.1
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.1
"AVS Image Converter_is1" = AVS Image Converter 1.3.3.146
"AVS Media Player_is1" = AVS Media Player 4.1.4.77
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.4.134
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"BT Voyager Modem AOL Test" = BT Voyager Modem AOL Test
"Canon iP90 series User Registration" = Canon iP90 series User Registration
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CD - DVD Publishing Service" = CD - DVD Publishing Service
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"CutePDF Writer Installation" = CutePDF Writer 2.8
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"Debut" = Debut Video Capture Software
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Photo Printer 720" = Dell Photo Printer 720
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"Entriq MediaSphere_is1" = Entriq MediaSphere 3.7.0.2
"EPSON PERFECTION V30_V300 PHOTO User’s Guide" = EPSON PERFECTION V30_V300 PHOTO Manual
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EscapeE" = RedTitan EscapeE
"ESET Online Scanner" = ESET Online Scanner v3
"ESPR265_270 User's Guide" = ESPR265_270 User's Guide
"FileZilla Client" = FileZilla Client 3.5.1
"Hardware Helper_is1" = Hardware Helper
"hp color inkjet cp1700 unistaller" = HP Color Inkjet CP1700 Uninstaller
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HTMLKit_is1" = HTML-Kit
"IcoFX_is1" = IcoFX 1.6.3
"ie8" = Windows Internet Explorer 8
"InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
"InstallShield_{054D4329-747F-44E9-9357-5F1F26D15900}" = Netgear WGX102 Configuration Utility
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{348E6CDF-A6AE-45E6-B0AB-65A07B3C715E}" = O2Micro Flash Memory Card Windows Driver
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft English Query" = Microsoft English Query
"Microsoft Office 97, Developer Edition Tools" = Microsoft Office 97, Developer Edition Tools
"Microsoft SQL Server 2000 (SQL2000)" = Microsoft SQL Server 2000 (SQL2000)
"Microsoft SQL Server 2000 Analysis Services" = Microsoft SQL Server 2000 Analysis Services
"Microsoft SQL Server 7.0" = Microsoft SQL Server 7.0
"MSC" = McAfee AntiVirus Plus
"MSDN Library - October 2001" = MSDN Library - October 2001
"MUSTEK 1200 UB v2.1" = MUSTEK 1200 UB v2.1
"Nero - Burning Rom!UninstallKey" = Nero 6
"NovaBACKUP" = NovaBACKUP
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Online TV & Radio Stations" = Online TV & Radio Stations v6.5
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"PCL -3000 v2.7" = PCL -3000 v2.7
"PrimoPDF4.0.2.5" = PrimoPDF
"Quick 3D Cover_is1" = Quick 3D Cover 2.0.1
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.24
"RealPlayer 6.0" = RealPlayer Basic
"S3 Browser_is1" = S3 Browser version 2.9.5
"Screen Recorder Gold_is1" = Screen Recorder Gold version 2.6
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sunplus CA533A" = Icatch(IV) Camera Driver
"Terminal Server Client" = Terminal Services Client
"TopOCR" = TopOCR 3.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.1.11
"Vodafone PC Assistant_is1" = Vodafone PC Assistant V1.7.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebPost" = Microsoft Web Publishing Wizard 1.53
"win32api" = Visual Basic Win32 API Declarations (Remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/12/2011 04:37:30 | Computer Name = VOSTRO1520-0 | Source = ESENT | ID = 490
Description = svchost (400) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 07/12/2011 04:47:07 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

Error - 07/12/2011 04:47:07 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

Error - 07/12/2011 04:47:07 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

Error - 07/12/2011 04:47:07 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

Error - 07/12/2011 04:47:07 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

Error - 07/12/2011 04:47:26 | Computer Name = VOSTRO1520-0 | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 07/12/2011 21:42:02 | Computer Name = VOSTRO1520-0 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 08/12/2011 21:42:01 | Computer Name = VOSTRO1520-0 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 10/12/2011 04:47:41 | Computer Name = VOSTRO1520-0 | Source = SQLCTR70 | ID = 1001
Description =

[ System Events ]
Error - 10/12/2011 04:47:44 | Computer Name = VOSTRO1520-0 | Source = Print | ID = 23
Description = Printer PrimoPDF failed to initialize because a suitable PrimoPDF
driver could not be found.

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The WLAN Transport service failed to start due to the following error:
%%1058

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%21

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP CUE DeviceDiscovery
Service service to connect.

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The HP CUE DeviceDiscovery Service service failed to start due to
the following error: %%1053

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service
to connect.

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The Net Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 10/12/2011 04:47:48 | Computer Name = VOSTRO1520-0 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053


< End of report >

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:06 AM

Posted 10 December 2011 - 02:44 PM

Good evening. :)

Run OTL.exe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

As long as nothing untoward happens with the above, and as there is very little going on it is unlikely that there will be any unusual side effects, you don't need to post the resulting log.
If after rebooting you think that the PC isn't playing nicely, stop here and post the log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***

  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Do I need to run defrogger in enable mode?

If you are asking if you need to run Defogger again to enable it, Yes... if Defogger disabled anything the first time you ran it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Also am I protected or could I get hit again (& if so any recommendations for prevention?)

The price of being a PC user is the potential to be a victim of malware - it's a sad fact of life.

File sharing is a risk factor because you can't guarantee what the files actually are. Porn surfing ditto because you cannot guarantee that the sites will be malware-free. Don't do either and you reduce, but not dismiss, the infection risks.

So long, and thanks for all the fish.

 

 


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:06 AM

Posted 16 December 2011 - 03:29 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users