RobMozza

Members
  • Content Count

    22
  • Joined

  • Last visited

Community Reputation

0 Neutral

About RobMozza

  • Rank
    Member
  • Birthday 09/18/1977

Profile Information

  • Location
    Co. Donegal
  1. Hi again, after running MBAM on an older laptop of mine I see it's infected with Hijack.System.Hidden. I had assumed that MBAM had removed this threat until I ran another MBAM scan and it was still present. After running a Kaspersky online scan I found an worm which apparently Kaspersky's KK.EXE would scan and remove. I've done this but something is not right, certain websites will not load (these include Windows Update and other sites like Kaspersky) hence I'm running in my 'seems to be favourite' Safe mode again! OK looking for more help sorting out this machine please? Here's my HiJackThis log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43:25, on 03/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - [url="http://www.pcpitstop.com/mhLbl.cab"]http://www.pcpitstop.com/mhLbl.cab[/url] O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [url="http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll"]http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll[/url] O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 4513 bytes
  2. [quote name='Rorschach112' post='113768' date='Nov 26 2009, 11:45 AM']skip that step and do the rest then do this [u]Now we need to create a new System Restore point.[/u] Click Start Menu > Run > type (or copy and paste) [color="blue"][b]%SystemRoot%\System32\restore\rstrui.exe[/b][/color] Press [b]OK[/b]. Choose [b]Create a Restore Point[/b] then click [b]Next[/b]. Name it and click [b]Create[/b], when the confirmation screen shows the restore point has been created click [b]Close[/b]. Next goto Start Menu > Run > type [color="blue"][b]cleanmgr[/b][/color] Click [b]OK[/b], Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the [b]More Options[/b] tab then click [b]Clean up[/b] on the system restore area and choose [b]Yes[/b] at the confirmation window which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click [b]OK[/b] then choose [b]Yes[/b] on the confirmation window.[/quote] Will do! Thanks for all your time and effort helping me out [b]Rorschach112[/b], it's certainly appreciated :-D Thanks again!
  3. [quote name='Rorschach112' post='113721' date='Nov 24 2009, 11:22 PM']Your logs are clean[/quote] Really? Are you sure? [quote name='Rorschach112' post='113721' date='Nov 24 2009, 11:22 PM'][b]Follow these steps to uninstall Combofix and tools used in the removal of malware[/b] [color="darkblue"][b][u]Uninstall ComboFix[/u][/b][/color] Remove Combofix now that we're done with it.[list] [*]Please press the [b]Windows Key[/b] and [b]R[/b] on your keyboard. This will bring up the Run... command. [*]Now type in [color="blue"][b]Combofix /Uninstall[/b][/color] in the runbox and click [b]OK[/b]. [color="green"](Notice the space between the "x" and "/")[/color] [img]http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg[/img] [*]Please follow the prompts to uninstall Combofix. [*]You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself. [/list][/quote] This 'Combofix' never seemed to work for me anyhow, hardly surprising that the uninstaller doesn't work either! [img]http://i47.tinypic.com/28245qp.jpg[/img] Awaiting further instructions please [b]Rorschach112[/b]
  4. [quote name='Rorschach112' post='113705' date='Nov 24 2009, 05:13 PM']kaspersky takes a while please let it run[/quote] Maybe you mis-understood me [b]Rorschach112[/b]? I did let it run, and it jumped by itself from 64% to finished. Haven't got the time to let it run for another four hours this evening, I'll crank it up again in the morning if I get chance. Obviously this infection seems to have the better of Kapersky? or maybe the fact that I did a search cocked things up? Anyway if I don't get revised instructions I will start running those three tests again early tomorrow. (TFC / MBAM / Kapersky) Let me know by tomorrow if thats suitable, many thanks once again in advance.
  5. [quote name='Rorschach112' post='113699' date='Nov 24 2009, 12:34 PM']if you cant get kaspersky running let me know I need to see the actual mbam log as well[/quote] MBAM log gone, saved it directly to USB stick, then over to this machine, pasted it in and deleted, since have used ccleaner so no hope of retrieval I'm afraid. That's why I was searching the infected machine just before Explorer.exe crashed. That crash is apparently because of that Stolen.Data information (according to Google) so unlikely that it's clean. Also looking unlikely that Kapersky will finish soon! Currently 57% and 2h 26mins running. Will have to get back to you when I'm back later. This is a tough cookie. [b]EDIT :[/b] This certainly is a bee hutch, I was watching the scan, suddenly it jumped from 64% to finished.. [img]http://i49.tinypic.com/219yqvo.jpg[/img] Definately something ot right here, I think I need to run those three steps again later tonight, let me know, thanks.
  6. [quote name='Rorschach112' post='113683' date='Nov 24 2009, 12:35 AM']hi Run OTL[list] [*]Under the [color="#0000FF"][b]Custom Scans/Fixes[/b][/color] box at the bottom, paste in the following [code]:OTL [2009/11/23 13:41:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2009/11/20 13:37:30 | 00,006,394 | ---- | M] () -- C:\WINDOWS\System32\krncode.dat [2009/11/20 13:37:30 | 00,001,575 | ---- | M] () -- C:\WINDOWS\System32\pwrcode.dat [2009/11/20 13:37:29 | 00,022,568 | ---- | M] () -- C:\WINDOWS\System32\wincode.dat [2009/11/20 13:37:23 | 00,045,768 | ---- | M] () -- C:\WINDOWS\System32\shifld2.old [2009/11/16 11:09:01 | 00,000,411 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat :Services :Reg :Files :Commands [purity] [emptytemp] [Reboot][/code] [*]Then click the [color="#FF0000"][b]Run Fix[/b][/color] button at the top [*]Let the program run unhindered, reboot the PC when it is done [/list]Download [url="http://oldtimer.geekstogo.com/TFC.exe"][color="#000000"][b]TFC[/b][/color][/url] to your desktop[list] [*]Open the file and close any other windows. [*]It [b][color="#FF0000"]will close all programs itself[/color][/b] when run, make sure to let it run uninterrupted. [*]Click the Start button to begin the process. The program should not take long to finish its job [*]Once its finished it should [b]reboot your machine[/b], if not, do this yourself to ensure a complete clean [/list]Please download Malwarebytes' Anti-Malware from [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Here[/b][/color][/url] Double Click mbam-setup.exe to install the application.[list] [*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b]. [*]The scan may take some time to finish,so please be patient. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b]. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. [*]Copy&Paste the entire report in your next reply. [/list]Extra Note: [color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.[/b][/color] Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan.[list=1] [*]Read through the requirements and privacy statement and click on [b]Accept[/b] button. [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b]. [*]When the downloads have finished, click on [b]Settings[/b]. [*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[/color] [/list] [*]Click on [b]My Computer[/b] under [b]Scan[/b]. [*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b]. [*]You will see a list of infected items there. Click on [b]Save Report As...[/b]. [*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button. Then post it here. [/list][/quote] OK, I'm up as far as the Kapersky Online scan (which is working) however Explorer.exe has crashed, I'm leaving the crash box open so to continue the scan. [img]http://i49.tinypic.com/24q200o.jpg[/img] Probably my fault that Explorer.exe crashed, I was searching for the latest mbam*.txt log file, the reason for this was that I had already pasted it into my reply window on a different machine and then for some unknown reason all my browser windows closed on me? So no MBAM log to share with you, however there was only one infection found, resident at: [b]C:\WINDOWS\system32\xmldm (Stolen.Data)[/b] I'll update this post once the scan has completed (it's been running for 1h46m and is only 49%) if it doesn't finished by 13:45hrs I will have to leave it running and get back to you later tonight (around 19:30hrs) Thanks again for your help, it's appreciated.
  7. [quote name='Rorschach112' post='113668' date='Nov 23 2009, 05:55 PM']open otl click the none button, under the custom scan box paste this in %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %SYSTEMDRIVE%\nvatabus.sys /s /md5 %SYSTEMDRIVE%\viamraid.sys /s /md5 %SYSTEMDRIVE%\nvata.sys /s /md5 %SYSTEMDRIVE%\nvgts.sys /s /md5 %SYSTEMDRIVE%\explorer.exe /s /md5 %SYSTEMDRIVE%\svchost.exe /s /md5 %SYSTEMDRIVE%\userinit.exe /s /md5 %SYSTEMDRIVE%\qmgr.dll /s /md5 %SYSTEMDRIVE%\ws2_32.dll /s /md5 %SYSTEMDRIVE%\proquota.exe /s /md5 %SYSTEMDRIVE%\iastorv.sys /s /md5 click run scan post the log it gives also don't post the logs in quotes[/quote] My apologies once again, here follows the log file: OTL logfile created on: 23/11/2009 19:56:27 - Run 1 OTL by OldTimer - Version 3.1.6.0 Folder = c:\documents and settings\administrator\desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 1014.08 Mb Total Physical Memory | 797.57 Mb Available Physical Memory | 78.65% Memory free 2.39 Gb Paging File | 2.29 Gb Available in Paging File | 96.12% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.80 Gb Total Space | 25.66 Gb Free Space | 36.77% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 120.73 Mb Total Space | 102.81 Mb Free Space | 85.16% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCZN1Z1J Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2009/11/21 10:38:16 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/02/06 16:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009/02/06 16:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/08/10 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/10 05:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/11/21 10:38:16 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/10/15 10:29:00 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/10 15:06:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/03/04 10:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2005/10/13 18:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe) SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe) SRV - [2005/08/16 16:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService) SRV - [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield) SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) SRV - [2005/07/12 18:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService) SRV - [2005/07/12 09:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device) SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe) SRV - [2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc) SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/10 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.euro.dell.com"]http://www.euro.dell.com[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5 FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/12 21:37:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/16 22:25:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/15 10:29:01 | 00,000,000 | ---D | M] [2009/11/07 15:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2009/11/07 15:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/07 17:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions [2009/11/07 15:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/07 17:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost 127.0.0.1 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL () O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc) O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc) O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe () O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security) O4 - HKLM..\Run: [MSKAGENTEXE] c:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.) O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} [url="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] (Checkers Class) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [url="http://www.bebo.com/files/BeboUploader.5.1.4.cab"]http://www.bebo.com/files/BeboUploader.5.1.4.cab[/url] (Bebo Uploader Control) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} [url="http://sell.autotrader.ie/ie-ola/common/TraderMediaX.cab"]http://sell.autotrader.ie/ie-ola/common/TraderMediaX.cab[/url] (TraderMediaImgX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url] (Symantec AntiVirus scanner) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} [url="http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx"]http://download.tenebril.com/pub/bin/scann...wareScanner.ocx[/url] (TenebrilSpywareScanner Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [url="http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url] (MSN Photo Upload Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [url="http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab"]http://download.bitdefender.com/resources/...can8/oscan8.cab[/url] (BDSCANONLINE Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url] (Symantec RuFSI Utility Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [url="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[/url] (MessengerStatsClient Class) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [url="http://ax.emsisoft.com/asquared.cab"]http://ax.emsisoft.com/asquared.cab[/url] (a-squared Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} [url="https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab"]https://ebanking.nationalirishbank.ie/html/...B/e-Safekey.cab[/url] (e-Safekey) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (stera) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color="#E56717"]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/11/23 13:41:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm [2009/11/22 15:14:43 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009/11/21 18:26:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Latest Logs [2009/11/21 10:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/11/20 17:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2009/11/20 17:46:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/20 17:46:55 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/20 17:46:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/20 17:46:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/20 17:40:34 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2009/11/20 17:40:33 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/11/20 14:03:33 | 00,000,000 | ---D | C] -- C:\_OTM [2009/11/20 14:02:46 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2009/11/20 13:38:13 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache [2009/11/20 13:37:55 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2009/11/20 13:37:34 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2009/11/19 12:37:59 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/11/19 08:34:43 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/11/18 10:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live [2009/11/17 11:51:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/17 11:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\BACKUP [2009/11/17 11:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ERUNT [2009/11/17 11:47:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe [2009/11/16 10:07:02 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/11/16 10:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/11/16 10:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/11/16 09:58:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/16 09:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [color="#E56717"]========== Files - Modified Within 14 Days ==========[/color] [2009/11/23 19:53:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/23 13:43:24 | 00,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2009/11/23 13:43:24 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009/11/23 13:43:21 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2009/11/23 13:36:38 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe [2009/11/22 15:15:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/22 15:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76E0F463-1A91-4248-B150-7742B07564B7}.job [2009/11/22 15:15:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{06C192D7-0556-4524-8580-890DBFA8DADA}.job [2009/11/22 15:11:28 | 00,130,720 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF [2009/11/21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009/11/21 10:49:29 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\user.cfg [2009/11/20 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DCZN1Z1J-derrick melly).job [2009/11/20 17:46:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/20 17:38:35 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/20 17:38:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/20 17:38:35 | 00,000,209 | ---- | M] () -- C:\boot.ini [2009/11/20 17:35:36 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/11/20 17:33:52 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2009/11/20 14:02:16 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe [2009/11/20 13:37:30 | 00,006,394 | ---- | M] () -- C:\WINDOWS\System32\krncode.dat [2009/11/20 13:37:30 | 00,001,575 | ---- | M] () -- C:\WINDOWS\System32\pwrcode.dat [2009/11/20 13:37:29 | 00,022,568 | ---- | M] () -- C:\WINDOWS\System32\wincode.dat [2009/11/20 13:37:23 | 00,045,768 | ---- | M] () -- C:\WINDOWS\System32\shifld2.old [2009/11/20 13:07:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/19 12:57:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1005UA.job [2009/11/19 12:57:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1005Core.job [2009/11/19 12:51:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1011UA.job [2009/11/19 12:37:19 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2009/11/19 12:22:23 | 00,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/11/18 10:44:56 | 03,565,213 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/18 09:49:58 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/17 11:51:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/16 13:51:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1011Core.job [2009/11/16 11:09:01 | 00,000,411 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2009/11/16 10:06:14 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/16 09:28:11 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2009/11/23 13:41:14 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe [2009/11/22 15:03:03 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe [2009/11/20 17:46:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/18 09:48:35 | 03,565,213 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/17 11:51:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/16 10:07:36 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/16 10:06:14 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/08 14:20:53 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009/06/12 21:25:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/05/14 13:43:50 | 00,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007/12/25 22:16:45 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/03/14 11:04:08 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/01/11 13:22:05 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll [2007/01/11 13:22:04 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll [2007/01/11 13:22:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/04/15 02:30:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2005/11/30 08:53:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/30 08:49:23 | 00,001,960 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/11/30 08:19:38 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll [2005/11/30 08:19:38 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll [2005/11/30 08:19:36 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll [2005/11/30 08:19:36 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll [2005/11/30 08:19:36 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll [2005/11/30 08:19:36 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll [2005/11/30 08:19:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll [2005/11/30 08:19:34 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll [2005/11/30 08:19:34 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll [2005/11/30 08:19:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll [2005/11/30 08:19:34 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll [2005/11/30 08:19:32 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll [2005/11/30 08:19:32 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll [2005/11/30 08:19:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll [2005/11/30 08:19:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll [2005/11/30 08:19:30 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll [2005/11/30 08:18:06 | 00,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 20:52:01 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2005/08/16 04:50:36 | 04,240,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2005/08/16 04:50:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 04:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 04:18:43 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/16 04:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/16 04:18:33 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 14:16:00 | 00,000,618 | ---- | C] () -- C:\WINDOWS\System32\dlcjplc.ini [color="#E56717"]========== LOP Check ==========[/color] [2008/10/25 09:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard [2005/11/30 08:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2008/01/23 19:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2007/03/29 14:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey [2009/05/12 21:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2008/10/23 16:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS [2008/10/23 04:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming [2009/05/12 21:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/02/07 10:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/12/06 23:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2007/02/08 14:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar [2009/06/29 10:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/16 10:06:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/18 09:49:58 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/22 15:15:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/22 15:15:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{06C192D7-0556-4524-8580-890DBFA8DADA}.job [2009/11/22 15:15:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{76E0F463-1A91-4248-B150-7742B07564B7}.job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color] [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll [color="#A23BEC"]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color] [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll [2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [color="#A23BEC"]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color] [2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll [2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll [color="#A23BEC"]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color] [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups12\DriverFiles\i386\atapi.sys [color="#A23BEC"]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color] [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys [2009/11/08 16:26:24 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [color="#A23BEC"]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\viamraid.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\nvata.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\nvgts.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\explorer.exe /s /md5 >[/color] [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe [2007/06/13 11:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2004/08/10 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe [color="#A23BEC"]< %SYSTEMDRIVE%\svchost.exe /s /md5 >[/color] [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe [2004/08/10 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe [color="#A23BEC"]< %SYSTEMDRIVE%\userinit.exe /s /md5 >[/color] [2008/04/14 00:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe [2008/04/14 00:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe [2004/08/10 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe [color="#A23BEC"]< %SYSTEMDRIVE%\qmgr.dll /s /md5 >[/color] [2008/04/14 00:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll [2008/04/14 00:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll [2004/08/10 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\system32\qmgr.dll [color="#A23BEC"]< %SYSTEMDRIVE%\ws2_32.dll /s /md5 >[/color] [2008/04/14 00:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll [2008/04/14 00:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll [2004/08/10 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll [color="#A23BEC"]< %SYSTEMDRIVE%\proquota.exe /s /md5 >[/color] [2008/04/14 00:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\proquota.exe [2008/04/14 00:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe [2004/08/10 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\system32\proquota.exe [color="#A23BEC"]< %SYSTEMDRIVE%\iastorv.sys /s /md5 >[/color] < End of report > [b][u]Extras.txt[/b][/u] OTL Extras logfile created on: 23/11/2009 19:56:27 - Run 1 OTL by OldTimer - Version 3.1.6.0 Folder = c:\documents and settings\administrator\desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 1014.08 Mb Total Physical Memory | 797.57 Mb Available Physical Memory | 78.65% Memory free 2.39 Gb Paging File | 2.29 Gb Available in Paging File | 96.12% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.80 Gb Total Space | 25.66 Gb Free Space | 36.77% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 120.73 Mb Total Space | 102.81 Mb Free Space | 85.16% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCZN1Z1J Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 [color="#E56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\World of Warcraft\WoW.exe" = C:\World of Warcraft\WoW.exe:*:Enabled:World of Warcraft -- File not found "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skypeâ„¢ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(tm) 6 Update 16 "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(tm) 6 Update 3 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar) "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5 "{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar) "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar) "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite "{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF311797-7DE8-4770-B16A-6475434E03FB}" = 964plc32 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AudibleManager" = AudibleManager "CCleaner" = CCleaner (remove only) "D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0) "Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964 "E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2) "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] "Google Updater" = Google Updater "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23 "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Uninstall Utility" = McAfee Uninstaller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "Picasa 3" = Picasa 3 "PROSet" = Intel® PRO Network Connections Drivers "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 18/11/2009 05:54:26 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x0145be03. Error - 18/11/2009 06:38:53 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application stinger1001624.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 18/11/2009 06:39:28 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application stinger1001624.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 18/11/2009 06:40:13 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application stinger1001624.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 20/11/2009 14:07:32 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application mcvsshld.exe, version 10.0.0.22, faulting module unknown, version 0.0.0.0, fault address 0x7fdd9f43. Error - 20/11/2009 14:19:52 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18702, fault address 0x0019d613. Error - 21/11/2009 06:41:48 | Computer Name = DCZN1Z1J | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_29_0_1004.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 21/11/2009 14:30:12 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x04176000. Error - 22/11/2009 11:08:09 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application gmer.exe, version 1.0.15.15252, faulting module unknown, version 0.0.0.0, fault address 0x7c9f1bcb. Error - 22/11/2009 11:12:26 | Computer Name = DCZN1Z1J | Source = Application Error | ID = 1000 Description = Faulting application gmer.exe, version 1.0.15.15252, faulting module unknown, version 0.0.0.0, fault address 0x7c9f1bcb. [ System Events ] Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 23/11/2009 15:54:24 | Computer Name = DCZN1Z1J | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MPFIREWL MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vspf vspf_hk Error - 23/11/2009 15:54:39 | Computer Name = DCZN1Z1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 23/11/2009 15:55:50 | Computer Name = DCZN1Z1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 23/11/2009 15:55:59 | Computer Name = DCZN1Z1J | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report >
  8. [quote name='Rorschach112' post='113649' date='Nov 22 2009, 05:14 PM']please don't edit your logs, otherwise I am missing things Please save [url="http://ad13.geekstogo.com/Win32kDiag.exe"]this[/url] file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.[/quote] Apologies for my 'edits' [b][u]Results of the Win32kDiag:[/b][/u] [quote]Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished![/quote] erm, is it supposed to be like that?
  9. [quote name='Rorschach112' post='113632' date='Nov 21 2009, 08:08 PM']ok[/quote] [img]http://i48.tinypic.com/34o7n9j.jpg[/img] (This happens in both normal and safe mode) So.... Getting thwarted at every step here! Heeeeeellllllppppp!!
  10. [quote name='Rorschach112' post='113613' date='Nov 21 2009, 11:55 AM']hi Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop. [color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color] Double-click [b]gmer.exe[/b]. The program will begin to run. [color="red"][b]**Caution**[/b] These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised by a trained Security Analyst[/color] If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list] [*]Click [b]NO[/b] [*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]Unchecked[/b]. [*]Now click the Scan button. [i]Once the scan is complete, you may receive another notice about rootkit activity.[/i] [*]Click OK. [*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]" [*]Save it where you can easily find it, such as your desktop. [/list]Post the contents of GMER.txt in your next reply.[/quote] Will try this tomorrow, thanks.
  11. [quote name='Rorschach112' post='113595' date='Nov 20 2009, 11:05 PM']can you download combofix again and try run that[/quote] Still getting those same errors trying ComboFix.. which is wierd as IE 8 is working properly now? Currently trying a full scan with MBAM, whilst also running the online Housecall scan. [b]EDIT :[/b] Well the Housecall scan finished in a matter of seconds, even with Full Scan selected, so something isn't right there. Now trying to run BitDefenders online scan, similiar problem to Housecall, finished far too quickly reporting no threats found... Think I'm gonna revert back to safe mode and try these scans again. [b]EDIT, EDIT :[/b] Well, back in my beloved safe mode! Combofix still doesn't play ball unfortunately, and Housecall ends it's scan in about two seconds, so that's still playing up. On the otherhand Bitdefender is actually scanning now, so maybe thats getting somewhere? Also updated MBAM and Adaware and running all of those as well. Will post again once those results are seen. [b]EDIT, EDIT, EDIT :[/b] [b][u]MBAM Log:[/b][/u] [quote]Malwarebytes' Anti-Malware 1.41 Database version: 3202 Windows 5.1.2600 Service Pack 2 (Safe Mode) 21/11/2009 18:16:18 mbam-log-2009-11-21 (18-16-04).txt Scan type: Full Scan (C:\|) Objects scanned: 293374 Time elapsed: 4 hour(s), 16 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 30 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken. Files Infected: C:\WINDOWS\system32\xmldm\FromJava01CA6A0C9B8BD974_00003912_product.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0C9B9562DC_00003912_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD6B1A1A_00003912_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD93A214_00003912_0661C118.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD93A214_00003912_appinfo.kls (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD93A214_00003912_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD96046E_00003912_0661C118.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0CAD96046E_00003912_appinfo.kls (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D96553454_00000544_product.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D965C5B62_00000544_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D96CA078E_00000544_product.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9A4CDE18_00000520_product.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9A58C9DA_00000520_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9CF45C4A_00000520_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9DCFB4A2_00000520_update.conf (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9DD6DBB0_00000520_0661C118.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9DD6DBB0_00000520_appinfo.kls (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9DE06518_00000520_0661C118.key (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\FromJava01CA6A0D9DE06518_00000520_appinfo.kls (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\housecall_UAs002.dat (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][2].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][3].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][2].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken. C:\WINDOWS\system32\xmldm\[email protected][1].txt (Stolen.Data) -> No action taken.[/quote] [b][u]BitDefender Log[/u][/b] (Was stopped early to reboot from MBAM) [quote]BitDefender Online Scanner Scan report generated at: Sat, Nov 21, 2009 - 18:16:56 Scan path: C:\;D:\;F:\;G:\;H:\;I:\; Statistics Time 07:25:30 Files 212173 Folders 9177 Boot Sectors 0 Archives 4622 Packed Files 9518 Results Identified Viruses 1 Infected Files 1 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 0 Engines Info Virus Definitions 4570138 Engine build AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009) Scan plugins 17 Archive plugins 44 Unpack plugins 8 E-mail plugins 6 System plugins 4 Scan Settings First Action Disinfect Second Action Prompt Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\derrick melly\Local Settings\Temp\nps2F.tmp=>(JAVASCRIPT) Infected with: Exploit.PDF-JS.Gen C:\Documents and Settings\derrick melly\Local Settings\Temp\nps2F.tmp=>(JAVASCRIPT) Disinfection failed[/quote] ^^ Above file manually removed (using EBD Commander's console)
  12. [quote name='Rorschach112' post='113584' date='Nov 20 2009, 05:08 PM']hi Download [url="http://oldtimer.geekstogo.com/TFC.exe"][color="#000000"][b]TFC[/b][/color][/url] to your desktop[list] [*]Open the file and close any other windows. [*]It [b][color="#FF0000"]will close all programs itself[/color][/b] when run, make sure to let it run uninterrupted. [*]Click the Start button to begin the process. The program should not take long to finish its job [*]Once its finished it should [b]reboot your machine[/b], if not, do this yourself to ensure a complete clean [/list][/quote] Well that certainly got the IP address working and assigned, onwards!! [quote name='Rorschach112' post='113584' date='Nov 20 2009, 05:08 PM']Please download Malwarebytes' Anti-Malware from [url="http://www.malwarebytes.org/mbam-download.php"][color="#2E8B57"][b]Here[/b][/color][/url] Double Click mbam-setup.exe to install the application.[list] [*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b]. [*]The scan may take some time to finish,so please be patient. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b]. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) [*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. [*]Copy&Paste the entire report in your next reply. [/list]Extra Note: [color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.[/b][/color][/quote] Just ran then.. [b][u]MBAM Log[/u][/b] [quote]Malwarebytes' Anti-Malware 1.41 Database version: 3202 Windows 5.1.2600 Service Pack 2 (Safe Mode) 20/11/2009 18:01:48 mbam-log-2009-11-20 (18-01-47).txt Scan type: Quick Scan Objects scanned: 159415 Time elapsed: 5 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 19 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 39 Files Infected: 293 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{1c1ebef0-37cf-4408-b494-f6c000fd6ed7} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{339949fb-4a8c-4aa3-bd04-8b888d9a642a} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf3e4737-a002-49ce-8e07-3460cb177a28} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{30fcf052-3649-4543-b924-ba7ab9facc8a} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{050c8642-c1a9-480b-95a1-55fecb2b8c9a} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\acroie.dll (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\FunWebProducts\Data\stephen melly (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\tara\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xmldm (Stolen.Data) -> Files: 377 -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\petra\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\tara\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\stephen melly\Application Data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\Shaun\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> Quarantined and deleted successfully. C:\Documents and Settings\petra\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\derrick melly\Local Settings\Temporary Internet Files\evagaq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\derrick melly\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.[/quote] Hmm, just a few then! lol :-( [quote name='Rorschach112' post='113584' date='Nov 20 2009, 05:08 PM']Go to [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b][color="red"]Kaspersky website[/color][/b][/url] and perform an online antivirus scan.[list=1] [*]Read through the requirements and privacy statement and click on [b]Accept[/b] button. [*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click [b]Run[/b]. [*]When the downloads have finished, click on [b]Settings[/b]. [*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the [b]Save[/b] button: [list][color="red"]Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases[/color] [/list] [*]Click on [b]My Computer[/b] under [b]Scan[/b]. [*]Once the scan is complete, it will display the results. Click on [b]View Scan Report[/b]. [*]You will see a list of infected items there. Click on [b]Save Report As...[/b]. [*]Save this report to a convenient place. Change the [b]Files of type[/b] to [b]Text file (.txt)[/b] before clicking on the [b]Save[/b] button. Then post it here. [/list][/quote] Right doing that now, in normal mode or safe mode? [b]EDIT:[/b] Assuming normal mode.. Running that now :-) [b]EDIT, EDIT:[/b] hmmm program updates 100% completed however virus definitions stuck a 0% Google'd it and it seems to happen quite a bit, I've had enough for today so gonna turn in and go an get some dinner. If you can think of another online scanner which is as complete as Kaspersky or any further suggestions for tomorrow? Thanks in advance,
  13. [quote name='Rorschach112' post='113530' date='Nov 19 2009, 10:32 PM']does this fix internet explorer for you ? 1. Download [url="http://windowsxp.mvps.org/utils/IEFix.zip"][b]IEFix[/b][/url], unzip it to your Desktop, and run it. 2. Click the [b]Apply[/b] button. 3. You'll be prompted for the Operating System CD or the Service Pack Files location:[list] [*]If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles" [*]If you [color="red"][b]don't[/b][/color] have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click [color="blue"][b]Cancel[/b][/color] when you see a dialog similar to the image below. IEFix will continue with DLL registration part. [img]http://img171.imageshack.us/img171/4455/rawrid1.png[/img] [*]Restart Windows. [/list][/quote] Apparently [b]Internet Explorer 7 is currently not supported[/b] So cannot complete that stage, I even tried to use 'IE Tabs' in Portable Firefox to run Windows Update and upgrade to SP3 however it just sat there doing nothing for hours. Then decided to try downloading IE8 (although I'm not actually keen on IE8, if it works and enables me to continue then that'll be good enough!) When installing IE8, I was amused to see the "Checking your computer for Malicious Software" as it didnt seem to find anything :-( IE8 supposedly installed, restarting now... hmm it's seeing the default gateway however im not getting an ip address assigned, tried IPCONFIG /RELEASE then /RENEW with no luck. IE8 loads and looks significantly better than IE7 which was mostly grey out, however im not getting an internet connection at all now, even in Safe mode with Networking... Maybe trying IE8 over the top of messed up IE7 wasn't the idea solution... Sorry if I've now caused extra work. [quote name='Rorschach112' post='113530' date='Nov 19 2009, 10:32 PM']Please [b]download[/b] [url="http://oldtimer.geekstogo.com/OTM.exe"][b][color="red"]OTM[/color][/b][/url] [list] [*] [b]Save[/b] it to your [b]desktop[/b]. [*] Please double-click [b]OTM[/b] to run it. ([b]Note:[/b] If you are running on Vista, right-click on the file and choose [b]Run As Administrator[/b]). [*][b]Copy the lines in the codebox below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]): [code]&#58;Processes &#58;Services &#58;Reg &#58;Files C&#58;\Documents and Settings\All Users\Application Data\11300624 &#58;Commands &#91;purity&#93; &#91;emptytemp&#93; &#91;Reboot&#93;[/code] [*]Return to OTM, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window (under the yellow bar) and choose [b]Paste[/b]. [*]Click the red [b]Moveit![/b] button. [*][b]Copy everything in the Results window (under the green bar) to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose copy), and paste it in your next reply. [*]Close [b]OTM[/b] and reboot your PC. [/list][b]Note:[/b] If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b] In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter [b]*.log[/b] and press the Enter key, navigate to the [b]C:\_OTMoveIt\MovedFiles[/b] folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.[/quote] [b][u]OTM Log File[/u][/b] [quote]All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Documents and Settings\All Users\Application Data\11300624 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 185119 bytes ->Temporary Internet Files folder emptied: 371012 bytes ->FireFox cache emptied: 0 bytes User: All Users User: B2B ->Temp folder emptied: 187500 bytes ->Temporary Internet Files folder emptied: 938304 bytes ->Java cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: derrick melly User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: guest computr User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Google Chrome cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: petra ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes User: Shaun ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: stephen melly ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: tara ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1930240 bytes Windows Temp folder emptied: 66016 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 694942 bytes Total Files Cleaned = 4.27 mb OTM by OldTimer - Version 3.1.2.0 log created on 11202009_140333[/quote] Hoping that we're getting somewhere? This is double dutch to me!!
  14. [quote name='Rorschach112' post='113514' date='Nov 19 2009, 12:11 PM']hi, orig msg was here[/quote] Again I'm getting the same problem with Combo-fix, my IE browser isn't working hence the same error messages and Combo-fix not loading [b]EDIT:[/b] [url="http://i45.tinypic.com/3029c3r.jpg"]http://i45.tinypic.com/3029c3r.jpg[/url] Not only that error seen above but all of these as well: [quote]32788R22FWJFW\iexplore.exe \hidec.exe \n.pif \nircmd.cfxxe[/quote]
  15. Thanks [b]Rorschach112[/b], doing that now... How did you know I was Irish? Did you IP Check my post? Here's the output file: [quote]All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{050C8642-C1A9-480b-95A1-55FECB2B8C9A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{050C8642-C1A9-480b-95A1-55FECB2B8C9A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C82725DF-4A33-4a17-83CE-1A4BB0733687}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C82725DF-4A33-4a17-83CE-1A4BB0733687}\ deleted successfully. C:\WINDOWS\system32\iih.dll moved successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{e3623691-f85d-48d8-8e4d-abe79077f841} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3623691-f85d-48d8-8e4d-abe79077f841}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361ac05d-0e0d-11da-9aa9-806d6172696f}\ not found. File E:\setup.exe not found. C:\WINDOWS\system32\delself.bat moved successfully. C:\WINDOWS\_000002_.tmp.dll moved successfully. C:\WINDOWS\_000005_.tmp.dll moved successfully. C:\Documents and Settings\All Users\Application Data\ovabi.exe moved successfully. C:\Documents and Settings\All Users\Application Data\yvunokoj.inf moved successfully. C:\Documents and Settings\All Users\Application Data\wyboj.ban moved successfully. C:\WINDOWS\wavyjalo.sys moved successfully. C:\Documents and Settings\All Users\Application Data\qawuvotajy.sys moved successfully. C:\WINDOWS\system32\prcscan.dll moved successfully. Folder C:\Documents and Settings\All Users\Application Data\11300624\ not found. File move failed. C:\Documents and Settings\All Users\Application Data\328193068\ scheduled to be moved on reboot. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 75348067 bytes ->Temporary Internet Files folder emptied: 110641538 bytes ->FireFox cache emptied: 69309339 bytes User: All Users User: B2B ->Temp folder emptied: 20912314 bytes ->Temporary Internet Files folder emptied: 514848 bytes ->Java cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: derrick melly User: Guest ->Temp folder emptied: 50789976 bytes ->Temporary Internet Files folder emptied: 532424 bytes ->FireFox cache emptied: 367623 bytes User: guest computr User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 13551557 bytes ->Google Chrome cache emptied: 6231333 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 37687 bytes User: petra ->Temp folder emptied: 1789952533 bytes ->Temporary Internet Files folder emptied: 388902107 bytes ->Java cache emptied: 1693784 bytes ->FireFox cache emptied: 21679477 bytes ->Google Chrome cache emptied: 16376572 bytes ->Apple Safari cache emptied: 0 bytes User: Shaun ->Temp folder emptied: 18274469 bytes ->Temporary Internet Files folder emptied: 62757676 bytes User: stephen melly ->Temp folder emptied: 639607326 bytes ->Temporary Internet Files folder emptied: 319820708 bytes ->Java cache emptied: 20149 bytes ->FireFox cache emptied: 6844416 bytes User: tara ->Temp folder emptied: 1265666 bytes ->Temporary Internet Files folder emptied: 55331241 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1843824 bytes Windows Temp folder emptied: 16384 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23946198 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = -570.55 mb OTL by OldTimer - Version 3.1.6.0 log created on 11192009_075642 Files\Folders moved on Reboot... Folder move failed. C:\Documents and Settings\All Users\Application Data\328193068\ scheduled to be moved on reboot. Registry entries deleted on Reboot...[/quote] Although it never did get rid of that [b]328193068[/b] directory, so I booted EBD Commander and manually removed it using the console. Running a fresh quick scan now.. [b][u]OTL.TXT[/b][/u] [quote]OTL logfile created on: 19/11/2009 09:45:47 - Run 2 OTL by OldTimer - Version 3.1.6.0 Folder = c:\documents and settings\administrator\desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 1014.08 Mb Total Physical Memory | 748.49 Mb Available Physical Memory | 73.81% Memory free 2.39 Gb Paging File | 2.29 Gb Available in Paging File | 95.97% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.80 Gb Total Space | 25.42 Gb Free Space | 36.42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3.72 Gb Total Space | 3.42 Gb Free Space | 92.03% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DCZN1Z1J Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2009/09/24 11:17:39 | 00,778,072 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/09/24 11:17:32 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/02/06 16:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/08/10 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- c:\Documents and Settings\Administrator\Desktop\OTL.exe MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/10 05:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/10/15 10:29:00 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/24 11:17:32 | 01,169,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/09/10 15:06:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/03/04 10:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2005/10/13 18:56:16 | 00,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe) SRV - [2005/08/24 16:01:04 | 00,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe) SRV - [2005/08/16 16:11:40 | 00,548,864 | ---- | M] (McAfee Corporation) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService) SRV - [2005/08/10 11:22:02 | 00,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield) SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched) SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc) SRV - [2005/07/12 18:10:18 | 00,963,072 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService) SRV - [2005/07/12 09:33:02 | 00,491,520 | ---- | M] () -- C:\WINDOWS\System32\dlcjcoms.exe -- (dlcj_device) SRV - [2005/07/01 19:22:50 | 00,245,760 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe) SRV - [2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc) SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/10 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = [url="http://www.euro.dell.com"]http://www.euro.dell.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.euro.dell.com"]http://www.euro.dell.com[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5 FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/12 21:37:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/16 22:25:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/15 10:29:01 | 00,000,000 | ---D | M] [2009/11/07 15:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2009/11/07 15:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/07 17:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions [2009/11/07 15:47:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/07 17:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b2juw66t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost 127.0.0.1 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BuildBU] c:\dell\bldbubg.exe () O4 - HKLM..\Run: [DLCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL () O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc) O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc) O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe () O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security) O4 - HKLM..\Run: [MSKAGENTEXE] c:\Program Files\McAfee\SpamKiller\MSKAgent.exe (McAfee Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.) O4 - HKLM..\Run: [QuickTime Task] c:\program files\quicktime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.) O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra 'Tools' menuitem : IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} [url="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url] (Checkers Class) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} [url="http://www.bebo.com/files/BeboUploader.5.1.4.cab"]http://www.bebo.com/files/BeboUploader.5.1.4.cab[/url] (Bebo Uploader Control) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} [url="http://sell.autotrader.ie/ie-ola/common/TraderMediaX.cab"]http://sell.autotrader.ie/ie-ola/common/TraderMediaX.cab[/url] (TraderMediaImgX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [url="http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab"]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url] (Symantec AntiVirus scanner) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [url="http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab"]http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[/url] (MSN Photo Upload Tool) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [url="http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab"]http://download.bitdefender.com/resources/...can8/oscan8.cab[/url] (BDSCANONLINE Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url] (Symantec RuFSI Utility Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebook.com/controls/2009.0...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [url="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab[/url] (MessengerStatsClient Class) O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} [url="http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe"]http://update.videoegg.com/Install/Windows...ggPublisher.exe[/url] (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [url="http://ax.emsisoft.com/asquared.cab"]http://ax.emsisoft.com/asquared.cab[/url] (a-squared Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab"]http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[/url] (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} [url="https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab"]https://ebanking.nationalirishbank.ie/html/...B/e-Safekey.cab[/url] (e-Safekey) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url] (Reg Error: Key error.) O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/16 04:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (stera) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 04:22:48 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) MsConfig - Services: "avast! Web Scanner" MsConfig - Services: "avast! Mail Scanner" MsConfig - Services: "avast! Antivirus" MsConfig - Services: "aswUpdSv" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) [color="#E56717"]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/11/19 08:34:43 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/11/19 07:56:42 | 00,000,000 | ---D | C] -- C:\_OTL [2009/11/18 10:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live [2009/11/18 10:32:08 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW [2009/11/17 11:51:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/17 11:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\BACKUP [2009/11/17 11:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ERUNT [2009/11/17 11:47:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Administrator\Desktop\SysRestorePoint.exe [2009/11/16 10:07:02 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009/11/16 10:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009/11/16 10:05:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/11/16 09:58:55 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/16 09:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/11/08 14:23:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009/11/08 14:22:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\profile [2009/11/08 14:21:56 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2009/11/07 18:18:34 | 00,000,000 | -H-D | C] -- C:\ErdUndoCache [2009/11/07 17:55:04 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe [2009/11/07 17:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2009/11/07 15:48:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2009/11/07 15:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2009/11/07 15:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2009/11/07 15:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2009/11/07 15:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2009/11/07 15:23:15 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [color="#E56717"]========== Files - Modified Within 14 Days ==========[/color] [2009/11/19 09:39:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/19 08:45:17 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2009/11/19 08:45:16 | 00,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat [2009/11/19 08:45:15 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2009/11/18 13:39:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2009/11/18 10:44:56 | 03,565,213 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/18 10:38:19 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\user.cfg [2009/11/18 09:59:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/18 09:57:00 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1005UA.job [2009/11/18 09:55:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{76E0F463-1A91-4248-B150-7742B07564B7}.job [2009/11/18 09:55:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{06C192D7-0556-4524-8580-890DBFA8DADA}.job [2009/11/18 09:51:05 | 00,130,720 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF [2009/11/18 09:51:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1011UA.job [2009/11/18 09:49:58 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/17 11:51:05 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/16 13:51:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1011Core.job [2009/11/16 12:57:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529866745-2430710030-2933998608-1005Core.job [2009/11/16 11:09:01 | 00,000,411 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat [2009/11/16 10:06:14 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/16 09:34:49 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/16 09:34:49 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/16 09:34:49 | 00,000,209 | ---- | M] () -- C:\boot.ini [2009/11/16 09:28:11 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/11/16 08:30:27 | 00,022,568 | ---- | M] () -- C:\WINDOWS\System32\wincode.dat [2009/11/16 08:30:27 | 00,006,394 | ---- | M] () -- C:\WINDOWS\System32\krncode.dat [2009/11/16 08:30:27 | 00,001,575 | ---- | M] () -- C:\WINDOWS\System32\pwrcode.dat [2009/11/16 08:30:17 | 00,045,768 | ---- | M] () -- C:\WINDOWS\System32\shifld2.old [2009/11/16 08:05:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/08 14:20:53 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009/11/07 18:44:01 | 00,443,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/07 18:44:00 | 00,525,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/07 18:44:00 | 00,072,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/07 17:37:18 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DCZN1Z1J-derrick melly).job [2009/11/07 17:35:14 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe [2009/11/07 17:35:08 | 07,280,672 | ---- | M] () -- C:\SUPERAntiSpyware.exe [2009/11/07 17:30:59 | 00,061,037 | ---- | M] () -- C:\Scan01.JPG [color="#E56717"]========== Files Created - No Company Name ==========[/color] [2009/11/18 09:48:35 | 03,565,213 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2009/11/17 11:51:05 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk [2009/11/16 10:07:36 | 00,000,458 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/11/16 10:06:14 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/11/08 14:20:53 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009/11/07 17:55:05 | 07,280,672 | ---- | C] () -- C:\SUPERAntiSpyware.exe [2009/11/07 17:30:59 | 00,061,037 | ---- | C] () -- C:\Scan01.JPG [2009/06/12 21:25:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/05/14 13:43:50 | 00,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007/12/25 22:16:45 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2007/03/14 11:04:08 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2007/01/11 13:22:05 | 01,122,304 | ---- | C] () -- C:\WINDOWS\System32\dlcjusb1.dll [2007/01/11 13:22:04 | 01,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcjserv.dll [2007/01/11 13:22:04 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjprox.dll [2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/04/15 02:30:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2005/11/30 08:53:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/11/30 08:49:23 | 00,001,960 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/11/30 08:19:38 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcjjswr.dll [2005/11/30 08:19:38 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsr.dll [2005/11/30 08:19:36 | 00,630,784 | ---- | C] () -- C:\WINDOWS\System32\dlcjpmui.dll [2005/11/30 08:19:36 | 00,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcjutil.dll [2005/11/30 08:19:36 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcjpplc.dll [2005/11/30 08:19:36 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcjvs.dll [2005/11/30 08:19:36 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcjcur.dll [2005/11/30 08:19:34 | 00,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcjhbn3.dll [2005/11/30 08:19:34 | 00,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcjlmpm.dll [2005/11/30 08:19:34 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcjinsb.dll [2005/11/30 08:19:34 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcjins.dll [2005/11/30 08:19:32 | 00,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomc.dll [2005/11/30 08:19:32 | 00,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcjcomm.dll [2005/11/30 08:19:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcjcub.dll [2005/11/30 08:19:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcjcu.dll [2005/11/30 08:19:30 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcjcfg.dll [2005/11/30 08:18:06 | 00,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/08/16 20:52:01 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2005/08/16 04:50:36 | 03,712,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2005/08/16 04:50:00 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2005/08/16 04:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/08/16 04:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/16 04:18:43 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/16 04:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/16 04:18:33 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll [2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 14:16:00 | 00,000,618 | ---- | C] () -- C:\WINDOWS\System32\dlcjplc.ini [color="#E56717"]========== LOP Check ==========[/color] [2009/09/17 09:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\11300624 [2008/10/25 09:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard [2005/11/30 08:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009/10/23 01:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd [2008/01/23 19:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2007/03/29 14:07:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey [2009/05/12 21:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2008/10/23 16:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS [2008/10/23 04:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming [2009/05/12 21:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008/02/07 10:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/12/06 23:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2006/10/01 10:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoEgg [2007/02/08 14:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar [2009/06/29 10:05:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/16 10:06:17 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/11/18 09:49:58 | 00,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2004/08/10 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/11/18 09:59:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/11/18 09:55:00 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{06C192D7-0556-4524-8580-890DBFA8DADA}.job [2009/11/18 09:55:00 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{76E0F463-1A91-4248-B150-7742B07564B7}.job [color="#E56717"]========== Purity Check ==========[/color] [color="#E56717"]========== Custom Scans ==========[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\*.exe >[/color] [2009/11/07 17:35:14 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe [2009/11/07 17:35:08 | 07,280,672 | ---- | M] () -- C:\SUPERAntiSpyware.exe [2001/05/24 12:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE [color="#A23BEC"]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color] [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [2004/08/10 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll [color="#A23BEC"]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color] [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll [2004/08/10 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [color="#A23BEC"]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color] [2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 18:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll [2004/08/10 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll [color="#A23BEC"]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color] [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups03\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups12\DriverFiles\i386\atapi.sys [color="#A23BEC"]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color] [color="#A23BEC"]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color] [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys [2009/11/08 16:26:24 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [color="#A23BEC"]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color] < End of report >[/quote] [b][u]EXTRAS.TXT[/b][/u] [quote]Didn't get this file this time, did I do something wrong?[/quote] More ammendments needed??