Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PUP.MyWebSearch Registry value keeps re-appearing after removal

Started by KamUddi, Mar 21 2012 04:31 PM

MyWebSearch

You cannot reply to this topic
Go to first unread post

23 replies to this topic

#1
KamUddi

Posted 21 March 2012 - 04:31 PM

New Member

Members
11 posts

Hi, I would really appreciate your help as having a nightmare getting rid of this PUP.MyWebSearch registry value.

I have been having serious issues with the PC not allowing me to launch the web browser, intermittent login and shutdown success and generally slow PC performance. I have McAee Total Protection which did not detect anything.

However, MalwareBytes was great and found 2 infected registry values and deletes them successfully BUT after a reboot, I experience same symptoms and, after doing another scan (usually can only do this in safe mode), find the 2 culprits again! I have searched Program files/control panel Add/Remove and can't find anything relating to 'MyWebSearch'.

Please help! I have attached the 'dds' and 'attach' files.

Thanks in advance for any help you can give.

Kam

Attached Files

dds.txt 13.56K 19 downloads
attach.txt 29.24K 13 downloads

#2
Maniac

Posted 22 March 2012 - 06:19 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

Hello Kam and :welcome:

! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Quote

after doing another scan (usually can only do this in safe mode), find the 2 culprits again!

What is the problem in Normal mode with Malwarebytes' Anti-Malware?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3
KamUddi

Posted 22 March 2012 - 09:27 AM

New Member

Members
11 posts

Hi Maniac and thank you for replying.

Windows intermittently becomes unresponsive when attempting to login and sometimes doesn't launch MalwareBytes/Internet explorer and is sluggish. However, when I boot in Safe mode it seems to work and I'm able to open MalwareBytes and run a scan no problem. The problem isn't with MalwareBytes, moreso the PC performance in general. Sorry for not being clear!

Thanks,

Kam

#4
Maniac

Posted 22 March 2012 - 09:34 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

It is important to perform a scan in Normal mode. if you want, use Chameleon technology to do it:
http://forums.malwar...ndpost&p=434002

Post the log file with a new fresh DDS log file.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#5
KamUddi

Posted 22 March 2012 - 10:30 AM

New Member

Members
11 posts

Yikes!! Followed the instructions for launching Chameleon - I keep getting the blue screen of death a few minutes after I 'press Key to continue'. This happened twice.

Wasn't sure how to attach a picture of it here but it refers to DRIVER_IRQL_NOT_LESS_OR_EQUAL and mentions mbamchameleon.sys under technical information...beginning dump of physical memory etc

Thanks,

Kam

#6
Maniac

Posted 22 March 2012 - 10:48 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

What about if you update and perform a scan without Chameleon?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#7
KamUddi

Posted 23 March 2012 - 06:57 AM

New Member

Members
11 posts

Hi, managed to do a scan in Normal mode and but didn't discover anything. MalwareBytes stopped responding a few times.

Also, I have noticed (not entirely sure if it was there before) a suspicious looking shortcut icon on the desktop 'Spyware protection from AOL'. No programs relating to this in control panel's 'Add/Remove programs' or c:/program Files.

See scan log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.22.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin 2 :: SAMPAD [administrator]
Protection: Enabled
23/03/2012 10:42:49
mbam-log-2012-03-23 (10-42-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255965
Time elapsed: 19 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Thanks,

Kam

#8
Maniac

Posted 23 March 2012 - 10:37 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

I will take care for them, but this is legitimate - AOL's spyware protection program.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#9
KamUddi

Posted 23 March 2012 - 11:54 AM

New Member

Members
11 posts

Thanks,

OTL.txt:

OTL logfile created on: 23/03/2012 16:34:54 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Admin 2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 539.96 Mb Available Physical Memory | 53.23% Memory free
2.36 Gb Paging File | 1.62 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 24.96 Gb Free Space | 35.76% Space Free | Partition Type: NTFS
Drive E: | 199.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 752.77 Mb Total Space | 728.08 Mb Free Space | 96.72% Space Free | Partition Type: FAT

Computer Name: SAMPAD | User Name: Admin 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 16:31:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/09/30 08:11:18 | 001,195,488 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/04/08 13:59:50 | 000,419,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/04/15 11:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 10:08:20 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/11/16 21:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/03/31 09:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2003/12/09 12:03:08 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/11/20 10:21:54 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 13:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/15 11:51:22 | 000,126,088 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll
MOD - [2010/04/15 11:49:24 | 000,183,432 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
MOD - [2010/04/13 20:11:16 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll
MOD - [2010/03/29 07:36:50 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll
MOD - [2009/02/13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2005/01/20 22:18:18 | 000,009,728 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll
MOD - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/04/15 11:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/10/04 12:36:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008/01/25 10:08:20 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\99xzn.sys -- (99xzn.sys)
DRV - [2012/03/22 15:02:47 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2008/04/13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006/04/06 11:22:04 | 000,056,792 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw99rc.sys -- (hcw99rc)
DRV - [2006/04/06 11:21:08 | 000,118,850 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw70bda.sys -- (HCW77BDA)
DRV - [2005/12/04 16:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/21 05:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/14 13:41:10 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)
DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/11/25 14:59:00 | 000,040,544 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt92.sys -- (SunkFilt92)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{024547A8-B461-4699-9D76-52A3F6FA3735}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{2167781F-8E28-4B7C-AEE4-3D616FA94B1D}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{28EC4080-6C33-4A85-BF2A-FE0E7D23D54A}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{545CF7B0-1898-4112-BAB0-35D889C3E7A6}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{60264652-E6EC-4C21-A8FC-8653AED5986B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{741C6A31-217C-4FFC-9017-3C533431431C}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{78F3060C-8791-40B4-9BF2-D88B04FBD7B2}: "URL" = http://search.yahoo....Terms}&fr=yie7c

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.c...m/info/ie6.html
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.c...://uk.yahoo.com
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes,DefaultScope = {D50BB7D5-A481-4ED5-B7CA-7266AF097523}
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{27A90DBA-4476-47B4-BDA7-E48F02A8807B}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{33F1D760-AD8F-4F09-8EDB-69704243C1F8}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{7683F28A-979C-43BC-AB1D-564C52E15237}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{957FA347-EBF6-419B-AC5E-79C8F8AABC4D}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{A0F0CE52-D497-4132-9CC4-8EB98FB9860D}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{D0563F3F-DD00-4889-B38D-22F3C6CB4FC9}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{D50BB7D5-A481-4ED5-B7CA-7266AF097523}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 08:10:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/23 15:18:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 21:50:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 18:17:46 | 000,000,000 | ---D | M]

[2012/03/21 09:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin 2\Application Data\Mozilla\Extensions
[2011/05/10 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/21 21:50:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/01/25 10:09:10 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2012/02/21 21:50:03 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/21 21:50:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 21:50:03 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/21 21:50:03 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/11 10:55:20 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/21 21:50:03 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120106102708.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [shwicon2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photob...geUploader4.cab (PhotoBox uploader)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1169503548796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mypublisher....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.169.41.180 194.112.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{005860D1-6454-416D-80E4-ECE1FD510AEA}: DhcpNameServer = 217.169.41.180 194.112.32.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 16:33:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe
[2012/03/23 10:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Adobe
[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin 2\My Documents\My Videos
[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin 2\Start Menu\Programs\Administrative Tools
[2012/03/21 21:03:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin 2\Desktop\dds.scr
[2012/03/21 20:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft
[2012/03/21 09:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Malwarebytes
[2012/03/21 09:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\FileZilla
[2012/03/21 09:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Local Settings\Application Data\Mozilla
[2012/03/21 09:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Mozilla
[2012/03/20 12:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2012/03/20 12:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2012/03/20 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/20 10:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/20 10:48:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/20 10:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/19 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Apple Computer
[2012/03/19 20:23:54 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Admin 2\My Documents\McAfee Vaults
[2012/03/19 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Local Settings\Application Data\McAfee Anti-Theft
[2012/03/18 15:58:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin 2\IETldCache
[2012/03/18 09:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2012/03/18 09:05:12 | 000,000,000 | ---D | C] -- C:\4a115869fcabaac6b04570
[2012/03/16 07:41:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/01 12:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2012/03/01 12:06:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2012/03/01 12:06:26 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2012/03/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2012/03/01 12:04:50 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys
[2012/02/29 15:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin 2\*.tmp files -> C:\Documents and Settings\Admin 2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 16:31:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe
[2012/03/23 15:16:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/23 15:11:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/23 15:11:27 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 15:02:47 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/21 20:57:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin 2\Desktop\dds.scr
[2012/03/20 12:28:06 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/03/20 10:49:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/19 20:27:28 | 000,000,209 | ---- | M] () -- C:\boot.ini
[2012/03/18 15:58:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/18 15:58:35 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Admin 2\Desktop\Windows Media Player.lnk
[2012/03/18 15:39:46 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 09:05:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Admin 2\*.tmp files -> C:\Documents and Settings\Admin 2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 15:11:27 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/22 14:50:45 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/03/20 12:28:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2012/03/20 10:49:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 18:32:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/05 10:12:42 | 099,991,640 | ---- | C] () -- C:\Program Files\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2010/08/30 14:42:05 | 000,001,147 | ---- | C] () -- C:\WINDOWS\S194.INI
[2010/05/07 21:31:36 | 000,015,046 | ---- | C] () -- C:\WINDOWS\UN060501.INI
< End of report >

Extras.txt:

OTL Extras logfile created on: 23/03/2012 16:34:54 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Admin 2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 539.96 Mb Available Physical Memory | 53.23% Memory free
2.36 Gb Paging File | 1.62 Gb Available in Paging File | 68.45% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 24.96 Gb Free Space | 35.76% Space Free | Partition Type: NTFS
Drive E: | 199.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 752.77 Mb Total Space | 728.08 Mb Free Space | 96.72% Space Free | Partition Type: FAT

Computer Name: SAMPAD | User Name: Admin 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\BT Broadband 220V\BT Broadband Desktop Help\bin\BTHelpBrowser.exe" = C:\Program Files\BT Broadband 220V\BT Broadband Desktop Help\bin\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser -- (Motive Communications, Inc.)
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe" = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- (BUFFALO INC.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{4572B535-74A0-40B0-8235-080FC9986CDA}" = YAMAHA Digital Music Notebook
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{5ACEE621-933D-41DE-AAE9-2AE48638F935}" = Multimedia Card Reader
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BT Yahoo! Applications" = BT Yahoo! Applications
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"DellSupport" = Dell Support 5.0.0 (630)
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPNMotion" = ESPNMotion
"FileZilla Client" = FileZilla Client 3.5.3
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge TvTv Sync" = Hauppauge TvTv Sync
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{5ACEE621-933D-41DE-AAE9-2AE48638F935}" = Multimedia Card Reader
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NovaBACKUP" = NovaBACKUP
"ODSK" = Canon Utilities Original Data Security Tools
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S194 Introducing Astronomy" = S194 Introducing Astronomy
"Stellarium_is1" = Stellarium 0.7.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T189 ECA Helper_is1" = T189 ECA Helper
"UN060501" = BUFFALO NAS Navigator2
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/03/2012 05:04:48 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2968 (0xb98) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\dot3api.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:09:40 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5900 (0x170c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\MSC\mcregobj\11,0,630,0\mcregobj.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(31)(0) 4(31)(0)
7200(15)(0) 7595(15)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:09:40 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5960 (0x1748) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\mswsock.dll
by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:59:17 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 05:59:24 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 14:57:33 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4532 (0x11b4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\licwmi.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(16)(0) 4(16)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 15:17:19 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/03/2012 10:48:32 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 916 (0x394) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll
by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/03/2012 06:37:19 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3464 (0xd88) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/03/2012 07:45:15 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:50:46 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 23/03/2012 07:50:54 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/03/2012 07:54:31 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/03/2012 11:10:35 | Computer Name = SAMPAD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/03/2012 11:17:21 | Computer Name = SAMPAD | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 e1229088, parameter2 00000002, parameter3
00000000, parameter4 a89fd26e.

< End of report >

#10
Maniac

Posted 23 March 2012 - 03:44 PM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

Do you have any problem with WhiteSmoke anymore? I can't see any leftovers.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#11
KamUddi

Posted 26 March 2012 - 03:01 AM

New Member

Members
11 posts

Hi, I'm not sure I know what Whitesmoke is so I googlesd it - a traslation program? However, I don't remember installing it. Should I be suspicious as have seen that there are malware linked to this application?

#12
Maniac

Posted 26 March 2012 - 06:45 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

If you see something that could be related to WhiteSmoke, let me know.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#13
KamUddi

Posted 26 March 2012 - 10:30 AM

New Member

Members
11 posts

Hi Maniac,

I've had a look and cannot find any references to WhiteSmoke. Looked in 'Add/Remove Programs', 'Start>Programs' and 'c:\Program Files'. Where did you find reference to this?

Unfortuantely still the same problems. What else can you suggest? Shall I run a scan in Safe mode to see if PUP.MyWebSearch is still being found?

Again, really appreciate your help.

#14
Maniac

Posted 26 March 2012 - 11:28 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
*whitesmoke*
*white smoke*

:folderfind
*whitesmoke*
*white smoke*

:regfind
whitesmoke
white smoke

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#15
KamUddi

Posted 29 March 2012 - 10:46 AM

New Member

Members
11 posts

Hi Maniac,

Sorry for the delay.

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:37 on 29/03/2012 by Admin 2
Administrator - Elevation successful
========== filefind ==========
Searching for "*whitesmoke*"
No files found.
Searching for "*white smoke*"
No files found.
========== folderfind ==========
Searching for "*whitesmoke*"
No folders found.
Searching for "*white smoke*"
No folders found.
========== regfind ==========
Searching for "whitesmoke"
No data found.
Searching for "white smoke "
No data found.
-= EOF =-

Thanks

#16
Maniac

Posted 29 March 2012 - 02:23 PM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#17
KamUddi

Posted 30 March 2012 - 08:14 AM

New Member

Members
11 posts

Hi Thanks,

Please see below:

ComboFix 12-03-30.06 - Admin 2 30/03/2012 13:45:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.270 [GMT 1:00]
Running from: c:\documents and settings\Admin 2\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{4862344A-A39C-4897-ACD4-A1BED5163C5A}\PostBuild.exe
c:\documents and settings\Pad\GoToAssistDownloadHelper.exe
c:\documents and settings\Pad\WINDOWS
c:\documents and settings\Pad\WINDOWS\ehthumbs.db
c:\documents and settings\Sam\Favorites\GoogleToolbarInstaller.exe
c:\documents and settings\Sam\WINDOWS
c:\program files\CyberLink.v1730_36089_Spr_PTD110506-02.exe
c:\windows\kb913800.exe
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETD5.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-29 15:27 . 2012-03-29 15:27 -------- d-sh--w- c:\documents and settings\Admin 2\PrivacIE
2012-03-26 15:23 . 2012-03-26 15:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-22 14:50 . 2012-03-22 15:02 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-21 20:09 . 2012-03-21 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Anti-Theft
2012-03-21 14:42 . 2012-03-21 17:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wise Registry Cleaner
2012-03-21 14:39 . 2012-03-21 14:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\McAfee Anti-Theft
2012-03-21 12:16 . 2012-03-21 12:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-21 12:15 . 2012-03-21 12:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-21 09:20 . 2012-03-21 09:20 -------- d-----w- c:\documents and settings\Admin 2\Application Data\Malwarebytes
2012-03-21 09:02 . 2012-03-21 09:03 -------- d-----w- c:\documents and settings\Admin 2\Application Data\FileZilla
2012-03-21 09:02 . 2012-03-21 09:02 -------- d-----w- c:\documents and settings\Admin 2\Local Settings\Application Data\Mozilla
2012-03-20 12:28 . 2012-03-20 12:28 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-03-20 10:48 . 2012-03-20 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-20 10:48 . 2012-03-20 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-20 10:48 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 20:24 . 2012-03-19 20:24 -------- d-----w- c:\documents and settings\Admin 2\Application Data\Apple Computer
2012-03-19 20:23 . 2012-03-19 20:23 -------- d-----w- c:\documents and settings\Admin 2\Local Settings\Application Data\McAfee Anti-Theft
2012-03-18 15:58 . 2012-03-18 15:58 -------- d-sh--w- c:\documents and settings\Admin 2\IETldCache
2012-03-18 09:07 . 2012-03-18 15:39 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-18 09:05 . 2012-03-18 09:05 -------- d-----w- C:\4a115869fcabaac6b04570
2012-03-01 12:07 . 2012-03-01 12:07 -------- d-----w- c:\program files\McAfeeMOBK
2012-03-01 12:06 . 2010-04-13 20:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2012-03-01 12:06 . 2012-03-01 12:06 -------- d-----w- c:\program files\McAfee Online Backup
2012-03-01 12:04 . 2011-04-11 14:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:22 . 2005-08-16 04:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 18:32 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2005-08-16 04:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-11-14 13:01 . 2008-11-14 13:01 195440 -c--a-w- c:\program files\BBDesktopHelpv6.exe
2008-11-06 20:56 . 2008-11-06 20:55 2020680 -c--a-w- c:\program files\setup.exe
2006-09-17 17:46 . 2006-09-17 17:46 36636224 -c--a-w- c:\program files\iTunesSetup.exe
2012-02-21 21:50 . 2012-01-06 18:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2010-04-14 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"shwicon2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-11-20 139264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.sys
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\BT Broadband 220V\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [01/03/2012 13:04 64048]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [14/04/2010 20:24 89792]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [01/03/2012 13:06 54776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/03/2012 11:48 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/10/2008 10:40 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [14/04/2010 20:24 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [14/04/2010 20:24 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [13/09/2011 20:18 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [13/09/2011 20:17 150856]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 21:11 229688]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [15/04/2010 12:51 261256]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [14/04/2010 20:24 57600]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/03/2012 11:48 20464]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [14/04/2010 20:24 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [14/04/2010 20:24 83856]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 99xzn.sys;99xzn.sys;\??\c:\windows\system32\drivers\99xzn.sys --> c:\windows\system32\drivers\99xzn.sys [?]
S3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [27/08/2006 10:42 118850]
S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [27/08/2006 10:43 56792]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [22/03/2012 15:50 24064]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/03/2012 16:23 40776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [14/04/2010 20:24 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [14/04/2010 20:24 87656]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 SunkFilt92;Alcor Micro Corp - 9362;c:\windows\system32\drivers\Sunkfilt92.sys [25/11/2003 15:59 40544]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
*Deregistered* - xcpip
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
TCP: DhcpNameServer = 217.169.41.180 194.112.32.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Admin 2\Application Data\Mozilla\Firefox\Profiles\3l8vmn8v.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Amazon MP3 Downloader - c:\program files\Amazon\MP3 Downloader\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\stsystra.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Kontiki\KService.exe
c:\program files\BUFFALO\NASNAVI\nassvc.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\fxssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\System32\vssvc.exe
.
**************************************************************************
.
Completion time: 2012-03-30 14:06:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-30 13:06
.
Pre-Run: 26,707,750,912 bytes free
Post-Run: 29,375,078,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 485CC616BB24212A1F0E722D91FBF6D6

#18
Maniac

Posted 31 March 2012 - 03:39 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#19
KamUddi

Posted 02 April 2012 - 05:39 AM

New Member

Members
11 posts

MiniToolBox by Farbar Version: 18-01-2012
Ran by Admin 2 (administrator) on 02-04-2012 at 11:31:01
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Wireless Network Connection"
set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=static addr=192.168.0.1 mask=255.255.255.0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : SamPad
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : winsladeonline.com

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : winsladeonline.com
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-13-02-11-2F-7F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.1.29
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.0.0.5
DHCP Server . . . . . . . . . . . : 10.0.0.5
DNS Servers . . . . . . . . . . . : 217.169.41.180
194.112.32.1
Lease Obtained. . . . . . . . . . : 02 April 2012 11:09:57
Lease Expires . . . . . . . . . . : 05 April 2012 11:09:57

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-14-22-F0-62-46
DNS request timed out.
timeout was 2 seconds.
Server: ns-cache0.dircon.co.uk
Address: 194.112.32.1
Name: google.com
Addresses: 173.194.41.174, 173.194.41.161, 173.194.41.168, 173.194.41.166
173.194.41.169, 173.194.41.167, 173.194.41.162, 173.194.41.163, 173.194.41.165
173.194.41.164, 173.194.41.160

Pinging google.com [173.194.41.169] with 32 bytes of data:

Reply from 173.194.41.169: bytes=32 time=11ms TTL=53
Reply from 173.194.41.169: bytes=32 time=17ms TTL=53

Ping statistics for 173.194.41.169:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 17ms, Average = 14ms
DNS request timed out.
timeout was 2 seconds.
Server: ns-cache0.dircon.co.uk
Address: 194.112.32.1
Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=373ms TTL=49
Reply from 209.191.122.70: bytes=32 time=309ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 309ms, Maximum = 373ms, Average = 341ms
DNS request timed out.
timeout was 2 seconds.
Server: ns-cache0.dircon.co.uk
Address: 194.112.32.1
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 11 2f 7f ...... Intel® PRO/Wireless 3945ABG Network Connection - McAfee Core NDIS Intermediate Filter Miniport
0x10004 ...00 14 22 f0 62 46 ...... Broadcom 440x 10/100 Integrated Controller - McAfee Core NDIS Intermediate Filter Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.5 10.0.1.29 25
10.0.0.0 255.255.0.0 10.0.1.29 10.0.1.29 25
10.0.1.29 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.1.29 10.0.1.29 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.1.29 10.0.1.29 20
224.0.0.0 240.0.0.0 10.0.1.29 10.0.1.29 25
255.255.255.255 255.255.255.255 10.0.1.29 10004 1
255.255.255.255 255.255.255.255 10.0.1.29 10.0.1.29 1
Default Gateway: 10.0.0.5
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (03/30/2012 01:25:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
Error: (03/30/2012 01:25:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
Error: (03/30/2012 01:25:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
Error: (03/30/2012 01:24:19 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated.
Thread id : 3312 (0xcf0)
Thread address : 0x7C90E514
Thread message :
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\onex.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/29/2012 04:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
Error: (03/29/2012 04:27:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved
Error: (03/29/2012 04:25:20 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated.
Thread id : 2644 (0xa54)
Thread address : 0x7C90E514
Thread message :
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/23/2012 00:45:15 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.60.0.61, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/23/2012 11:37:19 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated.
Thread id : 3464 (0xd88)
Thread address : 0x7C90E514
Thread message :
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/22/2012 03:48:32 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.
The process will be terminated.
Thread id : 916 (0x394)
Thread address : 0x7C90E514
Thread message :
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll
by C:\WINDOWS\system32\rundll32.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

System errors:
=============
Error: (04/02/2012 11:14:13 AM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.
Error: (03/30/2012 02:46:49 PM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.
Error: (03/30/2012 02:37:12 PM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.
Error: (03/30/2012 02:03:19 PM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.
Error: (03/30/2012 01:25:51 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (03/30/2012 01:25:49 PM) (Source: Service Control Manager) (User: )
Description: The McAfee VirusScan Announcer service hung on starting.
Error: (03/30/2012 01:25:49 PM) (Source: Service Control Manager) (User: )
Description: The KService service hung on starting.
Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
%%1053
Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
%%1053
Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (03/30/2012 01:25:59 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved
Error: (03/30/2012 01:25:59 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved
Error: (03/30/2012 01:25:58 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved
Error: (03/30/2012 01:24:19 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003312 (0xcf0)0x7C90E514
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\onex.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/29/2012 04:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved
Error: (03/29/2012 04:27:05 PM) (Source: crypt32)(User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved
Error: (03/29/2012 04:25:20 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002644 (0xa54)0x7C90E514
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/23/2012 00:45:15 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.60.0.61hungapp0.0.0.000000000
Error: (03/23/2012 11:37:19 AM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003464 (0xd88)0x7C90E514
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
Error: (03/22/2012 03:48:32 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe90000916 (0x394)0x7C90E514
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll
by C:\WINDOWS\system32\rundll32.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

=========================== Installed Programs ============================
Adobe AIR (Version: 2.6.0.19120)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader 8.1.2 (Version: 8.1.2)
Adobe Stock Photos 1.0 (Version: 1.0.8)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ARTEuro (Version: 1.00.0000)
AviSynth 2.5
BBC iPlayer Desktop (Version: 3.0.10)
BBC iPlayer Download Manager (Version: 1.6.2407)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 8.65.05)
BT Yahoo! Applications
BUFFALO LinkStation(LS-CHL) Setup Guide
BUFFALO NAS Navigator2
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera WIA Driver (Version: 5.5)
Canon Camera WIA Driver (Version: 5.7)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon EOS-1Ds Mark II WIA Driver (Version: 5.5)
Canon EOS 5D WIA Driver (Version: 5.7)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.6.0.13)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.0.0)
Canon Utilities EOS Utility (Version: 2.10.0.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Original Data Security Tools (Version: 1.0.1.4)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities WFT-E1/E2 Utility (Version: 3.0.1.14)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Support 5.0.0 (630)
Dell System Restore (Version: 2.00.0000)
Digital Line Detect (Version: 1.15)
EPSON Printer Software
ESPNMotion (Version: 2.1.6.0011)
FileZilla Client 3.5.3 (Version: 3.5.3)
Hauppauge English Help Files and Resources
Hauppauge TvTv Sync
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4431)
Internal Network Card Power Management (Version: 1.7.2)
Internet Explorer Default Page (Version: 1.00.03)
InterVideo FilterSDK for Hauppauge
iPod for Windows 2005-03-23 (Version: 3.8.0)
iTunes (Version: 10.5.3.3)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee Online Backup
McAfee Online Backup (Version: 1.16.4.0)
McAfee Total Protection (Version: 11.0.654)
McAfee Virtual Technician (Version: 5.0.1.0)
McAfee Virtual Technician (Version: 5.5.0.0)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Modem Helper (Version: 3.01)
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 3.00)
NetWaiting (Version: 2.5.23)
NovaBACKUP (Version: 11.1.14)
Otto
PowerDVD 5.7
QuickTime (Version: 7.71.80.42)
S194 Introducing Astronomy
Sonic Encoders (Version: 1.00)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Copy (Version: 2.0.0.1)
Sonic RecordNow Data (Version: 2.0.0.1)
Sonic Update Manager (Version: 3.0.0)
Stellarium 0.7.1
Synaptics Pointing Device Driver (Version: 8.2.4.3)
T189 ECA Helper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061017.133151)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Wise Registry Cleaner 6.21
Xvid 1.1.3 final uninstall (Version: 1.1)
YAMAHA Digital Music Notebook (Version: 2.4.23.2)
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 53%
Total physical RAM: 1014.37 MB
Available physical RAM: 467.7 MB
Total Pagefile: 2417.01 MB
Available Pagefile: 1660.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.22 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:69.82 GB) (Free:27.38 GB) NTFS
========================= Users: ========================================
User accounts for \\SAMPAD
Admin 2 Administrator Guest
HelpAssistant Pad Sam
SUPPORT_388945a0
========================= Minidump Files ==================================
C:\WINDOWS\Minidump\Mini012108-01.dmp
C:\WINDOWS\Minidump\Mini012608-01.dmp
C:\WINDOWS\Minidump\Mini032212-01.dmp
C:\WINDOWS\Minidump\Mini032312-01.dmp
C:\WINDOWS\Minidump\Mini101307-01.dmp
C:\WINDOWS\Minidump\Mini112208-01.dmp
**** End of log ****

Thanks,

Kam

#20
Maniac

Posted 02 April 2012 - 06:57 AM

Forum Deity

Experts
16,969 posts

Gender:Male
Location:Bulgaria, EU

How are things now, Kam?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

PUP.MyWebSearch Registry value keeps re-appearing after removal

#1
KamUddi

Posted 21 March 2012 - 04:31 PM

Attached Files

#2
Maniac

Posted 22 March 2012 - 06:19 AM

#3
KamUddi

Posted 22 March 2012 - 09:27 AM

#4
Maniac

Posted 22 March 2012 - 09:34 AM

#5
KamUddi

Posted 22 March 2012 - 10:30 AM

#6
Maniac

Posted 22 March 2012 - 10:48 AM

#7
KamUddi

Posted 23 March 2012 - 06:57 AM

#8
Maniac

Posted 23 March 2012 - 10:37 AM

#9
KamUddi

Posted 23 March 2012 - 11:54 AM

#10
Maniac

Posted 23 March 2012 - 03:44 PM

#11
KamUddi

Posted 26 March 2012 - 03:01 AM

#12
Maniac

Posted 26 March 2012 - 06:45 AM

#13
KamUddi

Posted 26 March 2012 - 10:30 AM

#14
Maniac

Posted 26 March 2012 - 11:28 AM

#15
KamUddi

Posted 29 March 2012 - 10:46 AM

#16
Maniac

Posted 29 March 2012 - 02:23 PM

#17
KamUddi

Posted 30 March 2012 - 08:14 AM

#18
Maniac

Posted 31 March 2012 - 03:39 AM

#19
KamUddi

Posted 02 April 2012 - 05:39 AM

#20
Maniac

Posted 02 April 2012 - 06:57 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

PUP.MyWebSearch Registry value keeps re-appearing after removal

#1 KamUddi Posted 21 March 2012 - 04:31 PM

Attached Files

#2 Maniac Posted 22 March 2012 - 06:19 AM

#3 KamUddi Posted 22 March 2012 - 09:27 AM

#4 Maniac Posted 22 March 2012 - 09:34 AM

#5 KamUddi Posted 22 March 2012 - 10:30 AM

#6 Maniac Posted 22 March 2012 - 10:48 AM

#7 KamUddi Posted 23 March 2012 - 06:57 AM

#8 Maniac Posted 23 March 2012 - 10:37 AM

#9 KamUddi Posted 23 March 2012 - 11:54 AM

#10 Maniac Posted 23 March 2012 - 03:44 PM

#11 KamUddi Posted 26 March 2012 - 03:01 AM

#12 Maniac Posted 26 March 2012 - 06:45 AM

#13 KamUddi Posted 26 March 2012 - 10:30 AM

#14 Maniac Posted 26 March 2012 - 11:28 AM

#15 KamUddi Posted 29 March 2012 - 10:46 AM

#16 Maniac Posted 29 March 2012 - 02:23 PM

#17 KamUddi Posted 30 March 2012 - 08:14 AM

#18 Maniac Posted 31 March 2012 - 03:39 AM

#19 KamUddi Posted 02 April 2012 - 05:39 AM

#20 Maniac Posted 02 April 2012 - 06:57 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#1
KamUddi

Posted 21 March 2012 - 04:31 PM

#2
Maniac

Posted 22 March 2012 - 06:19 AM

#3
KamUddi

Posted 22 March 2012 - 09:27 AM

#4
Maniac

Posted 22 March 2012 - 09:34 AM

#5
KamUddi

Posted 22 March 2012 - 10:30 AM

#6
Maniac

Posted 22 March 2012 - 10:48 AM

#7
KamUddi

Posted 23 March 2012 - 06:57 AM

#8
Maniac

Posted 23 March 2012 - 10:37 AM

#9
KamUddi

Posted 23 March 2012 - 11:54 AM

#10
Maniac

Posted 23 March 2012 - 03:44 PM

#11
KamUddi

Posted 26 March 2012 - 03:01 AM

#12
Maniac

Posted 26 March 2012 - 06:45 AM

#13
KamUddi

Posted 26 March 2012 - 10:30 AM

#14
Maniac

Posted 26 March 2012 - 11:28 AM

#15
KamUddi

Posted 29 March 2012 - 10:46 AM

#16
Maniac

Posted 29 March 2012 - 02:23 PM

#17
KamUddi

Posted 30 March 2012 - 08:14 AM

#18
Maniac

Posted 31 March 2012 - 03:39 AM

#19
KamUddi

Posted 02 April 2012 - 05:39 AM

#20
Maniac

Posted 02 April 2012 - 06:57 AM