KamUddi

PUP.MyWebSearch Registry value keeps re-appearing after removal

24 posts in this topic

Hi, I would really appreciate your help as having a nightmare getting rid of this PUP.MyWebSearch registry value.

I have been having serious issues with the PC not allowing me to launch the web browser, intermittent login and shutdown success and generally slow PC performance. I have McAee Total Protection which did not detect anything.

However, MalwareBytes was great and found 2 infected registry values and deletes them successfully BUT after a reboot, I experience same symptoms and, after doing another scan (usually can only do this in safe mode), find the 2 culprits again! I have searched Program files/control panel Add/Remove and can't find anything relating to 'MyWebSearch'.

Please help! I have attached the 'dds' and 'attach' files.

Thanks in advance for any help you can give.

Kam

dds.txt

attach.txt

Share this post


Link to post
Share on other sites

Hello Kam and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

after doing another scan (usually can only do this in safe mode), find the 2 culprits again!

What is the problem in Normal mode with Malwarebytes' Anti-Malware?

Share this post


Link to post
Share on other sites

Hi Maniac and thank you for replying.

Windows intermittently becomes unresponsive when attempting to login and sometimes doesn't launch MalwareBytes/Internet explorer and is sluggish. However, when I boot in Safe mode it seems to work and I'm able to open MalwareBytes and run a scan no problem. The problem isn't with MalwareBytes, moreso the PC performance in general. Sorry for not being clear!

Thanks,

Kam

Share this post


Link to post
Share on other sites

Yikes!! Followed the instructions for launching Chameleon - I keep getting the blue screen of death a few minutes after I 'press Key to continue'. This happened twice.

Wasn't sure how to attach a picture of it here but it refers to DRIVER_IRQL_NOT_LESS_OR_EQUAL and mentions mbamchameleon.sys under technical information...beginning dump of physical memory etc

Thanks,

Kam

Share this post


Link to post
Share on other sites

What about if you update and perform a scan without Chameleon?

Share this post


Link to post
Share on other sites

Hi, managed to do a scan in Normal mode and but didn't discover anything. MalwareBytes stopped responding a few times.

Also, I have noticed (not entirely sure if it was there before) a suspicious looking shortcut icon on the desktop 'Spyware protection from AOL'. No programs relating to this in control panel's 'Add/Remove programs' or c:/program Files.

See scan log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.22.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Admin 2 :: SAMPAD [administrator]

Protection: Enabled

23/03/2012 10:42:49

mbam-log-2012-03-23 (10-42-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255965

Time elapsed: 19 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks,

Kam

Share this post


Link to post
Share on other sites

I will take care for them, but this is legitimate - AOL's spyware protection program.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Thanks,

OTL.txt:

OTL logfile created on: 23/03/2012 16:34:54 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Admin 2\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 539.96 Mb Available Physical Memory | 53.23% Memory free

2.36 Gb Paging File | 1.62 Gb Available in Paging File | 68.45% Paging File free

Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.82 Gb Total Space | 24.96 Gb Free Space | 35.76% Space Free | Partition Type: NTFS

Drive E: | 199.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 752.77 Mb Total Space | 728.08 Mb Free Space | 96.72% Space Free | Partition Type: FAT

Computer Name: SAMPAD | User Name: Admin 2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 16:31:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2011/09/30 08:11:18 | 001,195,488 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe

PRC - [2011/04/08 13:59:50 | 000,419,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe

PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/04/15 11:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe

PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe

PRC - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe

PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/25 10:08:20 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2005/11/16 21:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/03/31 09:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe

PRC - [2003/12/09 12:03:08 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe

PRC - [2003/11/20 10:21:54 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe

PRC - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 13:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/04/15 11:51:22 | 000,126,088 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll

MOD - [2010/04/15 11:49:24 | 000,183,432 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll

MOD - [2010/04/13 20:11:16 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll

MOD - [2010/03/29 07:36:50 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll

MOD - [2009/02/13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll

MOD - [2009/02/13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll

MOD - [2009/02/13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll

MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

MOD - [2005/01/20 22:18:18 | 000,009,728 | ---- | M] () -- C:\Program Files\Yahoo!\browser\YCommonPS.dll

MOD - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/04/15 11:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)

SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2009/10/04 12:36:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/05/15 10:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)

SRV - [2008/01/25 10:08:20 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\s24trans.sys -- (s24trans)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)

DRV - File not found [Kernel | On_Demand | Stopped] -- c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS -- (MRENDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\99xzn.sys -- (99xzn.sys)

DRV - [2012/03/22 15:02:47 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2011/04/11 14:29:16 | 000,064,048 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\McPvDrv.sys -- (McPvDrv)

DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)

DRV - [2008/04/13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)

DRV - [2006/04/06 11:22:04 | 000,056,792 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw99rc.sys -- (hcw99rc)

DRV - [2006/04/06 11:21:08 | 000,118,850 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcw70bda.sys -- (HCW77BDA)

DRV - [2005/12/04 16:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®

DRV - [2005/11/21 05:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2005/11/14 13:41:10 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | On_Demand | Running] -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv)

DRV - [2005/08/05 16:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2005/07/14 22:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2005/07/13 00:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

DRV - [2003/11/25 14:59:00 | 000,040,544 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt92.sys -- (SunkFilt92)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{024547A8-B461-4699-9D76-52A3F6FA3735}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{2167781F-8E28-4B7C-AEE4-3D616FA94B1D}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{28EC4080-6C33-4A85-BF2A-FE0E7D23D54A}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{545CF7B0-1898-4112-BAB0-35D889C3E7A6}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{60264652-E6EC-4C21-A8FC-8653AED5986B}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{741C6A31-217C-4FFC-9017-3C533431431C}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

IE - HKLM\..\SearchScopes\{78F3060C-8791-40B4-9BF2-D88B04FBD7B2}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.docs.yahoo.com/info/ie6.html

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes,DefaultScope = {D50BB7D5-A481-4ED5-B7CA-7266AF097523}

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{27A90DBA-4476-47B4-BDA7-E48F02A8807B}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{33F1D760-AD8F-4F09-8EDB-69704243C1F8}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{7683F28A-979C-43BC-AB1D-564C52E15237}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{957FA347-EBF6-419B-AC5E-79C8F8AABC4D}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{A0F0CE52-D497-4132-9CC4-8EB98FB9860D}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{D0563F3F-DD00-4889-B38D-22F3C6CB4FC9}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\SearchScopes\{D50BB7D5-A481-4ED5-B7CA-7266AF097523}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c

IE - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 08:10:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/23 15:18:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 21:50:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/22 18:17:46 | 000,000,000 | ---D | M]

[2012/03/21 09:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin 2\Application Data\Mozilla\Extensions

[2011/05/10 17:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/21 21:50:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2008/01/25 10:09:10 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll

[2012/02/21 21:50:03 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/02/21 21:50:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/21 21:50:03 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/02/21 21:50:03 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/02/11 10:55:20 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/02/21 21:50:03 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)

O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120106102708.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [shwicon2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()

O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)

O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\S-1-5-21-2878181174-528135610-1893192212-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photobox.co.uk/sg/common/ImageUploader4.cab (PhotoBox uploader)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169503548796 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mypublisher.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.169.41.180 194.112.32.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{005860D1-6454-416D-80E4-ECE1FD510AEA}: DhcpNameServer = 217.169.41.180 194.112.32.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Admin 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin 2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (ntoskrnl.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/23 16:33:27 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe

[2012/03/23 10:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Adobe

[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin 2\My Documents\My Videos

[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures

[2012/03/21 21:05:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin 2\Start Menu\Programs\Administrative Tools

[2012/03/21 21:03:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin 2\Desktop\dds.scr

[2012/03/21 20:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Anti-Theft

[2012/03/21 09:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Malwarebytes

[2012/03/21 09:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\FileZilla

[2012/03/21 09:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Local Settings\Application Data\Mozilla

[2012/03/21 09:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Mozilla

[2012/03/20 12:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner

[2012/03/20 12:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner

[2012/03/20 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/20 10:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/20 10:48:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/20 10:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/19 20:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Application Data\Apple Computer

[2012/03/19 20:23:54 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Admin 2\My Documents\McAfee Vaults

[2012/03/19 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin 2\Local Settings\Application Data\McAfee Anti-Theft

[2012/03/18 15:58:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin 2\IETldCache

[2012/03/18 09:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

[2012/03/18 09:05:12 | 000,000,000 | ---D | C] -- C:\4a115869fcabaac6b04570

[2012/03/16 07:41:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/03/01 12:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK

[2012/03/01 12:06:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup

[2012/03/01 12:06:26 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys

[2012/03/01 12:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup

[2012/03/01 12:04:50 | 000,064,048 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\McPvDrv.sys

[2012/02/29 15:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Admin 2\*.tmp files -> C:\Documents and Settings\Admin 2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/23 16:31:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin 2\Desktop\OTL.exe

[2012/03/23 15:16:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/23 15:11:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/23 15:11:27 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/22 15:02:47 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/03/21 20:57:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin 2\Desktop\dds.scr

[2012/03/20 12:28:06 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk

[2012/03/20 10:49:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/19 20:27:28 | 000,000,209 | ---- | M] () -- C:\boot.ini

[2012/03/18 15:58:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/03/18 15:58:35 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Admin 2\Desktop\Windows Media Player.lnk

[2012/03/18 15:39:46 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/18 09:05:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Admin 2\*.tmp files -> C:\Documents and Settings\Admin 2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/23 15:11:27 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys

[2012/03/22 14:50:45 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys

[2012/03/20 12:28:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk

[2012/03/20 10:49:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/16 18:32:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/06/05 10:12:42 | 099,991,640 | ---- | C] () -- C:\Program Files\CyberLink.v1730_36089_Spr_PTD110506-02.exe

[2010/08/30 14:42:05 | 000,001,147 | ---- | C] () -- C:\WINDOWS\S194.INI

[2010/05/07 21:31:36 | 000,015,046 | ---- | C] () -- C:\WINDOWS\UN060501.INI

< End of report >

Extras.txt:

OTL Extras logfile created on: 23/03/2012 16:34:54 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Admin 2\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 539.96 Mb Available Physical Memory | 53.23% Memory free

2.36 Gb Paging File | 1.62 Gb Available in Paging File | 68.45% Paging File free

Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.82 Gb Total Space | 24.96 Gb Free Space | 35.76% Space Free | Partition Type: NTFS

Drive E: | 199.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 752.77 Mb Total Space | 728.08 Mb Free Space | 96.72% Space Free | Partition Type: FAT

Computer Name: SAMPAD | User Name: Admin 2 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)

"C:\Program Files\BT Broadband 220V\BT Broadband Desktop Help\bin\BTHelpBrowser.exe" = C:\Program Files\BT Broadband 220V\BT Broadband Desktop Help\bin\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help Browser -- (Motive Communications, Inc.)

"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe" = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- (BUFFALO INC.)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP

"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop

"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23

"{4572B535-74A0-40B0-8235-080FC9986CDA}" = YAMAHA Digital Music Notebook

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{5ACEE621-933D-41DE-AAE9-2AE48638F935}" = Multimedia Card Reader

"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9

"AviSynth" = AviSynth 2.5

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"BBC iPlayer Download Manager" = BBC iPlayer Download Manager

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"BT Yahoo! Applications" = BT Yahoo! Applications

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CSCLIB" = Canon Camera Support Core Library

"DellSupport" = Dell Support 5.0.0 (630)

"DPP" = Canon Utilities Digital Photo Professional 3.10

"EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

"EOS Utility" = Canon Utilities EOS Utility

"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

"EPSON Printer and Utilities" = EPSON Printer Software

"ESPNMotion" = ESPNMotion

"FileZilla Client" = FileZilla Client 3.5.3

"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources

"Hauppauge TvTv Sync" = Hauppauge TvTv Sync

"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote

"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler

"Hauppauge WinTV2000" = Hauppauge WinTV2000

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23

"InstallShield_{5ACEE621-933D-41DE-AAE9-2AE48638F935}" = Multimedia Card Reader

"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)

"MSC" = McAfee Total Protection

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NovaBACKUP" = NovaBACKUP

"ODSK" = Canon Utilities Original Data Security Tools

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"S194 Introducing Astronomy" = S194 Introducing Astronomy

"Stellarium_is1" = Stellarium 0.7.1

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"T189 ECA Helper_is1" = T189 ECA Helper

"UN060501" = BUFFALO NAS Navigator2

"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide

"WFTK" = Canon Utilities WFT-E1/E2 Utility

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.21

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.1.3 final uninstall

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 21/03/2012 05:04:48 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 2968 (0xb98) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\dot3api.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:09:40 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 5900 (0x170c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\McAfee\MSC\mcregobj\11,0,630,0\mcregobj.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(31)(0) 4(31)(0)

7200(15)(0) 7595(15)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:09:40 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 5960 (0x1748) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\mswsock.dll

by C:\WINDOWS\system32\services.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 05:59:17 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 05:59:24 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 21/03/2012 14:57:33 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4532 (0x11b4) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\licwmi.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(16)(0) 4(16)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21/03/2012 15:17:19 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 22/03/2012 10:48:32 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 916 (0x394) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll

by C:\WINDOWS\system32\rundll32.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/03/2012 06:37:19 | Computer Name = SAMPAD | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 3464 (0xd88) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.380

/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 23/03/2012 07:45:15 | Computer Name = SAMPAD | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNaiAnn with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNaiAnn with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNaiAnn with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNaiAnn with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:49:57 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNaiAnn with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 23/03/2012 07:50:46 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 23/03/2012 07:50:54 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/03/2012 07:54:31 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23/03/2012 11:10:35 | Computer Name = SAMPAD | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23/03/2012 11:17:21 | Computer Name = SAMPAD | Source = System Error | ID = 1003

Description = Error code 100000d1, parameter1 e1229088, parameter2 00000002, parameter3

00000000, parameter4 a89fd26e.

< End of report >

Share this post


Link to post
Share on other sites

Do you have any problem with WhiteSmoke anymore? I can't see any leftovers.

Share this post


Link to post
Share on other sites

Hi, I'm not sure I know what Whitesmoke is so I googlesd it - a traslation program? However, I don't remember installing it. Should I be suspicious as have seen that there are malware linked to this application?

Share this post


Link to post
Share on other sites

If you see something that could be related to WhiteSmoke, let me know.

Share this post


Link to post
Share on other sites

Hi Maniac,

I've had a look and cannot find any references to WhiteSmoke. Looked in 'Add/Remove Programs', 'Start>Programs' and 'c:\Program Files'. Where did you find reference to this?

Unfortuantely still the same problems. What else can you suggest? Shall I run a scan in Safe mode to see if PUP.MyWebSearch is still being found?

Again, really appreciate your help.

Share this post


Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *whitesmoke*
    *white smoke*

    :folderfind
    *whitesmoke*
    *white smoke*

    :regfind
    whitesmoke
    white smoke


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

Hi Maniac,

Sorry for the delay.

Here are the results:

SystemLook 30.07.11 by jpshortstuff

Log created at 16:37 on 29/03/2012 by Admin 2

Administrator - Elevation successful

========== filefind ==========

Searching for "*whitesmoke*"

No files found.

Searching for "*white smoke*"

No files found.

========== folderfind ==========

Searching for "*whitesmoke*"

No folders found.

Searching for "*white smoke*"

No folders found.

========== regfind ==========

Searching for "whitesmoke"

No data found.

Searching for "white smoke "

No data found.

-= EOF =-

Thanks

Share this post


Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Hi Thanks,

Please see below:

ComboFix 12-03-30.06 - Admin 2 30/03/2012 13:45:24.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.270 [GMT 1:00]

Running from: c:\documents and settings\Admin 2\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{4862344A-A39C-4897-ACD4-A1BED5163C5A}\PostBuild.exe

c:\documents and settings\Pad\GoToAssistDownloadHelper.exe

c:\documents and settings\Pad\WINDOWS

c:\documents and settings\Pad\WINDOWS\ehthumbs.db

c:\documents and settings\Sam\Favorites\GoogleToolbarInstaller.exe

c:\documents and settings\Sam\WINDOWS

c:\program files\CyberLink.v1730_36089_Spr_PTD110506-02.exe

c:\windows\kb913800.exe

c:\windows\system32\SETC5.tmp

c:\windows\system32\SETC7.tmp

c:\windows\system32\SETD5.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))))

.

.

2012-03-29 15:27 . 2012-03-29 15:27 -------- d-sh--w- c:\documents and settings\Admin 2\PrivacIE

2012-03-26 15:23 . 2012-03-26 15:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-22 14:50 . 2012-03-22 15:02 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-21 20:09 . 2012-03-21 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Anti-Theft

2012-03-21 14:42 . 2012-03-21 17:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wise Registry Cleaner

2012-03-21 14:39 . 2012-03-21 14:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\McAfee Anti-Theft

2012-03-21 12:16 . 2012-03-21 12:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-03-21 12:15 . 2012-03-21 12:15 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-21 09:20 . 2012-03-21 09:20 -------- d-----w- c:\documents and settings\Admin 2\Application Data\Malwarebytes

2012-03-21 09:02 . 2012-03-21 09:03 -------- d-----w- c:\documents and settings\Admin 2\Application Data\FileZilla

2012-03-21 09:02 . 2012-03-21 09:02 -------- d-----w- c:\documents and settings\Admin 2\Local Settings\Application Data\Mozilla

2012-03-20 12:28 . 2012-03-20 12:28 -------- d-----w- c:\program files\Wise Registry Cleaner

2012-03-20 10:48 . 2012-03-20 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-20 10:48 . 2012-03-20 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-20 10:48 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-19 20:24 . 2012-03-19 20:24 -------- d-----w- c:\documents and settings\Admin 2\Application Data\Apple Computer

2012-03-19 20:23 . 2012-03-19 20:23 -------- d-----w- c:\documents and settings\Admin 2\Local Settings\Application Data\McAfee Anti-Theft

2012-03-18 15:58 . 2012-03-18 15:58 -------- d-sh--w- c:\documents and settings\Admin 2\IETldCache

2012-03-18 09:07 . 2012-03-18 15:39 -------- d-----w- c:\windows\system32\MpEngineStore

2012-03-18 09:05 . 2012-03-18 09:05 -------- d-----w- C:\4a115869fcabaac6b04570

2012-03-01 12:07 . 2012-03-01 12:07 -------- d-----w- c:\program files\McAfeeMOBK

2012-03-01 12:06 . 2010-04-13 20:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys

2012-03-01 12:06 . 2012-03-01 12:06 -------- d-----w- c:\program files\McAfee Online Backup

2012-03-01 12:04 . 2011-04-11 14:29 64048 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-03 09:22 . 2005-08-16 04:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-16 18:32 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2005-08-16 04:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-11-14 13:01 . 2008-11-14 13:01 195440 -c--a-w- c:\program files\BBDesktopHelpv6.exe

2008-11-06 20:56 . 2008-11-06 20:55 2020680 -c--a-w- c:\program files\setup.exe

2006-09-17 17:46 . 2006-09-17 17:46 36636224 -c--a-w- c:\program files\iTunesSetup.exe

2012-02-21 21:50 . 2012-01-06 18:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 13:01 . 2010-04-14 19:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]

"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]

"shwicon2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-11-20 139264]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]

"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 419904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.sys

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\BT Broadband 220V\\BT Broadband Desktop Help\\bin\\BTHelpBrowser.exe"=

"c:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [01/03/2012 13:04 64048]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [14/04/2010 20:24 89792]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [01/03/2012 13:06 54776]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/03/2012 11:48 652360]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/10/2008 10:40 95200]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [14/04/2010 20:24 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [14/04/2010 20:24 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [13/09/2011 20:18 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [13/09/2011 20:17 150856]

R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 21:11 229688]

R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\nsService.exe [15/04/2010 12:51 261256]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [14/04/2010 20:24 57600]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/03/2012 11:48 20464]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [14/04/2010 20:24 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [14/04/2010 20:24 83856]

R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 99xzn.sys;99xzn.sys;\??\c:\windows\system32\drivers\99xzn.sys --> c:\windows\system32\drivers\99xzn.sys [?]

S3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [27/08/2006 10:42 118850]

S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [27/08/2006 10:43 56792]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [22/03/2012 15:50 24064]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26/03/2012 16:23 40776]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [14/04/2010 20:24 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [14/04/2010 20:24 87656]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]

S3 SunkFilt92;Alcor Micro Corp - 9362;c:\windows\system32\drivers\Sunkfilt92.sys [25/11/2003 15:59 40544]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

*Deregistered* - xcpip

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway

TCP: DhcpNameServer = 217.169.41.180 194.112.32.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab

FF - ProfilePath - c:\documents and settings\Admin 2\Application Data\Mozilla\Firefox\Profiles\3l8vmn8v.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Amazon MP3 Downloader - c:\program files\Amazon\MP3 Downloader\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-30 14:03

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1784)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\stsystra.exe

c:\progra~1\Yahoo!\browser\ycommon.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Kontiki\KService.exe

c:\program files\BUFFALO\NASNAVI\nassvc.exe

c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\rundll32.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\fxssvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\dllhost.exe

c:\windows\System32\vssvc.exe

.

**************************************************************************

.

Completion time: 2012-03-30 14:06:28 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-30 13:06

.

Pre-Run: 26,707,750,912 bytes free

Post-Run: 29,375,078,400 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 485CC616BB24212A1F0E722D91FBF6D6

Share this post


Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Share this post


Link to post
Share on other sites

MiniToolBox by Farbar Version: 18-01-2012

Ran by Admin 2 (administrator) on 02-04-2012 at 11:31:01

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)

1394 Net Adapter = 1394 Connection (Connected)

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)

# ----------------------------------

# Interface IP Configuration

# ----------------------------------

pushd interface ip

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp

set dns name="Wireless Network Connection" source=dhcp register=PRIMARY

set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.0.1 mask=255.255.255.0

set dns name="Local Area Connection" source=static addr=none register=PRIMARY

set wins name="Local Area Connection" source=static addr=none

popd

# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : SamPad

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : winsladeonline.com

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : winsladeonline.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-11-2F-7F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.1.29

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 10.0.0.5

DHCP Server . . . . . . . . . . . : 10.0.0.5

DNS Servers . . . . . . . . . . . : 217.169.41.180

194.112.32.1

Lease Obtained. . . . . . . . . . : 02 April 2012 11:09:57

Lease Expires . . . . . . . . . . : 05 April 2012 11:09:57

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-14-22-F0-62-46

DNS request timed out.

timeout was 2 seconds.

Server: ns-cache0.dircon.co.uk

Address: 194.112.32.1

Name: google.com

Addresses: 173.194.41.174, 173.194.41.161, 173.194.41.168, 173.194.41.166

173.194.41.169, 173.194.41.167, 173.194.41.162, 173.194.41.163, 173.194.41.165

173.194.41.164, 173.194.41.160

Pinging google.com [173.194.41.169] with 32 bytes of data:

Reply from 173.194.41.169: bytes=32 time=11ms TTL=53

Reply from 173.194.41.169: bytes=32 time=17ms TTL=53

Ping statistics for 173.194.41.169:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 11ms, Maximum = 17ms, Average = 14ms

DNS request timed out.

timeout was 2 seconds.

Server: ns-cache0.dircon.co.uk

Address: 194.112.32.1

Name: yahoo.com

Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=373ms TTL=49

Reply from 209.191.122.70: bytes=32 time=309ms TTL=49

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 309ms, Maximum = 373ms, Average = 341ms

DNS request timed out.

timeout was 2 seconds.

Server: ns-cache0.dircon.co.uk

Address: 194.112.32.1

Name: bleepingcomputer.com

Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 13 02 11 2f 7f ...... Intel® PRO/Wireless 3945ABG Network Connection - McAfee Core NDIS Intermediate Filter Miniport

0x10004 ...00 14 22 f0 62 46 ...... Broadcom 440x 10/100 Integrated Controller - McAfee Core NDIS Intermediate Filter Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.0.0.5 10.0.1.29 25

10.0.0.0 255.255.0.0 10.0.1.29 10.0.1.29 25

10.0.1.29 255.255.255.255 127.0.0.1 127.0.0.1 25

10.255.255.255 255.255.255.255 10.0.1.29 10.0.1.29 25

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

169.254.0.0 255.255.0.0 10.0.1.29 10.0.1.29 20

224.0.0.0 240.0.0.0 10.0.1.29 10.0.1.29 25

255.255.255.255 255.255.255.255 10.0.1.29 10004 1

255.255.255.255 255.255.255.255 10.0.1.29 10.0.1.29 1

Default Gateway: 10.0.0.5

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)

Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (03/30/2012 01:25:59 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/30/2012 01:25:59 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/30/2012 01:25:58 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/30/2012 01:24:19 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.

Thread id : 3312 (0xcf0)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\onex.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/29/2012 04:27:05 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/29/2012 04:27:05 PM) (Source: crypt32) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (03/29/2012 04:25:20 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.

Thread id : 2644 (0xa54)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/23/2012 00:45:15 PM) (Source: Application Hang) (User: )

Description: Hanging application mbam.exe, version 1.60.0.61, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/23/2012 11:37:19 AM) (Source: McLogEvent) (User: SYSTEM)SYSTEM

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.

Thread id : 3464 (0xd88)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/22/2012 03:48:32 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM

Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.

Thread id : 916 (0x394)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll

by C:\WINDOWS\system32\rundll32.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

System errors:

=============

Error: (04/02/2012 11:14:13 AM) (Source: Service Control Manager) (User: )

Description: The KService service hung on starting.

Error: (03/30/2012 02:46:49 PM) (Source: Service Control Manager) (User: )

Description: The KService service hung on starting.

Error: (03/30/2012 02:37:12 PM) (Source: Service Control Manager) (User: )

Description: The KService service hung on starting.

Error: (03/30/2012 02:03:19 PM) (Source: Service Control Manager) (User: )

Description: The KService service hung on starting.

Error: (03/30/2012 01:25:51 PM) (Source: Service Control Manager) (User: )

Description: The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/30/2012 01:25:49 PM) (Source: Service Control Manager) (User: )

Description: The McAfee VirusScan Announcer service hung on starting.

Error: (03/30/2012 01:25:49 PM) (Source: Service Control Manager) (User: )

Description: The KService service hung on starting.

Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )

Description: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

%%1053

Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )

Description: The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

%%1053

Error: (03/30/2012 01:24:29 PM) (Source: Service Control Manager) (User: )

Description: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

%%1053

Microsoft Office Sessions:

=========================

Error: (03/30/2012 01:25:59 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/30/2012 01:25:59 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/30/2012 01:25:58 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/30/2012 01:24:19 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003312 (0xcf0)0x7C90E514

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\onex.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/29/2012 04:27:05 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/29/2012 04:27:05 PM) (Source: crypt32)(User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (03/29/2012 04:25:20 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900002644 (0xa54)0x7C90E514

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/23/2012 00:45:15 PM) (Source: Application Hang)(User: )

Description: mbam.exe1.60.0.61hungapp0.0.0.000000000

Error: (03/23/2012 11:37:19 AM) (Source: McLogEvent)(User: SYSTEM)SYSTEM

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003464 (0xd88)0x7C90E514

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

Error: (03/22/2012 03:48:32 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM

Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe90000916 (0x394)0x7C90E514

Build VSCORE.14.4.0.380 / 5400.1158

Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\comres.dll

by C:\WINDOWS\system32\rundll32.exe

4(0)(0)

4(0)(0)

7200(0)(0)

7595(0)(0)

7005(0)(0)

7004(0)(0)

5006(0)(0)

5004(0)(0)

=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19120)

Adobe Common File Installer (Version: 1.00.0000)

Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)

Adobe Flash Player 11 Plugin (Version: 11.1.102.55)

Adobe Help Center 1.0 (Version: 001.000.000)

Adobe Photoshop CS2 (Version: 9.0)

Adobe Photoshop Elements 6.0 (Version: 6.0)

Adobe Reader 8.1.2 (Version: 8.1.2)

Adobe Stock Photos 1.0 (Version: 1.0.8)

Apple Application Support (Version: 2.1.6)

Apple Mobile Device Support (Version: 4.0.0.97)

Apple Software Update (Version: 2.1.3.127)

ARTEuro (Version: 1.00.0000)

AviSynth 2.5

BBC iPlayer Desktop (Version: 3.0.10)

BBC iPlayer Download Manager (Version: 1.6.2407)

Bonjour (Version: 3.0.0.10)

Broadcom Management Programs (Version: 8.65.05)

BT Yahoo! Applications

BUFFALO LinkStation(LS-CHL) Setup Guide

BUFFALO NAS Navigator2

Canon Camera Access Library (Version: 8.2.0.1)

Canon Camera Support Core Library (Version: 7.3.1.6)

Canon Camera WIA Driver (Version: 5.5)

Canon Camera WIA Driver (Version: 5.7)

Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)

Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)

Canon EOS-1Ds Mark II WIA Driver (Version: 5.5)

Canon EOS 5D WIA Driver (Version: 5.7)

Canon MOV Decoder (Version: 1.8.0.7)

Canon MOV Encoder (Version: 1.6.0.1)

Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)

Canon RAW Image Task for ZoomBrowser EX (Version: 2.6.0.13)

Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)

Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.0.0)

Canon Utilities EOS Utility (Version: 2.10.0.0)

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)

Canon Utilities Original Data Security Tools (Version: 1.0.1.4)

Canon Utilities PhotoStitch (Version: 3.1.22.46)

Canon Utilities WFT-E1/E2 Utility (Version: 3.0.1.14)

Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)

Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)

Conexant HDA D110 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Support 5.0.0 (630)

Dell System Restore (Version: 2.00.0000)

Digital Line Detect (Version: 1.15)

EPSON Printer Software

ESPNMotion (Version: 2.1.6.0011)

FileZilla Client 3.5.3 (Version: 3.5.3)

Hauppauge English Help Files and Resources

Hauppauge TvTv Sync

Hauppauge WinTV Infrared Remote

Hauppauge WinTV Scheduler

Hauppauge WinTV2000

High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)

Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4431)

Internal Network Card Power Management (Version: 1.7.2)

Internet Explorer Default Page (Version: 1.00.03)

InterVideo FilterSDK for Hauppauge

iPod for Windows 2005-03-23 (Version: 3.8.0)

iTunes (Version: 10.5.3.3)

Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)

Learn2 Player (Uninstall Only)

Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)

McAfee Online Backup

McAfee Online Backup (Version: 1.16.4.0)

McAfee Total Protection (Version: 11.0.654)

McAfee Virtual Technician (Version: 5.0.1.0)

McAfee Virtual Technician (Version: 5.5.0.0)

MCU (Version: 1.00.0000)

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)

Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Modem Helper (Version: 3.01)

Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Multimedia Card Reader (Version: 3.00)

NetWaiting (Version: 2.5.23)

NovaBACKUP (Version: 11.1.14)

Otto

PowerDVD 5.7

QuickTime (Version: 7.71.80.42)

S194 Introducing Astronomy

Sonic Encoders (Version: 1.00)

Sonic MyDVD LE (Version: 6.1.1)

Sonic RecordNow Copy (Version: 2.0.0.1)

Sonic RecordNow Data (Version: 2.0.0.1)

Sonic Update Manager (Version: 3.0.0)

Stellarium 0.7.1

Synaptics Pointing Device Driver (Version: 8.2.4.3)

T189 ECA Helper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 7 (KB976749) (Version: 1)

Update for Windows Internet Explorer 7 (KB980182) (Version: 1)

Update for Windows Internet Explorer 8 (KB976662) (Version: 1)

Update for Windows Internet Explorer 8 (KB982632) (Version: 1)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676-v2) (Version: 2)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB951072-v2) (Version: 2)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB955839) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

Update Rollup 2 for Windows XP Media Center Edition 2005

WebEx

WebFldrs XP (Version: 9.50.7523)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7 (Version: 20061017.133151)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3 (Version: 20080414.031525)

Wise Registry Cleaner 6.21

Xvid 1.1.3 final uninstall (Version: 1.1)

YAMAHA Digital Music Notebook (Version: 2.4.23.2)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 53%

Total physical RAM: 1014.37 MB

Available physical RAM: 467.7 MB

Total Pagefile: 2417.01 MB

Available Pagefile: 1660.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1964.22 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:69.82 GB) (Free:27.38 GB) NTFS

========================= Users: ========================================

User accounts for \\SAMPAD

Admin 2 Administrator Guest

HelpAssistant Pad Sam

SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini012108-01.dmp

C:\WINDOWS\Minidump\Mini012608-01.dmp

C:\WINDOWS\Minidump\Mini032212-01.dmp

C:\WINDOWS\Minidump\Mini032312-01.dmp

C:\WINDOWS\Minidump\Mini101307-01.dmp

C:\WINDOWS\Minidump\Mini112208-01.dmp

**** End of log ****

Thanks,

Kam

Share this post


Link to post
Share on other sites

Hi,

It seems to be running a lot better (Thank you!!) but still having intermittent startup problems i.e crashing on login screen. Any ideas if this means I'm still infected/result of being infected or how to fix?

Thanks,

Kam

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Topic re-opened per member request.

@KamUddi

Do the following and post new logs.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Step 5
Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.