my aniti virus has been disabled by a virus and wont open

View previous topic View next topic Go down

my aniti virus has been disabled by a virus and wont open

Post by batp on 11th September 2010, 9:29 pm

it has been on the news about a new virus that disables the anti virus, mine is macafee security suite. it makes my computer slow and has stopped media player working sometimes too, and makes my computer need to be restarted often.

OTL logfile created on: 12/09/2010 9:01:52 a.m. - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

1,022.00 Mb Total Physical Memory | 42.00 Mb Available Physical Memory | 4.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.97 Gb Free Space | 84.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-2C3B44A34
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\VirusScan\McInsUpd.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Caplio Software\RGateLXP.exe (Ricoh Company, Ltd.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.com (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (EmmaDevMgmtSvc) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (EmmaUpdMgmtSvc) -- C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/01/19 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/19 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2008/04/15 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100816124105.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RICOH Gate La.lnk = C:\Program Files\Caplio Software\RGateLXP.exe (Ricoh Company, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} [You must be registered and logged in to see this link.] (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/22 08:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9ae12da-04b6-11df-b6ff-0013025cf406}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

batp
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : xp
Protection Protection : macafee security suite
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by batp on 11th September 2010, 9:31 pm

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 08:40:57 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2010/09/11 18:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/09/11 17:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/11 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/20 10:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/16 15:58:54 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/16 15:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/08/16 12:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/16 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/06 10:53:23 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/06 10:53:11 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/06 10:53:11 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/06 10:53:11 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/06 10:53:11 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/06 10:53:11 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/06 10:53:11 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/15 00:54:18 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe4AB.dll
[2010/05/07 19:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2010/04/29 09:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2010/02/18 19:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\usueable pics
[2010/02/18 19:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\20090727
[2010/02/18 19:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\20090724
[2010/02/16 06:57:08 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010/02/16 06:56:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe14E.dll
[2010/01/19 17:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\TomTom
[2009/12/05 06:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Sony Ericsson
[2009/11/22 19:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/17 18:27:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/17 18:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/11/11 14:19:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/16 12:09:52 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2009/10/16 12:09:52 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2009/10/16 11:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Phone Backup
[2009/10/16 11:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Podcasts
[2009/10/16 11:26:54 | 000,109,864 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018unic.sys
[2009/10/16 11:26:54 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cr.sys
[2009/10/16 11:26:53 | 000,106,208 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys
[2009/10/16 11:26:53 | 000,104,744 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018obex.sys
[2009/10/16 11:26:52 | 000,114,728 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdm.sys
[2009/10/16 11:26:52 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018nd5.sys
[2009/10/16 11:26:52 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys
[2009/10/16 11:26:52 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cmnt.sys
[2009/10/16 11:26:52 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cm.sys
[2009/10/16 11:26:51 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018bus.sys
[2009/10/16 11:26:51 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018whnt.sys
[2009/10/16 11:26:51 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018wh.sys
[2009/06/23 09:16:24 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/12 08:57:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 08:41:34 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2010/09/12 08:40:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/12 05:57:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 04:08:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/12 01:58:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/11 18:16:40 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/11 17:46:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/11 17:46:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/09/11 17:46:08 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-179605362-1606980848-1003.job
[2010/09/11 17:46:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/11 17:45:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/11 17:44:27 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/11 17:44:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/11 17:44:15 | 005,389,516 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/09/10 17:58:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/09/10 17:58:25 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/10 08:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/09 08:20:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 22:15:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/07 19:24:52 | 000,025,310 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/09/07 14:44:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-179605362-1606980848-1003.job
[2010/09/06 11:03:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/03 13:54:26 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/20 15:03:16 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/08/20 10:34:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/20 10:22:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/20 10:22:25 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/16 12:24:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/16 12:24:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/16 12:24:45 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/16 12:24:44 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/16 12:24:44 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/16 12:24:44 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/16 12:24:44 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/16 12:24:44 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/16 11:15:18 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/12 03:22:12 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 03:05:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 03:05:07 | 000,501,938 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 03:05:07 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 03:05:07 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/22 11:06:32 | 005,178,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\A1 Homes Show home Sponge Bay[1].pdf
[2010/06/30 11:14:56 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/15 00:54:54 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/05/15 00:54:18 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe4AB.dll
[2010/05/15 00:38:03 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 1.5.lnk
[2010/05/13 21:17:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/11 18:07:31 | 000,121,683 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gal__233_santamuerte.jpg
[2010/04/27 21:26:50 | 007,271,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Advance Roofing (Gisborne) Limited (Backup Apr 27,2010 09 25 PM).QBB
[2010/03/24 15:46:58 | 006,477,527 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Suzuki_GSX-R250_Owners_Manual.zip
[2010/03/24 14:30:20 | 007,200,633 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Suzuki_GSX250F_Service_Manual.pdf
[2010/03/15 10:04:44 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/04 18:19:09 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\busniss card.wps
[2010/02/16 06:56:48 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe14E.dll
[2010/02/06 06:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2010/02/06 06:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/25 18:31:43 | 001,011,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\price list[1].doc
[2009/11/22 03:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/17 18:32:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2009/11/17 18:32:54 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2009/11/11 14:20:14 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/16 12:21:43 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2009/10/16 12:21:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/10/16 12:09:56 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Update Service.lnk
[2009/10/16 12:09:23 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2009/10/16 12:09:23 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2009/10/16 12:06:53 | 031,852,392 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Update_Service_Setup-2.9.9.17.exe
[2009/10/16 11:38:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/16 11:30:07 | 000,001,969 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2009/10/07 20:33:25 | 000,032,400 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/11 17:40:35 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/20 15:03:10 | 000,000,629 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/08/20 10:34:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/22 11:06:31 | 005,178,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\A1 Homes Show home Sponge Bay[1].pdf
[2010/06/30 11:14:56 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 00:54:54 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Suite 6.0.lnk
[2010/05/15 00:38:03 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 1.5.lnk
[2010/05/13 21:17:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010/05/11 18:07:28 | 000,121,683 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gal__233_santamuerte.jpg
[2010/05/03 21:33:09 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-179605362-1606980848-1003.job
[2010/05/03 21:33:07 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-179605362-1606980848-1003.job
[2010/04/27 21:26:29 | 007,271,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Advance Roofing (Gisborne) Limited (Backup Apr 27,2010 09 25 PM).QBB
[2010/04/24 07:40:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2010/04/01 06:51:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/24 15:46:46 | 006,477,527 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Suzuki_GSX-R250_Owners_Manual.zip
[2010/03/24 14:30:19 | 007,200,633 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Suzuki_GSX250F_Service_Manual.pdf
[2010/03/04 17:49:48 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\busniss card.wps
[2010/02/27 06:50:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/22 11:58:48 | 001,011,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\price list[1].doc
[2009/11/11 14:20:14 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/16 12:21:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2009/10/16 12:21:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/10/16 12:09:56 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Update Service.lnk
[2009/10/16 12:06:29 | 031,852,392 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Update_Service_Setup-2.9.9.17.exe
[2009/10/16 11:30:07 | 000,001,969 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony Ericsson Media Manager 1.2.lnk
[2009/10/07 20:33:25 | 000,032,400 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/30 20:41:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/26 17:44:16 | 000,000,195 | ---- | C] () -- C:\WINDOWS\WinHelp.ini
[2009/06/23 20:14:58 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SUPPORT.INI
[2009/06/23 20:00:23 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2009/06/23 20:00:22 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2009/06/23 19:54:25 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/23 19:54:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/23 19:53:36 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/23 19:53:36 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/23 19:52:14 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/06/23 19:50:11 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/06/23 17:41:57 | 000,025,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/06/23 09:16:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2009/06/23 08:52:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/06/23 08:52:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/06/23 08:52:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/06/23 08:52:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/06/22 13:55:30 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/06/22 09:25:37 | 001,019,904 | R--- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/22 09:25:36 | 001,662,976 | R--- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/22 09:25:36 | 001,470,464 | R--- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/22 09:25:36 | 000,466,944 | R--- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/22 09:25:24 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/06/22 09:25:20 | 000,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/06/22 09:25:20 | 000,212,992 | R--- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/06/26 15:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/06/23 19:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/16 11:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/01/19 17:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/23 08:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/04/02 09:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 21:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 10:59:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/23 09:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/11 14:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/06/23 09:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/05/15 00:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/05/15 00:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Setup
[2009/06/23 17:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/01/19 16:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2010/09/06 11:03:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/12 01:58:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/08 22:15:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/21 00:19:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/21 00:19:29 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/21 00:19:29 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/15 00:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/15 00:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/15 00:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/15 00:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/15 00:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/15 00:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/15 00:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/15 00:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/15 00:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/15 00:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/15 00:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/15 00:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/15 00:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/15 00:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/15 00:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/15 00:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/24 01:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/09/11 17:45:45 | 000,068,273 | ---- | M] () -- C:\aaw7boot.log
[2009/06/22 08:29:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/22 08:22:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/06/22 08:29:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/22 08:29:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/22 08:29:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/15 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/15 00:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/11 17:45:54 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/10/27 18:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/06/23 09:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/06/23 19:53:00 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2009/06/23 20:14:58 | 000,000,000 | ---D | M] -- C:\Program Files\Caplio Software
[2010/05/13 21:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/06/22 08:25:20 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/06/22 11:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/06/30 11:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/09/11 17:58:21 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/06/23 08:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/12 03:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/26 17:40:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2009/08/29 19:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/09/11 17:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\IObitCom
[2009/09/17 22:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2010/09/11 17:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/11 17:40:29 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/07/13 18:17:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/23 09:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/06/22 10:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/06/23 08:52:50 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/08/16 12:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/18 17:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/06/22 10:07:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/10/09 22:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/06/22 08:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/06/23 10:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/11 17:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/09 22:30:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/10/09 22:31:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/10/21 02:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/08/12 03:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/06/22 10:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/06/22 08:24:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/06/22 08:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/06/23 08:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/22 11:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/06/22 08:27:05 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/06/23 18:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/06/22 08:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/06/23 09:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/12 19:22:51 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/08/16 15:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2009/06/23 19:58:48 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2009/06/23 08:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2010/08/20 10:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/06/22 10:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/20 10:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/06/23 19:48:53 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2009/11/11 14:20:13 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/10/16 11:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/05/15 00:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2010/05/15 00:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2009/06/22 10:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/01/19 16:55:17 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2010/01/19 16:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/01/19 16:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2009/06/23 09:59:31 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2009/06/22 08:42:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/22 13:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/06/22 11:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/09 22:32:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/06/23 18:12:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/08/16 11:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/16 11:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/06/22 08:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/06/22 08:27:44 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/06/22 08:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2009/06/21 00:22:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2010/09/07 19:24:52 | 000,025,310 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/15 00:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/15 00:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/15 00:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/15 00:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/11/06 11:36:58 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=A5E4205CE290BFAE9E57F290588E5AA1 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/15 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/15 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/15 00:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/15 00:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/04/15 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-08 15:01:13

< >
< End of report >

batp
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : xp
Protection Protection : macafee security suite
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by Sneakyone on 11th September 2010, 11:43 pm

Hi.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by batp on 11th October 2010, 2:48 am

ComboFix 10-10-10.02 - Owner 11/10/2010 15:30:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.1022.390 [GMT 13:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe14E.dll
c:\documents and settings\All Users\Application Data\hpe4AB.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-10 20:25 . 2010-10-10 20:25 -------- d-----w- c:\program files\iPod
2010-10-10 20:25 . 2010-10-10 20:26 -------- d-----w- c:\program files\iTunes
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-10-10 19:59 . 2010-10-10 20:00 -------- d-----w- c:\program files\Bonjour
2010-10-08 08:30 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8073E46B-B93E-4183-BD38-D8808DDFE64B}\mpengine.dll
2010-10-07 03:27 . 2010-10-07 03:27 0 ----a-w- c:\windows\RGI481.tmp
2010-09-28 07:21 . 2010-09-28 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-05 23:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-05 23:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-19 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-21 7700480]
"nwiz"="nwiz.exe" [2006-10-21 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-21 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1343488]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-14 524632]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-05 49168]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-13 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-27 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-17 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-07 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RICOH Gate La.lnk - c:\program files\Caplio Software\RGateLXP.exe [2009-6-23 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-05 23:34 52224 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009-10\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Caplio Software\\RGateLXP.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/06/2009 12:02 p.m. 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/08/2010 4:58 p.m. 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/08/2010 11:53 a.m. 84072]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [27/04/2010 3:51 p.m. 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [27/04/2010 3:51 p.m. 162936]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/08/2010 11:52 a.m. 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [6/08/2010 11:52 a.m. 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [6/08/2010 11:53 a.m. 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [6/08/2010 11:53 a.m. 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [14/11/2009 12:31 a.m. 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 p.m. 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/08/2010 11:53 a.m. 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/08/2010 11:53 a.m. 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/08/2010 11:53 a.m. 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/08/2010 11:53 a.m. 84264]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [16/02/2010 7:57 a.m. 27632]
S2 gupdate1ca0346ecef3581;Google Update Service (gupdate1ca0346ecef3581);c:\program files\Google\Update\GoogleUpdate.exe [13/07/2009 12:17 p.m. 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 8:06 a.m. 1029456]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16/02/2010 7:56 a.m. 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16/10/2009 1:09 p.m. 13224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/08/2010 11:53 a.m. 88544]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [16/10/2009 12:26 p.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [16/10/2009 12:26 p.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [16/10/2009 12:26 p.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [16/10/2009 12:26 p.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [16/10/2009 12:26 p.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [16/10/2009 12:26 p.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [16/10/2009 12:26 p.m. 109864]

batp
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : xp
Protection Protection : macafee security suite
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by batp on 11th October 2010, 2:50 am

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:03]

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 00:34]

2010-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 23:15]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 23:17]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 23:17]

2010-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 06:20]

2010-09-20 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-26 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1624)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-10-11 15:40:02
ComboFix-quarantined-files.txt 2010-10-11 02:40

Pre-Run: 134,765,285,376 bytes free
Post-Run: 135,187,210,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C78480BAE7DF996E7AAE84AABF2E78BD

batp
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : xp
Protection Protection : macafee security suite
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by Sneakyone on 11th October 2010, 10:38 pm

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\RGI481.tmp

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56114
# Likes # Likes : 0

View user profile

Back to top Go down

Re: my aniti virus has been disabled by a virus and wont open

Post by batp on 11th October 2010, 11:40 pm

ComboFix 10-10-11.01 - Owner 12/10/2010 12:21:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.64.1033.18.1022.190 [GMT 13:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
"c:\windows\RGI481.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\RGI481.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-11 08:43 . 2010-10-11 08:43 -------- d-----w- c:\windows\LastGood
2010-10-10 20:25 . 2010-10-10 20:25 -------- d-----w- c:\program files\iPod
2010-10-10 20:25 . 2010-10-10 20:26 -------- d-----w- c:\program files\iTunes
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-10 20:18 . 2010-10-10 20:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-10-10 19:59 . 2010-10-10 20:00 -------- d-----w- c:\program files\Bonjour
2010-10-08 08:30 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8073E46B-B93E-4183-BD38-D8808DDFE64B}\mpengine.dll
2010-09-28 07:21 . 2010-09-28 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-11 22:58 . 2010-10-11 22:58 16384 c:\windows\Temp\Perflib_Perfdata_cc0.dat
+ 2010-10-11 05:17 . 2010-10-11 05:17 16384 c:\windows\Temp\Perflib_Perfdata_49c.dat
+ 2009-06-21 20:34 . 2010-10-11 20:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-06-21 20:34 . 2010-10-11 01:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-11 05:55 . 2010-10-11 20:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-06-21 20:34 . 2010-10-11 01:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-05 23:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-05 23:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-23 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-19 434176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-21 7700480]
"nwiz"="nwiz.exe" [2006-10-21 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-21 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1343488]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-14 524632]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-05 49168]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-13 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-27 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-17 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-07 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RICOH Gate La.lnk - c:\program files\Caplio Software\RGateLXP.exe [2009-6-23 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-05 23:34 52224 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009-10\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Caplio Software\\RGateLXP.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/06/2009 12:02 p.m. 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16/08/2010 4:58 p.m. 28552]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/08/2010 11:53 a.m. 84072]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [27/04/2010 3:51 p.m. 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [27/04/2010 3:51 p.m. 162936]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/08/2010 11:52 a.m. 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [6/08/2010 11:52 a.m. 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [6/08/2010 11:53 a.m. 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [6/08/2010 11:53 a.m. 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [14/11/2009 12:31 a.m. 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 p.m. 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/08/2010 11:53 a.m. 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/08/2010 11:53 a.m. 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/08/2010 11:53 a.m. 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/08/2010 11:53 a.m. 84264]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [16/02/2010 7:57 a.m. 27632]
S2 0009711286786640mcinstcleanup;McAfee Application Installer Cleanup (0009711286786640);c:\windows\TEMP\000971~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\000971~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1ca0346ecef3581;Google Update Service (gupdate1ca0346ecef3581);c:\program files\Google\Update\GoogleUpdate.exe [13/07/2009 12:17 p.m. 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 8:06 a.m. 1029456]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16/02/2010 7:56 a.m. 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16/10/2009 1:09 p.m. 13224]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/08/2010 11:53 a.m. 88544]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [16/10/2009 12:26 p.m. 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [16/10/2009 12:26 p.m. 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [16/10/2009 12:26 p.m. 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [16/10/2009 12:26 p.m. 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [16/10/2009 12:26 p.m. 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [16/10/2009 12:26 p.m. 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [16/10/2009 12:26 p.m. 109864]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:03]

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 00:34]

2010-10-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-22 23:15]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 23:17]

2010-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 23:17]

2010-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 06:20]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\windows\system32\wbem\wbemprox.dll

- - - - - - - > 'lsass.exe'(1624)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-10-12 12:30:49
ComboFix-quarantined-files.txt 2010-10-11 23:30
ComboFix2.txt 2010-10-11 02:40

Pre-Run: 135,046,205,440 bytes free
Post-Run: 135,024,091,136 bytes free

- - End Of File - - 2BF98E864C95C216296387F00A4B00EC

batp
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-09-11
Gender Gender : Male
OS OS : xp
Protection Protection : macafee security suite
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum