Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old March 4th, 2012, 05:21 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
http://www.searchnu.com/406

Hi,

I've inadvertently installed searchnu.com and http://www.searchnu.com/406 has now become my Home page. Please can you advise what I would need to do to remove this.

Many thanks,

Graham
Reply With Quote


  #2  
Old March 4th, 2012, 07:39 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Welcome back to CTH, GrahamyHill!

We met before, with Searchqu.

Let's see what we can find with the following...

Please download OTL from: Here
  • Save it to the Desktop.
  • OTL is does not need to be installed, simply click OTL.exe to run the program.
  • Click the Scan All Users checkbox.
  • Press the Run Scan button.
  • Two reports appear:
    • OTL.txt <-- Opened on the Desktop
    • Extra.txt <-- Minimized on the TaskBar

Please post (do not attach) the OTL.txt and Extra.txt reports in your reply.
Reply With Quote
  #3  
Old March 5th, 2012, 06:58 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
We did indeed meet before. Sometimes I surpass myself with my own stupidity.

OTL.txt:

OTL logfile created on: 05/03/2012 17:43:50 - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Graham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.70% Memory free
6.75 Gb Paging File | 5.92 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 94.73 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 3.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAMILYROOM | User Name: Graham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 17:43:13 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Graham\Desktop\OTL.exe
PRC - [2012/02/28 15:58:02 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/12/23 16:00:00 | 000,611,144 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2011/12/14 12:35:50 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 12:35:48 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/14 00:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/27 08:42:48 | 000,088,976 | ---- | M] () -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/14 17:38:00 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011/03/28 11:50:34 | 000,148,496 | ---- | M] () -- c:\Program Files\McAfee\MSK\mskoeplg.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/11/11 09:15:18 | 000,204,800 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
MOD - [2005/09/22 18:19:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\hcwXDS.dll
MOD - [2005/08/05 14:01:54 | 000,167,936 | ---- | M] () -- C:\WINDOWS\system32\wstpager.ax
MOD - [2005/08/05 14:01:54 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\VBICodec.ax
MOD - [2005/08/05 13:06:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll
MOD - [2005/06/06 15:58:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\dlcccfg.dll
MOD - [2005/04/01 16:44:16 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 12:35:48 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/03/09 23:32:32 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCLEPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (adxapie)
DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/07 15:25:45 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\R apportIaso.sys -- (RapportIaso)
DRV - [2009/07/17 07:37:06 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 18:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006/11/30 13:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006/11/30 13:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex)
DRV - [2006/11/30 13:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006/11/30 13:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/30 13:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006/11/30 13:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006/11/30 13:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2005/09/22 18:19:54 | 000,148,608 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/06 21:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 22:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 16:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/01/11 00:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/11 00:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/29 03:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/08 11:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2002/10/15 21:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYGB&fl=0&ptb=KOEouUFLY1 2pr8KPNS9cDA&url=http://www.uk.ask.com/web&q={searchTerms}&l=zu&o=sb
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTe rms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTe rms}
IE - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt [2011/12/05 22:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/29 19:24:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/03/05 17:33:46 | 000,000,000 | ---D | M]

[2011/06/30 18:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2010/02/06 10:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/23 20:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/29 13:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/04/18 21:43:29 | 000,024,673 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
[2011/06/30 18:44:10 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Graham\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Graham\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk\1.5_0\

O1 HOSTS File: ([2010/05/29 18:49:58 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120301183349.dl l (McAfee, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\..\Toolbar\WebBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.DLL ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/act...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1AA310C8-712D-4910-AE30-3E5869972CB3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/04 17:02:04 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2470219382-1507558978-2878208793-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/03/04 14:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2012/03/04 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Application Data\searchqutoolbar
[2012/03/04 14:05:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}
[2012/03/04 14:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2012/03/04 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/03/04 14:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2010/07/12 19:07:00 | 017,522,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\visioviewer.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Graham\Desktop\*.tmp files -> C:\Documents and Settings\Graham\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 17:52:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C052BD02-2B55-420A-82E4-CF12905F0679}.job
[2012/03/05 17:43:13 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Graham\Desktop\OTL.exe
[2012/03/05 17:34:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE29C0D0-481B-4C42-B9F7-6D0FA25FACB2}.job
[2012/03/05 17:30:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2470219382-1507558978-2878208793-1005.job
[2012/03/05 17:30:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/05 17:30:19 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2470219382-1507558978-2878208793-1008.job
[2012/03/05 17:30:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2470219382-1507558978-2878208793-1010.job
[2012/03/05 17:30:18 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2470219382-1507558978-2878208793-501.job
[2012/03/05 17:29:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 18:22:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/03/04 18:00:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2012/03/04 14:11:48 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2012/03/04 14:10:00 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.url
[2012/02/29 20:49:01 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Graham\My Documents\Budget 2012 - Monthly Outgoings.xlr
[2012/02/22 18:58:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/16 19:07:53 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 07:58:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Graham\Desktop\*.tmp files -> C:\Documents and Settings\Graham\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 14:10:00 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Upgrade Facebook Chat Experience.url
[2012/03/04 14:05:24 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2012/02/16 07:33:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 07:33:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/12/23 20:20:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/11/30 22:44:30 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/23 07:23:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/28 16:59:34 | 000,006,320 | -HS- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\yS2OaD165p3Y
[2010/04/28 16:59:34 | 000,006,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yS2OaD165p3Y
[2010/04/24 16:23:31 | 000,012,412 | -HS- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\681650596
[2010/04/24 16:23:31 | 000,012,412 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\681650596
[2010/04/24 07:57:28 | 000,012,404 | -HS- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\0D2HvP
[2010/04/24 07:57:28 | 000,012,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0D2HvP

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
Reply With Quote
  #4  
Old March 5th, 2012, 07:02 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
Extras.txt:

OTL Extras logfile created on: 19/12/2011 21:39:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Graham\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 75.47% Memory free
6.75 Gb Paging File | 6.04 Gb Available in Paging File | 89.58% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.32 Gb Total Space | 89.76 Gb Free Space | 62.19% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM | User Name: Graham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4465:TCP" = 4465:TCP:*:Enabled:Services
"7430:TCP" = 7430:TCP:*:Enabled:Services
"5168:TCP" = 5168:TCP:*:Enabled:Services
"3334:TCP" = 3334:TCP:*:Enabled:Services
"4115:TCP" = 4115:TCP:*:Enabled:Services
"6730:TCP" = 6730:TCP:*:Enabled:Services
"7990:TCP" = 7990:TCP:*:Enabled:Services
"9661:TCP" = 9661:TCP:*:Enabled:Services
"8364:TCP" = 8364:TCP:*:Enabled:Services
"8051:TCP" = 8051:TCP:*:Enabled:Services
"3506:TCP" = 3506:TCP:*:Enabled:Services
"7364:TCP" = 7364:TCP:*:Enabled:Services
"8395:TCP" = 8395:TCP:*:Enabled:Services
"8380:TCP" = 8380:TCP:*:Enabled:Services
"4631:TCP" = 4631:TCP:*:Enabled:Services
"2225:TCP" = 2225:TCP:*:Enabled:Services
"3584:TCP" = 3584:TCP:*:Enabled:Services
"8255:TCP" = 8255:TCP:*:Enabled:Services
"1818:TCP" = 1818:TCP:*:Enabled:Services
"4068:TCP" = 4068:TCP:*:Enabled:Services
"8661:TCP" = 8661:TCP:*:Enabled:Services
"6131:TCP" = 6131:TCP:*:Enabled:Services
"6552:TCP" = 6552:TCP:*:Enabled:Services
"2849:TCP" = 2849:TCP:*:Enabled:Services
"6990:TCP" = 6990:TCP:*:Enabled:Services
"6551:TCP" = 6551:TCP:*:Enabled:Services
"1568:TCP" = 1568:TCP:*:Enabled:Services
"2193:TCP" = 2193:TCP:*:Enabled:Services
"5040:TCP" = 5040:TCP:*:Enabled:Services
"9021:TCP" = 9021:TCP:*:Enabled:Services
"7786:TCP" = 7786:TCP:*:Enabled:Services
"3681:TCP" = 3681:TCP:*:Enabled:Services
"7286:TCP" = 7286:TCP:*:Enabled:Services
"8240:TCP" = 8240:TCP:*:Enabled:Services
"8130:TCP" = 8130:TCP:*:Enabled:Services
"6114:TCP" = 6114:TCP:*:Enabled:Services
"6006:TCP" = 6006:TCP:*:Enabled:Services
"8676:TCP" = 8676:TCP:*:Enabled:Services
"5551:TCP" = 5551:TCP:*:Enabled:Services
"5458:TCP" = 5458:TCP:*:Enabled:Services
"2600:TCP" = 2600:TCP:*:Enabled:Services
"7051:TCP" = 7051:TCP:*:Enabled:Services
"4552:TCP" = 4552:TCP:*:Enabled:Services
"9364:TCP" = 9364:TCP:*:Enabled:Services
"7739:TCP" = 7739:TCP:*:Enabled:Services
"8067:TCP" = 8067:TCP:*:Enabled:Services
"6553:TCP" = 6553:TCP:*:Enabled:Services
"2788:TCP" = 2788:TCP:*:Enabled:Services
"6084:TCP" = 6084:TCP:*:Enabled:Services
"9005:TCP" = 9005:TCP:*:Enabled:Services
"8301:TCP" = 8301:TCP:*:Enabled:Services
"7334:TCP" = 7334:TCP:*:Enabled:Services
"2646:TCP" = 2646:TCP:*:Enabled:Services
"8005:TCP" = 8005:TCP:*:Enabled:Services
"4521:TCP" = 4521:TCP:*:Enabled:Services
"9537:TCP" = 9537:TCP:*:Enabled:Services
"1600:TCP" = 1600:TCP:*:Enabled:Services
"2085:TCP" = 2085:TCP:*:Enabled:Services
"7974:TCP" = 7974:TCP:*:Enabled:Services
"8489:TCP" = 8489:TCP:*:Enabled:Services
"2615:TCP" = 2615:TCP:*:Enabled:Services
"9801:TCP" = 9801:TCP:*:Enabled:Services
"8723:TCP" = 8723:TCP:*:Enabled:Services
"8630:TCP" = 8630:TCP:*:Enabled:Services
"4959:TCP" = 4959:TCP:*:Enabled:Services
"8365:TCP" = 8365:TCP:*:Enabled:Services
"9567:TCP" = 9567:TCP:*:Enabled:Services
"5912:TCP" = 5912:TCP:*:Enabled:Services
"4818:TCP" = 4818:TCP:*:Enabled:Services
"6223:TCP" = 6223:TCP:*:Enabled:Services
"9786:TCP" = 9786:TCP:*:Enabled:Services
"3302:TCP" = 3302:TCP:*:Enabled:Services
"8973:TCP" = 8973:TCP:*:Enabled:Services
"8895:TCP" = 8895:TCP:*:Enabled:Services
"8068:TCP" = 8068:TCP:*:Enabled:Services
"3926:TCP" = 3926:TCP:*:Enabled:Services
"6723:TCP" = 6723:TCP:*:Enabled:Services
"4661:TCP" = 4661:TCP:*:Enabled:Services
"4817:TCP" = 4817:TCP:*:Enabled:Services
"4708:TCP" = 4708:TCP:*:Enabled:Services
"4848:TCP" = 4848:TCP:*:Enabled:Services
"3881:TCP" = 3881:TCP:*:Enabled:Services
"4380:TCP" = 4380:TCP:*:Enabled:Services
"2568:TCP" = 2568:TCP:*:Enabled:Services
"5536:TCP" = 5536:TCP:*:Enabled:Services
"4458:TCP" = 4458:TCP:*:Enabled:Services
"3240:TCP" = 3240:TCP:*:Enabled:Services
"6426:TCP" = 6426:TCP:*:Enabled:Services
"2302:TCP" = 2302:TCP:*:Enabled:Services
"6270:TCP" = 6270:TCP:*:Enabled:Services
"8743:TCP" = 8743:TCP:*:Enabled:Services
"2209:TCP" = 2209:TCP:*:Enabled:Services
"5787:TCP" = 5787:TCP:*:Enabled:Services
"1928:TCP" = 1928:TCP:*:Enabled:Services
"1553:TCP" = 1553:TCP:*:Enabled:Services
"1693:TCP" = 1693:TCP:*:Enabled:Services
"5646:TCP" = 5646:TCP:*:Enabled:Services
"3310:TCP" = 3310:TCP:*:Enabled:Services
"7691:TCP" = 7691:TCP:*:Enabled:Services
"1942:TCP" = 1942:TCP:*:Enabled:Services
"6988:TCP" = 6988:TCP:*:Enabled:Services
"2692:TCP" = 2692:TCP:*:Enabled:Services
"4176:TCP" = 4176:TCP:*:Enabled:Services
"7675:TCP" = 7675:TCP:*:Enabled:Services
"6629:TCP" = 6629:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4465:TCP" = 4465:TCP:*:Enabled:Services
"7430:TCP" = 7430:TCP:*:Enabled:Services
"5168:TCP" = 5168:TCP:*:Enabled:Services
"3334:TCP" = 3334:TCP:*:Enabled:Services
"4115:TCP" = 4115:TCP:*:Enabled:Services
"6730:TCP" = 6730:TCP:*:Enabled:Services
"7990:TCP" = 7990:TCP:*:Enabled:Services
"9661:TCP" = 9661:TCP:*:Enabled:Services
"8364:TCP" = 8364:TCP:*:Enabled:Services
"8051:TCP" = 8051:TCP:*:Enabled:Services
"3506:TCP" = 3506:TCP:*:Enabled:Services
"7364:TCP" = 7364:TCP:*:Enabled:Services
"8395:TCP" = 8395:TCP:*:Enabled:Services
"8380:TCP" = 8380:TCP:*:Enabled:Services
"4631:TCP" = 4631:TCP:*:Enabled:Services
"2225:TCP" = 2225:TCP:*:Enabled:Services
"3584:TCP" = 3584:TCP:*:Enabled:Services
"8255:TCP" = 8255:TCP:*:Enabled:Services
"1818:TCP" = 1818:TCP:*:Enabled:Services
"4068:TCP" = 4068:TCP:*:Enabled:Services
"8661:TCP" = 8661:TCP:*:Enabled:Services
"6131:TCP" = 6131:TCP:*:Enabled:Services
"6552:TCP" = 6552:TCP:*:Enabled:Services
"2849:TCP" = 2849:TCP:*:Enabled:Services
"6990:TCP" = 6990:TCP:*:Enabled:Services
"6551:TCP" = 6551:TCP:*:Enabled:Services
"1568:TCP" = 1568:TCP:*:Enabled:Services
"2193:TCP" = 2193:TCP:*:Enabled:Services
"5040:TCP" = 5040:TCP:*:Enabled:Services
"9021:TCP" = 9021:TCP:*:Enabled:Services
"7786:TCP" = 7786:TCP:*:Enabled:Services
"3681:TCP" = 3681:TCP:*:Enabled:Services
"7286:TCP" = 7286:TCP:*:Enabled:Services
"8240:TCP" = 8240:TCP:*:Enabled:Services
"8130:TCP" = 8130:TCP:*:Enabled:Services
"6114:TCP" = 6114:TCP:*:Enabled:Services
"6006:TCP" = 6006:TCP:*:Enabled:Services
"8676:TCP" = 8676:TCP:*:Enabled:Services
"5551:TCP" = 5551:TCP:*:Enabled:Services
"5458:TCP" = 5458:TCP:*:Enabled:Services
"2600:TCP" = 2600:TCP:*:Enabled:Services
"7051:TCP" = 7051:TCP:*:Enabled:Services
"4552:TCP" = 4552:TCP:*:Enabled:Services
"9364:TCP" = 9364:TCP:*:Enabled:Services
"7739:TCP" = 7739:TCP:*:Enabled:Services
"8067:TCP" = 8067:TCP:*:Enabled:Services
"6553:TCP" = 6553:TCP:*:Enabled:Services
"2788:TCP" = 2788:TCP:*:Enabled:Services
"6084:TCP" = 6084:TCP:*:Enabled:Services
"9005:TCP" = 9005:TCP:*:Enabled:Services
"8301:TCP" = 8301:TCP:*:Enabled:Services
"7334:TCP" = 7334:TCP:*:Enabled:Services
"2646:TCP" = 2646:TCP:*:Enabled:Services
"8005:TCP" = 8005:TCP:*:Enabled:Services
"4521:TCP" = 4521:TCP:*:Enabled:Services
"9537:TCP" = 9537:TCP:*:Enabled:Services
"1600:TCP" = 1600:TCP:*:Enabled:Services
"2085:TCP" = 2085:TCP:*:Enabled:Services
"7974:TCP" = 7974:TCP:*:Enabled:Services
"8489:TCP" = 8489:TCP:*:Enabled:Services
"2615:TCP" = 2615:TCP:*:Enabled:Services
"9801:TCP" = 9801:TCP:*:Enabled:Services
"8723:TCP" = 8723:TCP:*:Enabled:Services
"8630:TCP" = 8630:TCP:*:Enabled:Services
"4959:TCP" = 4959:TCP:*:Enabled:Services
"8365:TCP" = 8365:TCP:*:Enabled:Services
"9567:TCP" = 9567:TCP:*:Enabled:Services
"5912:TCP" = 5912:TCP:*:Enabled:Services
"4818:TCP" = 4818:TCP:*:Enabled:Services
"6223:TCP" = 6223:TCP:*:Enabled:Services
"9786:TCP" = 9786:TCP:*:Enabled:Services
"3302:TCP" = 3302:TCP:*:Enabled:Services
"8973:TCP" = 8973:TCP:*:Enabled:Services
"8895:TCP" = 8895:TCP:*:Enabled:Services
"8068:TCP" = 8068:TCP:*:Enabled:Services
"3926:TCP" = 3926:TCP:*:Enabled:Services
"6723:TCP" = 6723:TCP:*:Enabled:Services
"4661:TCP" = 4661:TCP:*:Enabled:Services
"4817:TCP" = 4817:TCP:*:Enabled:Services
"4708:TCP" = 4708:TCP:*:Enabled:Services
"4848:TCP" = 4848:TCP:*:Enabled:Services
"3881:TCP" = 3881:TCP:*:Enabled:Services
"4380:TCP" = 4380:TCP:*:Enabled:Services
"2568:TCP" = 2568:TCP:*:Enabled:Services
"5536:TCP" = 5536:TCP:*:Enabled:Services
"4458:TCP" = 4458:TCP:*:Enabled:Services
"3240:TCP" = 3240:TCP:*:Enabled:Services
"6426:TCP" = 6426:TCP:*:Enabled:Services
"2302:TCP" = 2302:TCP:*:Enabled:Services
"6270:TCP" = 6270:TCP:*:Enabled:Services
"8743:TCP" = 8743:TCP:*:Enabled:Services
"2209:TCP" = 2209:TCP:*:Enabled:Services
"5787:TCP" = 5787:TCP:*:Enabled:Services
"1928:TCP" = 1928:TCP:*:Enabled:Services
"1553:TCP" = 1553:TCP:*:Enabled:Services
"1693:TCP" = 1693:TCP:*:Enabled:Services
"5646:TCP" = 5646:TCP:*:Enabled:Services
"3310:TCP" = 3310:TCP:*:Enabled:Services
"7691:TCP" = 7691:TCP:*:Enabled:Services
"1942:TCP" = 1942:TCP:*:Enabled:Services
"6988:TCP" = 6988:TCP:*:Enabled:Services
"2692:TCP" = 2692:TCP:*:Enabled:Services
"4176:TCP" = 4176:TCP:*:Enabled:Services
"7675:TCP" = 7675:TCP:*:Enabled:Services
"6629:TCP" = 6629:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\WINDOWS\system32\dlcccoms.exe" = C:\WINDOWS\system32\dlcccoms.exe:*:Enabledell 924 Server -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPS WX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSW X.EXE:*:Enabledell 924 Printer Status -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAf ee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B095086-7205-4D48-90DF-DCD16613C6D4}" =
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{103BCDA0-E063-46AC-8028-64E78722ABA7}" =
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{19FDB8E4-59AD-4330-9667-E8DCAF018DD3}" = Unload
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}" =
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32B4B536-4443-42F0-9676-98373BE9114F}" =
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34EBD418-B8E6-4E86-89C4-33B72CF5663F}" =
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}" = NETg Learning Studio
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4E64E769-E3AA-11D7-B6FB-00055D7C3943}" = USB Product Driver v2.25r003
"{52338F65-A1C3-4CDC-B733-50051682B297}" =
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5580DDED-730E-41c6-BB48-875027C24C07}" = HP Photosmart Cameras 6.0
"{569A9538-86EC-44C3-8EE4-C68B165F2A75}" =
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B17E626-7885-4FC3-A66A-73548A4F01FD}" =
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6D1E8360-2F35-4C84-8D53-C614FBCA621C}" = SpyHunter
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{700932B3-A964-4878-82A2-96054622A1F7}" =
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{73919E2B-725C-4FAA-8473-45E063A3575F}" =
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}" =
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}" =
"{91DA0057-6F6C-4a91-8524-F8F0EA34EE40}" = CameraUserGuides
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B08D3D14-098C-4A95-A2BE-A114E36C3A88}" = TuneUp Utilities Language Pack (en-GB)
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C2F117EF-773D-45cd-9105-06722B0FD1E5}" = CameraDrivers
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DAAC5938-8026-4D0C-A476-D1954917B7F5}" =
"{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}" =
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EEEF992E-270C-4B4C-8389-4B3DEEE33190}" =
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"AudioPlugin.dll" =
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Branding" =
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CADI" =
"Connection Manager" =
"CopyNow.dll" =
"Creative MediaSource" =
"Creative MediaSource Detector" =
"Creative MediaSource Go!" =
"Creative MediaSource MiniDisc Plugin" =
"Creative MediaSource Player Skin Pack" =
"Creative Music Store Plugin" =
"Creative Restore Defaults" =
"Creative WaveStudio" =
"DataPlugin.dll" =
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DellSupport" = Dell Support 5.0.0 (630)
"DirectDrawEx" =
"dlatray.exe" =
"EAX" =
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"Equalizer" =
"ESPNMotion" = ESPNMotion
"Fontcore" =
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"LimeWire" = LimeWire 5.4.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MobileOptionPack" =
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCHealth" =
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SchedulingAgent" =
"SFBM" =
"Shockwave" =
"SmartDraw VP" = SmartDraw VP
"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
"Sound Blaster Audigy ADVANCED MB Windows Drivers" =
"SPEAKER" =
"Spyware Doctor" = Spyware Doctor 7.0
"SURMIXER" =
"Synacast Plug-in" = Synacast Plug-in 1.1.0.1
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"vShare" = vShare Plugin
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2470219382-1507558978-2878208793-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/12/2011 15:30:02 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:30:03 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:30:03 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:30:03 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:30:03 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:30:04 | Computer Name = FAMILYROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/12/2011 15:44:41 | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/12/2011 15:53:11 | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2011 16:18:26 | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/12/2011 16:18:29 | Computer Name = FAMILYROOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 13/12/2011 15:51:51 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 13/12/2011 15:52:09 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error - 16/12/2011 18:28:10 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 16/12/2011 18:28:13 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error - 17/12/2011 05:28:48 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 17/12/2011 05:29:23 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error - 19/12/2011 16:10:05 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 19/12/2011 16:10:20 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI

Error - 19/12/2011 17:32:50 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 19/12/2011 17:32:58 | Computer Name = FAMILYROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCLEPCI


< End of report >
Reply With Quote
  #5  
Old March 6th, 2012, 06:34 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Lots of TCP Ports open there...let's check to make sure it is not a sign of something else besides Searchqu/Searchnu.

Please download HAMeb_check.exe:
http://noahdfear.net/downloads/HAMeb_check.exe
Save to the Desktop.
Double-click the downloaded file to run the program.

Post the contents of the resulting HAlog in your reply.

Last edited by Aaflac; March 6th, 2012 at 06:38 AM.
Reply With Quote
  #6  
Old March 6th, 2012, 07:15 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\GOC0T1B1\HAMeb_check[1].exe
06/03/2012 at 18:10:45.76

Account active Yes
Local Group Memberships *Administrators

~~ Checking profile list ~~

S-1-5-21-2470219382-1507558978-2878208793-1004
%SystemDrive%\Documents and Settings\HelpAssistant

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll present!


HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv32.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"4465:TCP"=4465:TCP:*:Enabled:Services
"7430:TCP"=7430:TCP:*:Enabled:Services
"5168:TCP"=5168:TCP:*:Enabled:Services
"3334:TCP"=3334:TCP:*:Enabled:Services
"4115:TCP"=4115:TCP:*:Enabled:Services
"6730:TCP"=6730:TCP:*:Enabled:Services
"7990:TCP"=7990:TCP:*:Enabled:Services
"9661:TCP"=9661:TCP:*:Enabled:Services
"8364:TCP"=8364:TCP:*:Enabled:Services
"8051:TCP"=8051:TCP:*:Enabled:Services
"3506:TCP"=3506:TCP:*:Enabled:Services
"7364:TCP"=7364:TCP:*:Enabled:Services
"8395:TCP"=8395:TCP:*:Enabled:Services
"8380:TCP"=8380:TCP:*:Enabled:Services
"4631:TCP"=4631:TCP:*:Enabled:Services
"2225:TCP"=2225:TCP:*:Enabled:Services
"3584:TCP"=3584:TCP:*:Enabled:Services
"8255:TCP"=8255:TCP:*:Enabled:Services
"1818:TCP"=1818:TCP:*:Enabled:Services
"4068:TCP"=4068:TCP:*:Enabled:Services
"8661:TCP"=8661:TCP:*:Enabled:Services
"6131:TCP"=6131:TCP:*:Enabled:Services
"6552:TCP"=6552:TCP:*:Enabled:Services
"2849:TCP"=2849:TCP:*:Enabled:Services
"6990:TCP"=6990:TCP:*:Enabled:Services
"6551:TCP"=6551:TCP:*:Enabled:Services
"1568:TCP"=1568:TCP:*:Enabled:Services
"2193:TCP"=2193:TCP:*:Enabled:Services
"5040:TCP"=5040:TCP:*:Enabled:Services
"9021:TCP"=9021:TCP:*:Enabled:Services
"7786:TCP"=7786:TCP:*:Enabled:Services
"3681:TCP"=3681:TCP:*:Enabled:Services
"7286:TCP"=7286:TCP:*:Enabled:Services
"8240:TCP"=8240:TCP:*:Enabled:Services
"8130:TCP"=8130:TCP:*:Enabled:Services
"6114:TCP"=6114:TCP:*:Enabled:Services
"6006:TCP"=6006:TCP:*:Enabled:Services
"8676:TCP"=8676:TCP:*:Enabled:Services
"5551:TCP"=5551:TCP:*:Enabled:Services
"5458:TCP"=5458:TCP:*:Enabled:Services
"2600:TCP"=2600:TCP:*:Enabled:Services
"7051:TCP"=7051:TCP:*:Enabled:Services
"4552:TCP"=4552:TCP:*:Enabled:Services
"9364:TCP"=9364:TCP:*:Enabled:Services
"7739:TCP"=7739:TCP:*:Enabled:Services
"8067:TCP"=8067:TCP:*:Enabled:Services
"6553:TCP"=6553:TCP:*:Enabled:Services
"2788:TCP"=2788:TCP:*:Enabled:Services
"6084:TCP"=6084:TCP:*:Enabled:Services
"9005:TCP"=9005:TCP:*:Enabled:Services
"8301:TCP"=8301:TCP:*:Enabled:Services
"7334:TCP"=7334:TCP:*:Enabled:Services
"2646:TCP"=2646:TCP:*:Enabled:Services
"8005:TCP"=8005:TCP:*:Enabled:Services
"4521:TCP"=4521:TCP:*:Enabled:Services
"9537:TCP"=9537:TCP:*:Enabled:Services
"1600:TCP"=1600:TCP:*:Enabled:Services
"2085:TCP"=2085:TCP:*:Enabled:Services
"7974:TCP"=7974:TCP:*:Enabled:Services
"8489:TCP"=8489:TCP:*:Enabled:Services
"2615:TCP"=2615:TCP:*:Enabled:Services
"9801:TCP"=9801:TCP:*:Enabled:Services
"8723:TCP"=8723:TCP:*:Enabled:Services
"8630:TCP"=8630:TCP:*:Enabled:Services
"4959:TCP"=4959:TCP:*:Enabled:Services
"8365:TCP"=8365:TCP:*:Enabled:Services
"9567:TCP"=9567:TCP:*:Enabled:Services
"5912:TCP"=5912:TCP:*:Enabled:Services
"4818:TCP"=4818:TCP:*:Enabled:Services
"6223:TCP"=6223:TCP:*:Enabled:Services
"9786:TCP"=9786:TCP:*:Enabled:Services
"3302:TCP"=3302:TCP:*:Enabled:Services
"8973:TCP"=8973:TCP:*:Enabled:Services
"8895:TCP"=8895:TCP:*:Enabled:Services
"8068:TCP"=8068:TCP:*:Enabled:Services
"3926:TCP"=3926:TCP:*:Enabled:Services
"6723:TCP"=6723:TCP:*:Enabled:Services
"4661:TCP"=4661:TCP:*:Enabled:Services
"4817:TCP"=4817:TCP:*:Enabled:Services
"4708:TCP"=4708:TCP:*:Enabled:Services
"4848:TCP"=4848:TCP:*:Enabled:Services
"3881:TCP"=3881:TCP:*:Enabled:Services
"4380:TCP"=4380:TCP:*:Enabled:Services
"2568:TCP"=2568:TCP:*:Enabled:Services
"5536:TCP"=5536:TCP:*:Enabled:Services
"4458:TCP"=4458:TCP:*:Enabled:Services
"3240:TCP"=3240:TCP:*:Enabled:Services
"6426:TCP"=6426:TCP:*:Enabled:Services
"2302:TCP"=2302:TCP:*:Enabled:Services
"6270:TCP"=6270:TCP:*:Enabled:Services
"8743:TCP"=8743:TCP:*:Enabled:Services
"2209:TCP"=2209:TCP:*:Enabled:Services
"5787:TCP"=5787:TCP:*:Enabled:Services
"1928:TCP"=1928:TCP:*:Enabled:Services
"1553:TCP"=1553:TCP:*:Enabled:Services
"1693:TCP"=1693:TCP:*:Enabled:Services
"5646:TCP"=5646:TCP:*:Enabled:Services
"3310:TCP"=3310:TCP:*:Enabled:Services
"7691:TCP"=7691:TCP:*:Enabled:Services
"1942:TCP"=1942:TCP:*:Enabled:Services
"6988:TCP"=6988:TCP:*:Enabled:Services
"2692:TCP"=2692:TCP:*:Enabled:Services
"4176:TCP"=4176:TCP:*:Enabled:Services
"7675:TCP"=7675:TCP:*:Enabled:Services
"6629:TCP"=6629:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"2479:TCP"=2479:TCP:*:Enabled:Services
"3246:TCP"=3246:TCP:*:Enabled:Services
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"4465:TCP"=4465:TCP:*:Enabled:Services
"7430:TCP"=7430:TCP:*:Enabled:Services
"5168:TCP"=5168:TCP:*:Enabled:Services
"3334:TCP"=3334:TCP:*:Enabled:Services
"4115:TCP"=4115:TCP:*:Enabled:Services
"6730:TCP"=6730:TCP:*:Enabled:Services
"7990:TCP"=7990:TCP:*:Enabled:Services
"9661:TCP"=9661:TCP:*:Enabled:Services
"8364:TCP"=8364:TCP:*:Enabled:Services
"8051:TCP"=8051:TCP:*:Enabled:Services
"3506:TCP"=3506:TCP:*:Enabled:Services
"7364:TCP"=7364:TCP:*:Enabled:Services
"8395:TCP"=8395:TCP:*:Enabled:Services
"8380:TCP"=8380:TCP:*:Enabled:Services
"4631:TCP"=4631:TCP:*:Enabled:Services
"2225:TCP"=2225:TCP:*:Enabled:Services
"3584:TCP"=3584:TCP:*:Enabled:Services
"8255:TCP"=8255:TCP:*:Enabled:Services
"1818:TCP"=1818:TCP:*:Enabled:Services
"4068:TCP"=4068:TCP:*:Enabled:Services
"8661:TCP"=8661:TCP:*:Enabled:Services
"6131:TCP"=6131:TCP:*:Enabled:Services
"6552:TCP"=6552:TCP:*:Enabled:Services
"2849:TCP"=2849:TCP:*:Enabled:Services
"6990:TCP"=6990:TCP:*:Enabled:Services
"6551:TCP"=6551:TCP:*:Enabled:Services
"1568:TCP"=1568:TCP:*:Enabled:Services
"2193:TCP"=2193:TCP:*:Enabled:Services
"5040:TCP"=5040:TCP:*:Enabled:Services
"9021:TCP"=9021:TCP:*:Enabled:Services
"7786:TCP"=7786:TCP:*:Enabled:Services
"3681:TCP"=3681:TCP:*:Enabled:Services
"7286:TCP"=7286:TCP:*:Enabled:Services
"8240:TCP"=8240:TCP:*:Enabled:Services
"8130:TCP"=8130:TCP:*:Enabled:Services
"6114:TCP"=6114:TCP:*:Enabled:Services
"6006:TCP"=6006:TCP:*:Enabled:Services
"8676:TCP"=8676:TCP:*:Enabled:Services
"5551:TCP"=5551:TCP:*:Enabled:Services
"5458:TCP"=5458:TCP:*:Enabled:Services
"2600:TCP"=2600:TCP:*:Enabled:Services
"7051:TCP"=7051:TCP:*:Enabled:Services
"4552:TCP"=4552:TCP:*:Enabled:Services
"9364:TCP"=9364:TCP:*:Enabled:Services
"7739:TCP"=7739:TCP:*:Enabled:Services
"8067:TCP"=8067:TCP:*:Enabled:Services
"6553:TCP"=6553:TCP:*:Enabled:Services
"2788:TCP"=2788:TCP:*:Enabled:Services
"6084:TCP"=6084:TCP:*:Enabled:Services
"9005:TCP"=9005:TCP:*:Enabled:Services
"8301:TCP"=8301:TCP:*:Enabled:Services
"7334:TCP"=7334:TCP:*:Enabled:Services
"2646:TCP"=2646:TCP:*:Enabled:Services
"8005:TCP"=8005:TCP:*:Enabled:Services
"4521:TCP"=4521:TCP:*:Enabled:Services
"9537:TCP"=9537:TCP:*:Enabled:Services
"1600:TCP"=1600:TCP:*:Enabled:Services
"2085:TCP"=2085:TCP:*:Enabled:Services
"7974:TCP"=7974:TCP:*:Enabled:Services
"8489:TCP"=8489:TCP:*:Enabled:Services
"2615:TCP"=2615:TCP:*:Enabled:Services
"9801:TCP"=9801:TCP:*:Enabled:Services
"8723:TCP"=8723:TCP:*:Enabled:Services
"8630:TCP"=8630:TCP:*:Enabled:Services
"4959:TCP"=4959:TCP:*:Enabled:Services
"8365:TCP"=8365:TCP:*:Enabled:Services
"9567:TCP"=9567:TCP:*:Enabled:Services
"5912:TCP"=5912:TCP:*:Enabled:Services
"4818:TCP"=4818:TCP:*:Enabled:Services
"6223:TCP"=6223:TCP:*:Enabled:Services
"9786:TCP"=9786:TCP:*:Enabled:Services
"3302:TCP"=3302:TCP:*:Enabled:Services
"8973:TCP"=8973:TCP:*:Enabled:Services
"8895:TCP"=8895:TCP:*:Enabled:Services
"8068:TCP"=8068:TCP:*:Enabled:Services
"3926:TCP"=3926:TCP:*:Enabled:Services
"6723:TCP"=6723:TCP:*:Enabled:Services
"4661:TCP"=4661:TCP:*:Enabled:Services
"4817:TCP"=4817:TCP:*:Enabled:Services
"4708:TCP"=4708:TCP:*:Enabled:Services
"4848:TCP"=4848:TCP:*:Enabled:Services
"3881:TCP"=3881:TCP:*:Enabled:Services
"4380:TCP"=4380:TCP:*:Enabled:Services
"2568:TCP"=2568:TCP:*:Enabled:Services
"5536:TCP"=5536:TCP:*:Enabled:Services
"4458:TCP"=4458:TCP:*:Enabled:Services
"3240:TCP"=3240:TCP:*:Enabled:Services
"6426:TCP"=6426:TCP:*:Enabled:Services
"2302:TCP"=2302:TCP:*:Enabled:Services
"6270:TCP"=6270:TCP:*:Enabled:Services
"8743:TCP"=8743:TCP:*:Enabled:Services
"2209:TCP"=2209:TCP:*:Enabled:Services
"5787:TCP"=5787:TCP:*:Enabled:Services
"1928:TCP"=1928:TCP:*:Enabled:Services
"1553:TCP"=1553:TCP:*:Enabled:Services
"1693:TCP"=1693:TCP:*:Enabled:Services
"5646:TCP"=5646:TCP:*:Enabled:Services
"3310:TCP"=3310:TCP:*:Enabled:Services
"7691:TCP"=7691:TCP:*:Enabled:Services
"1942:TCP"=1942:TCP:*:Enabled:Services
"6988:TCP"=6988:TCP:*:Enabled:Services
"2692:TCP"=2692:TCP:*:Enabled:Services
"4176:TCP"=4176:TCP:*:Enabled:Services
"7675:TCP"=7675:TCP:*:Enabled:Services
"6629:TCP"=6629:TCP:*:Enabled:Services


~~ EOF ~~
Reply With Quote
  #7  
Old March 7th, 2012, 02:37 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Let's address the Mebroot/HelpAssistant infection in your XP system...

You may want to print these instructions so you can have access to follow them.


Please download HelpAsst_mebroot_fix.exe
Save to your Desktop.
Close all other open programs and windows.
Double-click the file to run it, and follow any prompts.

If the tool detects an MBR (Master Boot Record) infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start > Run and type the following bolded command:

helpasst -mbrt

Then, hit: Enter

Make sure you leave a space between helpasst and -mbrt !

When the program completes, a log opens.
Please post the contents of the log in your reply.




**In the event the tool does not detect an mbr infection and completes, click Start > Run and type the following bolded command:

mbr -f

Then, hit: Enter


Now, please do the Start > Run > mbr -f command a second time.

Shut down the computer (do not restart, but shut it down), wait a few minutes, then start it back up.
Give it about 5 minutes, then click Start > Run and type the following bolded command:

helpasst -mbrt

Then hit: Enter

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log opens.
Please post the contents of the log in your reply.



**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).



~~~~
Next, please open Notepad, (Start > Run, type in: notepad)

Copy/paste all the text inside the code box below to Notepad:

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 "2869:TCP" =-
 "139:TCP" =-
 "445:TCP" =-
 "137:UDP" =-
 "138:UDP" =-
 "135:TCP" =-
 "5000:TCP" =-
 "5001:TCP" =-
 "5002:TCP" =-
 "5003:TCP" =-
 "5004:TCP" =-
 "5005:TCP" =-
 "5006:TCP" =-
 "5007:TCP" =-
 "5008:TCP" =-
 "5009:TCP" =-
 "5010:TCP" =-
 "5011:TCP" =-
 "5012:TCP" =-
 "5013:TCP" =-
 "5014:TCP" =-
 "5015:TCP" =-
 "5016:TCP" =-
 "5017:TCP" =-
 "5018:TCP" =-
 "5019:TCP" =-
 "5020:TCP" =-

In Notepad, go to File (upper menu bar), and select: Save as

In the Save as prompt:
Save in: Desktop
File Name: helpasst.reg
Save as Type: All files
Click: Save
Exit out of Notepad.

Back on the Desktop, double-click on the helpasst.reg file just saved, and click on Yes when asked to merge the information into the Registry.
Reply With Quote
  #8  
Old March 7th, 2012, 03:05 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
C:\Documents and Settings\Graham\Desktop\HelpAsst_mebroot_fix.exe
07/03/2012 at 13:40:14.25

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpo licy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"3389:TCP"=-
"4465:TCP"=-
"7430:TCP"=-
"5168:TCP"=-
"3334:TCP"=-
"4115:TCP"=-
"6730:TCP"=-
"7990:TCP"=-
"9661:TCP"=-
"8364:TCP"=-
"8051:TCP"=-
"3506:TCP"=-
"7364:TCP"=-
"8395:TCP"=-
"8380:TCP"=-
"4631:TCP"=-
"2225:TCP"=-
"3584:TCP"=-
"8255:TCP"=-
"1818:TCP"=-
"4068:TCP"=-
"8661:TCP"=-
"6131:TCP"=-
"6552:TCP"=-
"2849:TCP"=-
"6990:TCP"=-
"6551:TCP"=-
"1568:TCP"=-
"2193:TCP"=-
"5040:TCP"=-
"9021:TCP"=-
"7786:TCP"=-
"3681:TCP"=-
"7286:TCP"=-
"8240:TCP"=-
"8130:TCP"=-
"6114:TCP"=-
"6006:TCP"=-
"8676:TCP"=-
"5551:TCP"=-
"5458:TCP"=-
"2600:TCP"=-
"7051:TCP"=-
"4552:TCP"=-
"9364:TCP"=-
"7739:TCP"=-
"8067:TCP"=-
"6553:TCP"=-
"2788:TCP"=-
"6084:TCP"=-
"9005:TCP"=-
"8301:TCP"=-
"7334:TCP"=-
"2646:TCP"=-
"8005:TCP"=-
"4521:TCP"=-
"9537:TCP"=-
"1600:TCP"=-
"2085:TCP"=-
"7974:TCP"=-
"8489:TCP"=-
"2615:TCP"=-
"9801:TCP"=-
"8723:TCP"=-
"8630:TCP"=-
"4959:TCP"=-
"8365:TCP"=-
"9567:TCP"=-
"5912:TCP"=-
"4818:TCP"=-
"6223:TCP"=-
"9786:TCP"=-
"3302:TCP"=-
"8973:TCP"=-
"8895:TCP"=-
"8068:TCP"=-
"3926:TCP"=-
"6723:TCP"=-
"4661:TCP"=-
"4817:TCP"=-
"4708:TCP"=-
"4848:TCP"=-
"3881:TCP"=-
"4380:TCP"=-
"2568:TCP"=-
"5536:TCP"=-
"4458:TCP"=-
"3240:TCP"=-
"6426:TCP"=-
"2302:TCP"=-
"6270:TCP"=-
"8743:TCP"=-
"2209:TCP"=-
"5787:TCP"=-
"1928:TCP"=-
"1553:TCP"=-
"1693:TCP"=-
"5646:TCP"=-
"3310:TCP"=-
"7691:TCP"=-
"1942:TCP"=-
"6988:TCP"=-
"2692:TCP"=-
"4176:TCP"=-
"7675:TCP"=-
"6629:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"3389:TCP"=-
"4465:TCP"=-
"7430:TCP"=-
"5168:TCP"=-
"3334:TCP"=-
"4115:TCP"=-
"6730:TCP"=-
"7990:TCP"=-
"9661:TCP"=-
"8364:TCP"=-
"8051:TCP"=-
"3506:TCP"=-
"7364:TCP"=-
"8395:TCP"=-
"8380:TCP"=-
"4631:TCP"=-
"2225:TCP"=-
"3584:TCP"=-
"8255:TCP"=-
"1818:TCP"=-
"4068:TCP"=-
"8661:TCP"=-
"6131:TCP"=-
"6552:TCP"=-
"2849:TCP"=-
"6990:TCP"=-
"6551:TCP"=-
"1568:TCP"=-
"2193:TCP"=-
"5040:TCP"=-
"9021:TCP"=-
"7786:TCP"=-
"3681:TCP"=-
"7286:TCP"=-
"8240:TCP"=-
"8130:TCP"=-
"6114:TCP"=-
"6006:TCP"=-
"8676:TCP"=-
"5551:TCP"=-
"5458:TCP"=-
"2600:TCP"=-
"7051:TCP"=-
"4552:TCP"=-
"9364:TCP"=-
"7739:TCP"=-
"8067:TCP"=-
"6553:TCP"=-
"2788:TCP"=-
"6084:TCP"=-
"9005:TCP"=-
"8301:TCP"=-
"7334:TCP"=-
"2646:TCP"=-
"8005:TCP"=-
"4521:TCP"=-
"9537:TCP"=-
"1600:TCP"=-
"2085:TCP"=-
"7974:TCP"=-
"8489:TCP"=-
"2615:TCP"=-
"9801:TCP"=-
"8723:TCP"=-
"8630:TCP"=-
"4959:TCP"=-
"8365:TCP"=-
"9567:TCP"=-
"5912:TCP"=-
"4818:TCP"=-
"6223:TCP"=-
"9786:TCP"=-
"3302:TCP"=-
"8973:TCP"=-
"8895:TCP"=-
"8068:TCP"=-
"3926:TCP"=-
"6723:TCP"=-
"4661:TCP"=-
"4817:TCP"=-
"4708:TCP"=-
"4848:TCP"=-
"3881:TCP"=-
"4380:TCP"=-
"2568:TCP"=-
"5536:TCP"=-
"4458:TCP"=-
"3240:TCP"=-
"6426:TCP"=-
"2302:TCP"=-
"6270:TCP"=-
"8743:TCP"=-
"2209:TCP"=-
"5787:TCP"=-
"1928:TCP"=-
"1553:TCP"=-
"1693:TCP"=-
"5646:TCP"=-
"3310:TCP"=-
"7691:TCP"=-
"1942:TCP"=-
"6988:TCP"=-
"2692:TCP"=-
"4176:TCP"=-
"7675:TCP"=-
"6629:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-2470219382-1507558978-2878208793-1004
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 07/03/2012 at 14:02:55.09

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A050FC
malicious code @ sector 0x012A050FF !
PE file found in sector at 0x012A05115 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
Reply With Quote
  #9  
Old March 8th, 2012, 03:53 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998


Let's press on to SearchQu/Search/Nu...

SearchQu/SearchNu is installed as an Add-on in Internet Explorer, FireFox, and other browsers.

Add-ons come from the Internet, and they usually require your permission before they are installed on your computer. However, some are installed without your knowledge!

Please follow the instructions below and disable or remove (if the option is available) any entry associated with:
SearchQu/SearchNu
DataMngr
Savevid
ILivid
Bandoo
UrlHelper Class


Step 1:
Go to Control Panel > Add/Remove Programs, and select any entry related to the above ^^^ listing.

Step 2:
Next, to permanently disable SearchQu add-ons in Internet Explorer 8 (IE 8):
  • Open Internet Explorer
  • Click the Tools button, and then click: Manage Add-ons
  • Under Show, click All add-ons.
  • Click the add-on you want to disable, and then click: Disable
  • Repeat the above step for every add-on you want to disable.
  • When finished, click: Close
Step 3:
Since you also appear to run FireFox, to remove any SearchQu/SearchNu Add-ons:
  • At the top of the Firefox window, click on the FireFox button (Tools menu in Windows XP)
  • Click Add-ons, for the Add-ons Manager tab to open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to remove.
  • Click the Remove button.
  • Click Restart now if it alerts you to do so.
  • Your tabs will be saved and restored after the restart.

Step 4:
Now, double-click OTL.exe to run the program.

Copy all of the following text inside the code box, and paste it into the Custom Scans/Fixes area located at the bottom of OTL:

Code:
:OTL
PRC - [2012/02/28 15:58:02 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
MOD - [2012/02/27 08:42:48 | 000,088,976 | ---- | M] () -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
[2012/03/04 14:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Application Data\searchqutoolbar
[2012/03/04 14:05:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}
[2012/03/04 14:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iLivid
[2012/03/04 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/03/04 14:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Graham\Desktop\*.tmp files -> C:\Documents and Settings\Graham\Desktop\*.tmp -> ]
[2012/03/04 14:11:48 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
[2012/03/04 14:05:24 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Files 
ipconfig /flushdns /c

:Commands
[EmptyFlash]
[EMPTYTEMP]
[REBOOT]
Click the Run Fix button at the top.

Let the program run uninterrupted, and reboot when done.

Step 5:
>>>Please post the results of the new OTL log in your reply.<<<


Step 6:
Now, to change your Home page in Internet Explorer
  • Go to Tools > Internet Options
  • Select the General tab
  • Click the Use default button, or, enter the website of your choice, instead of searchqu.com.
  • Click: Apply > OK to save the changes.
Step 7:
To change your Home page in FireFox, go to Tools > Options
Under the General tab, reset the startup homepage, or, change it to the website of your choice, instead of searchqu.com.

Step 8:
To manage your search engines in IE 8:
  • Click the Tools button, and then click: Manage Add-ons
  • Under Add-on types, scroll down to Search Providers
  • Click on any undesirable search provider, and select: Remove
Reply With Quote
  #10  
Old March 8th, 2012, 07:00 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a2 5-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F8 1-9148-4f12-8568-69135F087DB0}\ not found.
C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a2 5-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\DATAMNGR not found.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~ 1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~ 1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
Folder C:\Documents and Settings\Graham\Application Data\searchqutoolbar\ not found.
Folder C:\Documents and Settings\All Users\Application Data\{BECCA440-C137-43CD-BA7B-AE580F9F6D17}\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\iLivid\ not found.
Folder C:\Program Files\iLivid\ not found.
C:\Program Files\Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Searchqu Toolbar folder moved successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCall.dll deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCalla.exe deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCalla10.exe deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCalla2.dll deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCalla3.dll deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seCustomCalla4.dll deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP\Wi seData.ini deleted successfully.
C:\WINDOWS\6D1E83602F354C848D53C614FBCA621C.TMP folder deleted successfully.
C:\Documents and Settings\Graham\Desktop\.TMP deleted successfully.
File C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk not found.
File C:\Documents and Settings\All Users\Desktop\iLivid Download Manager.lnk not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Graham\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Graham\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Alan
->Flash cache emptied: 678 bytes

User: All Users

User: Anybody

User: Danielle
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 56475 bytes

User: Graham
->Flash cache emptied: 23102 bytes

User: Graham 2
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: Michele
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Alan
->Temp folder emptied: 202444 bytes
->Temporary Internet Files folder emptied: 245825902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Anybody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Danielle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 52895891 bytes
->Temporary Internet Files folder emptied: 130097236 bytes
->Java cache emptied: 45435 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Michele
->Temp folder emptied: 705 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 618894 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 390290636 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 29412199 bytes

Total Files Cleaned = 810.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03082012_174359

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF179F.tmp not found!
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF17AD.tmp not found!
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF180F.tmp not found!
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF181D.tmp not found!
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF185D.tmp not found!
File\Folder C:\Documents and Settings\Graham\Local Settings\Temp\~DF186B.tmp not found!
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\GOC0T1B1\406[1].htm moved successfully.
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
Reply With Quote
  #11  
Old March 8th, 2012, 11:27 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
How is it going?

Are you still having SearchQu/Search/Nu or any other malware problems?
Reply With Quote
  #12  
Old March 9th, 2012, 06:22 PM
GrahamyHill GrahamyHill is offline
New Member
 
Join Date: Dec 2011
Posts: 13
Looking a lot better.

Thanks for your help (again )
Reply With Quote
  #13  
Old March 10th, 2012, 03:07 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998


Use the computer for a couple of days, and I'll check back with you on Monday 12 March.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 10:47 AM.