Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

malwarebytes anti-malware

Options
  • 09-02-2009 4:35pm
    #1
    jem
    Registered Users Posts: 1,030 ✭✭✭


    Hi I downloaded this per the sticky. it gets so far but then stops responding any ideas. I have a virus. the anykuy one!!!


Comments

  • Options
    #2
    Gavin "shels"
    Registered Users Posts: 17,963 ✭✭✭✭Gavin "shels"


    Are you running them at the same time? It could be your computer can't cope with them both at the same time.


  • Options
    #3
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    i kill the virus asap after it pops up.


  • Options
    #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    try run it in safe mode


  • Options
    #5
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    I have the following logs:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/10/2009 at 12:17 PM

    Application Version : 4.25.1012

    Core Rules Database Version : 3748
    Trace Rules Database Version: 1715

    Scan type : Complete Scan
    Total Scan Time : 00:56:05

    Memory items scanned : 811
    Memory threats detected : 0
    Registry items scanned : 5883
    Registry threats detected : 0
    File items scanned : 95641
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Documents and Settings\james\Cookies\james@doubleclick[1].txt
    C:\Documents and Settings\james\Cookies\james@ad.yieldmanager[2].txt
    C:\Documents and Settings\james\Cookies\james@revsci[2].txt
    C:\Documents and Settings\james\Cookies\james@atdmt[2].txt


    Malwarebytes' Anti-Malware 1.33
    Database version: 1743
    Windows 5.1.2600 Service Pack 3

    10/02/2009 11:06:58
    mbam-log-2009-02-10 (11-06-58).txt

    Scan type: Quick Scan
    Objects scanned: 58806
    Time elapsed: 5 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Settings (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\rs.dat (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Log\2009 Feb 09 - 03_00_36 PM_093.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Log\2009 Feb 09 - 03_00_54 PM_593.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Log\2009 Feb 09 - 03_05_41 PM_140.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Log\2009 Feb 09 - 03_09_55 PM_078.log (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.
    C:\Documents and Settings\james\Application Data\MalwareRemovalBot\Settings\ScanResults.pie (Rogue.MalwareRemovalBot) -> Quarantined and deleted successfully.

    Avast log!!
    09/02/2009 17:04:16 james 1972 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\Documents and Settings\james\Local Settings\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\Microsoft\Outlook Express\scouts.dbx\Next Provincial Meeting.eml#109074512\070902 PMST Agenda.doc#795953511" file.
    09/02/2009 17:33:36 james 1972 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\070902 PMST Agenda.doc#795953511" file.
    09/02/2009 17:59:00 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP526\A0093890.exe" file.
    09/02/2009 18:14:23 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\userinitbad.dex" file.
    09/02/2009 18:58:28 james 1972 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\070902 PMST Agenda.doc#795953511" file.
    09/02/2009 19:23:45 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0093890.exe" file.
    09/02/2009 19:23:45 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\userinitbad.dex" file.
    09/02/2009 19:43:20 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0095941.exe" file.
    10/02/2009 01:20:15 james 1972 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\070902 PMST Agenda.doc#795953511.vir" file.
    10/02/2009 09:57:23 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0093890.exe.vir" file.
    10/02/2009 09:57:23 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\A0095941.exe.vir" file.
    10/02/2009 09:57:23 james 1972 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\userinitbad.dex.vir" file.
    10/02/2009 11:44:38 SYSTEM 428 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED\070902 PMST AGENDA.DOC#795953511.VIR" file.
    10/02/2009 11:44:47 SYSTEM 428 Sign of "MW97:1TableBroken [Expl]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\070902~1.VIR" file.
    10/02/2009 11:44:51 SYSTEM 428 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED\A0093890.EXE.VIR" file.
    10/02/2009 11:44:53 SYSTEM 428 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED\A0095941.EXE.VIR" file.
    10/02/2009 11:45:01 SYSTEM 428 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA\MOVED\USERINITBAD.DEX.VIR" file.

    At this stage is my computer clear.I need to put it back on offiice system by afraid!!


  • Options
    #6
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    I then ran hyjack this and the log is as follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:11:28, on 10/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070108
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ie/hws/sb/dell-row-rel/en/side.html?channel=ie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.askaboutmoney.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070108
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=QTlhFUtp8rYGXOIOYeF7Gofivx8
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.ros.ie
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224614200968
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sageuk.webex.com/client/T25L/support/ieatgpc.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --
    End of file - 14341 bytes


  • Advertisement
  • Options
    #7
    Gavin "shels"
    Registered Users Posts: 17,963 ✭✭✭✭Gavin "shels"


    Bit off topic, but what Anti-Virus do you have?


  • Options
    #8
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    norton also put avast on to try and kill above


  • Options
    #9
    Gavin "shels"
    Registered Users Posts: 17,963 ✭✭✭✭Gavin "shels"


    jem wrote: »
    norton also put avast on to try and kill above

    Thought so, you're only suppose to have 1 AV on your computer otherwise they counteract each other afaik.

    Run another SuperAntiSpyware scan and post it up.;)


  • Options
    #10
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/10/2009 at 12:17 PM

    Application Version : 4.25.1012

    Core Rules Database Version : 3748
    Trace Rules Database Version: 1715

    Scan type : Complete Scan
    Total Scan Time : 00:56:05

    Memory items scanned : 811
    Memory threats detected : 0
    Registry items scanned : 5883
    Registry threats detected : 0
    File items scanned : 95641
    File threats detected : 4

    Adware.Tracking Cookie
    C:\Documents and Settings\james\Cookies\james@doubleclick[1].txt
    C:\Documents and Settings\james\Cookies\james@ad.yieldmanager[2].txt
    C:\Documents and Settings\james\Cookies\james@revsci[2].txt
    C:\Documents and Settings\james\Cookies\james@atdmt[2].txt


  • Options
    #11
    Gavin "shels"
    Registered Users Posts: 17,963 ✭✭✭✭Gavin "shels"


    Does it not let you quarantine or delete them 4 threats?


  • Advertisement
  • Options
    #12
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    cookies are harmless, ignore them

    Your PC looks clean, so I would put it back in your office

    Run this though when you get the chance
    • Download OTListIt2 to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


  • Options
    #13
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    Hi,
    It only opened one logfile as below!!

    OTListIt logfile created on: 12/02/2009 10:34:33 - Run 2
    OTListIt2 by OldTimer - Version 2.0.0.11 Folder = C:\Documents and Settings\james\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1022.42 Mb Total Physical Memory | 550.40 Mb Available Physical Memory | 53.83% Memory free
    2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.49% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 126.73 Gb Free Space | 85.08% Space Free | Partition Type: NTFS
    Drive D: | 149.01 Gb Total Space | 148.81 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: D9CZKP2J
    Current User Name: james
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
    PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
    PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
    PRC - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe (Symantec Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
    PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
    PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
    PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
    PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
    PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
    PRC - C:\Documents and Settings\james\Desktop\OTListIt2.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

    ========== Win32 Services (SafeList) ==========

    SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SRV - (Apple Mobile Device [On_Demand | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
    SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (Bonjour Service [On_Demand | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
    SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)
    SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
    SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
    SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
    SRV - (MrHealthyService [Auto | Running]) -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe (Symantec Corporation)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
    SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
    SRV - (WudfSvc [Auto | Running]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)
    DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
    DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
    DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
    DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
    DRV - (CO_Mon [Auto | Running]) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
    DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
    DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
    DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
    DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
    DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
    DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
    DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
    DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
    DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
    DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
    DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
    DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
    DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
    DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
    DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (kbdhid [System | Running]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
    DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
    DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090211.048\NAVENG.SYS (Symantec Corporation)
    DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090211.048\NAVEX15.SYS (Symantec Corporation)
    DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
    DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
    DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
    DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
    DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
    DRV - (SABProcEnum [On_Demand | Stopped]) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
    DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)
    DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
    DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
    DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
    DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
    DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
    DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation)
    DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation)
    DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation)
    DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090129.001\SymIDSco.sys (Symantec Corporation)
    DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation)
    DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
    DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
    DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
    DRV - (upperdev [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
    DRV - (UsbserFilt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (Wdf01000 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\wdf01000.sys (Microsoft Corporation)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070108
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070108

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=3070108
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.askaboutmoney.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
    O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
    O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
    O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
    O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: ros.ie ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ros.ie ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224614200968 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sageuk.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

    ========== Files/Folders - Created Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [2009/02/12 10:27:34 | 00,491,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\james\Desktop\OTListIt2.exe
    [2009/02/11 16:06:25 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/02/10 16:11:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\james\Desktop\HijackThis.lnk
    [2009/02/10 14:26:25 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/02/10 14:23:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2009/02/10 12:53:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2009/02/10 12:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2009/02/10 12:52:53 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2009/02/10 12:51:36 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
    [2009/02/10 12:51:36 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
    [2009/02/10 12:51:36 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
    [2009/02/10 12:51:35 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
    [2009/02/10 12:51:35 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
    [2009/02/10 12:51:35 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
    [2009/02/10 12:51:35 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
    [2009/02/10 11:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james\Application Data\SUPERAntiSpyware.com
    [2009/02/09 18:23:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2009/02/09 15:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2009/02/09 15:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james\Application Data\Malwarebytes
    [2009/02/09 15:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/02/09 15:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/02/07 23:43:14 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\james\Desktop\Malwarebytes.doc
    [2009/02/07 16:51:37 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\james\Desktop\SUPERAntiSpyware Scan Log.doc
    [2009/02/07 15:48:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2009/02/07 15:48:43 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2009/02/07 14:38:45 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
    [2009/02/07 14:21:07 | 00,049,456 | ---- | C] () -- C:\WINDOWS\System32\10003.sks
    [2009/02/07 14:21:07 | 00,002,076 | ---- | C] () -- C:\WINDOWS\System32\10001.sks
    [2009/02/07 14:21:07 | 00,000,299 | ---- | C] () -- C:\WINDOWS\System32\10002.sks
    [2009/02/07 14:21:07 | 00,000,065 | ---- | C] () -- C:\WINDOWS\System32\10004.sks
    [2009/02/07 14:18:40 | 00,002,380 | ---- | C] () -- C:\WINDOWS\System32\BlockedCookies
    [2009/02/07 14:18:36 | 00,003,200 | ---- | C] () -- C:\WINDOWS\System32\sk_bho.ini
    [2009/02/07 14:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james\Application Data\Uniblue
    [2009/02/07 14:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/02/07 13:55:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
    [2009/02/06 17:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2009/02/06 17:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2009/01/29 10:59:39 | 00,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quickpay PYE User Guide.lnk
    [2009/01/29 10:59:39 | 00,000,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quickpay User Guide.lnk
    [2009/01/29 10:59:39 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quickpay 2009.lnk
    [2009/01/29 10:59:39 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quickpay 2008.lnk
    [2009/01/29 10:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2009/01/29 10:52:12 | 62,843,944 | ---- | C] () -- C:\Documents and Settings\james\Desktop\QuickpayUpdate2009.EXE
    [2009/01/28 16:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2009/01/28 16:28:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2009/01/28 16:27:54 | 00,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
    [2009/01/28 16:27:02 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
    [2009/01/28 15:50:15 | 34,243,7920 | ---- | C] ( ) -- C:\Documents and Settings\james\Desktop\AcroPro90_efg.exe
    [2009/01/28 15:50:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\james\Application Data\Download Manager
    [2009/01/15 12:35:24 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\james\Desktop\Uniform.doc
    [2009/01/14 10:33:44 | 00,000,293 | ---- | C] () -- C:\Documents and Settings\james\My Documents\Shortcut to Local Disk (C).lnk

    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [2 C:\WINDOWS\*.tmp files]
    [2009/02/12 10:27:49 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\james\Desktop\Microsoft Word.lnk
    [2009/02/12 10:27:39 | 00,491,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\james\Desktop\OTListIt2.exe
    [2009/02/12 10:17:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/02/12 10:15:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/02/12 10:15:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/02/12 10:14:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/02/12 10:14:37 | 10,721,56672 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/11 17:42:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/02/11 16:06:25 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/02/11 15:59:10 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2009/02/10 16:11:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\james\Desktop\HijackThis.lnk
    [2009/02/10 14:55:31 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
    [2009/02/10 14:55:31 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job
    [2009/02/10 14:08:33 | 00,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/02/10 13:04:56 | 00,503,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/02/10 13:04:56 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/02/10 13:04:56 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/02/10 12:20:42 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\james\Desktop\Malwarebytes.doc
    [2009/02/10 12:19:51 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\james\Desktop\SUPERAntiSpyware Scan Log.doc
    [2009/02/07 23:35:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/02/07 14:42:41 | 00,003,200 | ---- | M] () -- C:\WINDOWS\System32\sk_bho.ini
    [2009/02/07 14:38:45 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
    [2009/02/07 14:21:07 | 00,049,456 | ---- | M] () -- C:\WINDOWS\System32\10003.sks
    [2009/02/07 14:21:07 | 00,002,076 | ---- | M] () -- C:\WINDOWS\System32\10001.sks
    [2009/02/07 14:21:07 | 00,000,299 | ---- | M] () -- C:\WINDOWS\System32\10002.sks
    [2009/02/07 14:21:07 | 00,000,065 | ---- | M] () -- C:\WINDOWS\System32\10004.sks
    [2009/02/07 14:18:40 | 00,002,380 | ---- | M] () -- C:\WINDOWS\System32\BlockedCookies
    [2009/02/06 12:35:56 | 01,486,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\LegitCheckControl.DLL
    [2009/02/03 15:21:14 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
    [2009/02/02 20:05:02 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\james\Desktop\Microsoft Excel.lnk
    [2009/01/29 11:07:24 | 00,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quickpay PYE User Guide.lnk
    [2009/01/29 11:07:24 | 00,000,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quickpay User Guide.lnk
    [2009/01/29 11:07:24 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quickpay 2009.lnk
    [2009/01/29 11:07:24 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quickpay 2008.lnk
    [2009/01/29 11:07:24 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quickpay 2007.lnk
    [2009/01/29 10:53:12 | 62,843,944 | ---- | M] () -- C:\Documents and Settings\james\Desktop\QuickpayUpdate2009.EXE
    [2009/01/28 16:27:02 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
    [2009/01/28 16:07:38 | 34,243,7920 | ---- | M] ( ) -- C:\Documents and Settings\james\Desktop\AcroPro90_efg.exe
    [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
    [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2009/01/15 15:20:58 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\james\Desktop\Uniform.doc
    [2009/01/14 10:33:44 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\james\My Documents\Shortcut to Local Disk (C).lnk

    ========== LOP Check ==========

    [2009/02/09 15:29:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2008/10/01 08:58:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2009/01/28 16:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2008/01/17 12:15:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2008/01/17 12:16:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2008/03/28 16:30:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
    [2008/01/22 14:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2009/01/28 16:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2007/01/10 12:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
    [2007/01/08 17:41:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
    [2008/09/12 10:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2007/01/08 17:39:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
    [2008/10/30 21:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2009/01/07 15:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
    [2009/01/07 15:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
    [2009/02/09 15:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2008/07/25 09:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2009/02/10 14:23:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2008/01/22 14:46:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2008/01/22 14:36:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/01/29 11:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2007/01/10 13:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2009/02/06 17:33:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2008/07/25 09:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    [2009/02/07 15:48:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2008/12/03 11:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2007/01/10 15:12:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2007/01/19 12:35:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [2009/02/10 11:15:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\james\Application Data
    [2009/01/28 16:28:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Adobe
    [2008/03/28 17:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Apple Computer
    [2007/01/08 17:42:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\ATI
    [2008/03/28 17:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Creative
    [2007/01/31 10:55:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\CyberLink
    [2009/01/28 16:07:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Download Manager
    [2007/12/05 16:06:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Google
    [2007/01/08 17:41:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\james\Application Data\Gtek
    [2007/04/05 11:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Help
    [2004/08/11 17:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Identities
    [2009/01/07 15:30:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\InstallShield
    [2007/01/10 14:36:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\InterTrust
    [2008/09/12 11:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\LaCie
    [2007/01/31 10:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Leadertech
    [2009/01/07 15:56:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Logitech
    [2008/09/11 10:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Macromedia
    [2009/02/09 15:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Malwarebytes
    [2008/11/27 17:07:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\james\Application Data\Microsoft
    [2007/01/18 15:38:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Mozilla
    [2008/01/22 14:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Nokia
    [2008/01/22 14:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Nokia Multimedia Player
    [2008/01/22 14:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\PC Suite
    [2008/03/31 09:31:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Real
    [2007/01/31 10:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Sonic
    [2007/01/11 12:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Sun
    [2009/02/10 11:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\SUPERAntiSpyware.com
    [2008/10/24 09:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Symantec
    [2009/02/07 14:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\james\Application Data\Uniblue
    [2009/02/07 23:35:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/02/12 10:17:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2009/02/10 14:55:31 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup Weekday Scanner.job
    [2009/02/10 14:55:31 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Norton PC Checkup Weekend Scanner.job
    [2009/02/12 10:15:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

    ========== Purity Check ==========

    < End of report >
    Thanks a million for your help and time.
    j


  • Options
    #14
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Thats fine, your PC completely clean

    Below I have included a number of recommendations for how to protect your computer against malware infections.
    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

    • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
      Here


      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

    • Please read my guide on how to prevent malware and about safe computing here
    Thank you for your patience, and performing all of the procedures requested.


  • Options
    #15
    jem
    Registered Users Posts: 1,030 ✭✭✭jem


    Thank you very much.


Advertisement