27 replies to this topic

[say-no-2-trojans]

Please help, my PC has contracted the Interpol 'Virus' and I seem to have lost all control.

When it first happened, after a few failed attempts, I managed to restart and run Malwarebytes, but this failed to find anything. The next time I turned on the PC the Interpol screen popped up and since then I have been unable to do anything.

Even trying to run on Safe Mode fails: as soon as the user selection screen comes up Windows closes and then restarts and I'm back to square one.

I am running XP

[----------------]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Kaspersky Windows Unlocker

• Download Kaspersky Rescue Disk (iso)
• Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
• Configure your computer to boot from CD/DVD
• Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
• Once you have the cd/DVD created, boot the computer up using it
• Press any key to enter the menu
• Select your language
• Press 1 to accept the End User License Agreement
• Select Kaspersky Rescue Disk. Graphic Mode
• Click on the Start button located in the left bottom corner of the screen
• Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter

• When it's done, click on the Start button and start Kaspersky Rescue Disk utility
• Click on My Update Center tab and press Start to download the latest update
• Next, select the Object Scan tab
• Put a check next to C:\ and any other local drives
• Then click Start Objects Scan
• Quarantine any malware found
• Restart your computer and see if it boots up normally.

[say-no-2-trojans]

Ran the above all fine and all complete.

Restarted PC, but it has started in safe mode even when I selected normal boot.

I think this has come from when I tried fixing myself following instructions on a different site - as I couldn't get into safe mode, the on screen instructions was to tick /safeboot on the BOOT.INI tab in MSCONFIG. Now don't know what the setting was originally

[----------------]

Run msconfig and untick safe boot. Your system should restart in normal mode next time.

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

• Double click the aswMBR.exe icon, and click Run.
• There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
• When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
• Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
• Click the Scan button to start the scan once the update has finished downloading
• On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

[say-no-2-trojans]

Unticked Safeboot and pc started normally, but 3 pop up windows came up:

 

System Configuration Utility

The System Configuration Utility is currently in Diagnostic Mode or Selective Startup mode.

 - Choosing Normal Startup mode just causes it to run back into Safe mode

 

Security Alert

Revocation information for the security certificate for this site is not available for this site is not available. Do you want to proceed?

 - Clicked no

 

RUNDLL

Error loading D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\OB32EO~1\721gqz8.cpp      The specified module could not be found

 

Shall I just go ahead and run those scans?

[----------------]

Yes, please proceed.

[say-no-2-trojans]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Dave (administrator) on 43C23ECBA36044F on 25-06-2014 12:41:47
Running from D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ABBYY) D:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe
(Microsoft Corporation) D:\WINDOWS\ehome\ehRecvr.exe
(Joyent, Inc) D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\node.exe
(Microsoft Corporation) D:\WINDOWS\ehome\ehSched.exe
(Sun Microsystems, Inc.) D:\Program Files\Java\jre6\bin\jqs.exe
(Eastman Kodak Company) D:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) D:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(McAfee, Inc.) D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) D:\WINDOWS\system32\mfevtps.exe
(Symantec Corporation) D:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
(Alcatel-Lucent) D:\Program Files\Common Files\Motive\pcCMService.exe
(McAfee, Inc.) D:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) D:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) D:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(Microsoft Corporation) D:\WINDOWS\ehome\ehtray.exe
(Analog Devices, Inc.) D:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) D:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Alcatel-Lucent) D:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Motive Communications, Inc.) D:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
(Sun Microsystems, Inc.) D:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Eastman Kodak Company) D:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Microsoft Corporation) D:\Program Files\Messenger\msmsgs.exe
(WinZip Computing, S.L.) D:\Program Files\WinZip\WZQKPICK32.EXE
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) D:\WINDOWS\ehome\ehmsas.exe
(McAfee, Inc.) D:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(OpenOffice.org) D:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) D:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) D:\PROGRA~1\McAfee\SITEAD~1\saUI.exe
(Yahoo!, Inc.) D:\PROGRA~1\Yahoo!\browser\ycommon.exe
(Microsoft Corporation) D:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) D:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
(Microsoft Corporation) D:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) D:\Program Files\McAfee.com\Agent\mcupdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] => D:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => D:\WINDOWS\system32\HDAShCut.exe [61952 2004-10-27] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [SoundMAXPnP] => D:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => D:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-09-07] (Analog Devices, Inc.)
HKLM\...\Run: [btbb_McciTrayApp] => D:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2039096 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] => D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => D:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Conime] => D:\WINDOWS\system32\conime.exe [27648 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => D:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [mcui_exe] => D:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => D:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [MSConfig] => D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: D:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - D:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)
HKU\S-1-5-21-682003330-1123561945-2147039463-1003\...\Run: [MSMSGS] => D:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-682003330-1123561945-2147039463-1003\...\RunOnce: [FlashPlayerUpdate] - D:\WINDOWS\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe [243360 2011-08-27] (Adobe Systems, Inc.)
Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> D:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> D:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: D:\Documents and Settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\0B32E0~1\721gqz8.cpp (No File)
Startup: D:\Documents and Settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: D:\Documents and Settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\0B32E0~1\721gqz8.cpp (No File)
Startup: D:\Documents and Settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: D:\Documents and Settings\Siobhan.43C23ECBA36044F\Start Menu\Programs\Startup\explorer.lnk
ShortcutTarget: explorer.lnk -> d:\docume~1\alluse~1.win\applic~1\0B32E0~1\721gqz8.cpp (No File)
Startup: D:\Documents and Settings\Siobhan.43C23ECBA36044F\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?p=us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {A65190C3-6E6E-4244-8C23-C2542155E3CB} URL = http://uk.search.yah...&p={SearchTerms}
SearchScopes: HKCU - {A65190C3-6E6E-4244-8C23-C2542155E3CB} URL = http://uk.search.yah...&p={SearchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...n=&geo=GB&ver=1
SearchScopes: HKCU - {FB72E993-55C3-445D-BAC4-68C7965487B0} URL = http://search.yahoo....=utf-8&fr=b1ie7
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - D:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - D:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - Norton Safe Web Lite - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - D:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll (Symantec Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - d:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 D:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - D:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - D:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: Adobe Reader - D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - D:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST [2013-09-11]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - D:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - D:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-03-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - D:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - D:\Program Files\McAfee\SiteAdvisor [2013-09-09]

========================== Services (Whitelisted) =================

S2 0304301403695964mcinstcleanup; D:\WINDOWS\TEMP\030430~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; D:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 BT Help Wizard; D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe [321024 2014-01-21] (Alcatel-Lucent) [File not signed]
R2 ehRecvr; D:\WINDOWS\eHome\ehRecvr.exe [194560 2004-08-10] (Microsoft Corporation) [File not signed]
R2 HomeNetSvc; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; D:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-03-02] (Sun Microsystems, Inc.)
R2 Kodak AiO Network Discovery Service; D:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; D:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 McAfee SiteAdvisor Service; D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; D:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R3 McODS; D:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; D:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; D:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; D:\WINDOWS\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
S3 MHN; D:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NSL; D:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-24] (Symantec Corporation)
R2 nvUpdatusService; D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
S3 ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-27] (Nokia) [File not signed]
S3 UMWdf; D:\WINDOWS\system32\wdfmgr.exe [38912 2006-03-15] (Microsoft Corporation) [File not signed]
S2 winmgmt; D:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\0B32E07996E47B447DDE23211791C7B4\721gqz8.cpp [X]

==================== Drivers (Whitelisted) ====================

R3 AEAudioService; D:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
R3 AtcL001; D:\WINDOWS\System32\DRIVERS\atl01_xp.sys [34944 2006-07-28] (Attansic Technology corporation.)
S3 BrScnUsb; D:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R1 BUFADPT; D:\WINDOWS\system32\BUFADPT.SYS [11008 2007-01-11] (BUFFALO INC.) [File not signed]
S3 CCDECODE; D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cfwids; D:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
S3 FsUsbExDisk; D:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-01-08] () [File not signed]
R1 HCW88AUD; D:\WINDOWS\System32\drivers\hcw88aud.sys [13440 2009-02-26] (Hauppauge Computer Works, Inc)
R3 HCW88TSE; D:\WINDOWS\System32\drivers\hcw88tse.sys [320512 2009-02-26] (Hauppauge Computer Works, Inc)
R3 HCW88TUNE; D:\WINDOWS\System32\drivers\hcw88tun.sys [75904 2009-02-25] (Hauppauge Computer Works, Inc.)
R3 hcw88vid; D:\WINDOWS\System32\drivers\hcw88vid.sys [396032 2009-02-25] (Hauppauge Computer Works, Inc)
R3 HCW88XBAR; D:\WINDOWS\System32\drivers\HCW88BAR.sys [17792 2009-02-25] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; D:\WINDOWS\System32\drivers\HdAudio.sys [145920 2004-10-27] (Windows ® Server 2003 DDK provider)
S3 HipShieldK; D:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 IrBus; D:\WINDOWS\System32\DRIVERS\IrBus.sys [46848 2013-07-17] (Microsoft Corporation)
R3 mfeapfk; D:\WINDOWS\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; D:\WINDOWS\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; D:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; D:\WINDOWS\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; D:\WINDOWS\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; D:\WINDOWS\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; D:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
S3 mfendisk; D:\WINDOWS\System32\DRIVERS\mfendisk.sys [86120 2014-04-03] (McAfee, Inc.)
R3 mfendiskmp; D:\WINDOWS\System32\DRIVERS\mfendisk.sys [86120 2014-04-03] (McAfee, Inc.)
R1 mfetdi2k; D:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-04-03] (McAfee, Inc.)
S3 MHNDRV; D:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MREMP50; D:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; D:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; D:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Secdrv; D:\WINDOWS\System32\DRIVERS\secdrv.sys [12464 2012-01-16] (Macrovision Europe Ltd) [File not signed]
R3 SenFiltService; D:\WINDOWS\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura)
R3 u2kg54l; D:\WINDOWS\System32\DRIVERS\u2kg54l.sys [477696 2006-08-24] (ZyDAS Technology Corporation) [File not signed]
S3 yati1snx; D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\yati1snx.sys [17920 2013-04-06] () [File not signed]
S4 fasttrak; No ImagePath
S4 fasttx2k; No ImagePath
S4 hpt3xx; No ImagePath
S4 iaStor; No ImagePath
S4 IntelIde; No ImagePath
S4 iteraid; No ImagePath
S4 m5287; No ImagePath
S4 m5289; No ImagePath
U0 mfewfpk;
S3 MREMP50a64; \??\D:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\D:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\D:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\D:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S4 nvatabus; No ImagePath
S4 nvraid; No ImagePath
U5 ScsiPort; D:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 Si3112r; No ImagePath
S4 Si3114r; No ImagePath
S4 viasraid; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> D:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2019-03-07 18:57 - 2010-10-19 10:24 - 00000382 __RSH () D:\boot.old
2019-03-07 18:57 - 2010-08-21 20:53 - 00250048 __RSH () D:\ntldr
2019-03-07 18:57 - 2004-08-10 20:00 - 00047564 __RSH () D:\NTDETECT.COM
2019-03-07 18:54 - 2019-03-07 18:56 - 00000000 ____D () D:\i386
2019-03-07 18:53 - 2019-03-07 18:53 - 00000000 ____D () D:\cmpnents
2014-06-25 12:41 - 2014-06-25 12:43 - 00022117 _____ () D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\FRST.txt
2014-06-25 12:41 - 2014-06-25 12:42 - 00000000 ____D () D:\FRST
2014-06-25 12:40 - 2014-06-25 12:40 - 01073152 _____ (Farbar) D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\FRST.exe
2014-06-25 12:35 - 2014-06-25 12:35 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
2014-06-25 12:35 - 2014-06-25 12:35 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
2014-06-25 12:31 - 2014-06-25 12:31 - 00000000 ____D () D:\WINDOWS\LastGood
2014-06-24 19:21 - 2014-06-24 19:21 - 00000552 _____ () D:\WINDOWS\system32\d3d8caps.dat
2014-06-16 11:13 - 2014-06-16 11:13 - 00000059 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2988-F.txt
2014-06-16 11:13 - 2014-06-16 11:13 - 00000059 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2988-F.txt
2014-06-16 09:56 - 2014-06-16 09:56 - 00040776 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F\Application Data\Malwarebytes
2014-06-16 09:55 - 2014-06-16 09:58 - 00002372 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-1984-F.txt
2014-06-16 09:55 - 2014-06-16 09:58 - 00002372 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-1984-F.txt
2014-06-16 09:52 - 2014-06-16 09:53 - 00000178 ___SH () D:\Documents and Settings\Administrator.43C23ECBA36044F\ntuser.ini
2014-06-16 09:51 - 2014-06-16 09:52 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F
2014-06-16 09:51 - 2013-06-26 10:07 - 00003500 _____ () D:\Documents and Settings\Administrator.43C23ECBA36044F\Local Settings\Application Data\installer.log
2014-06-16 09:51 - 2013-06-26 10:00 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Local Settings\Application Data\Eastman_Kodak_Company
2014-06-16 09:51 - 2013-06-26 09:52 - 00800824 _____ (Microsoft Corporation) D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\DPInst.exe
2014-06-16 09:51 - 2013-06-26 09:52 - 00106496 _____ (Microsoft Corporation) D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\gacutil.exe
2014-06-16 09:51 - 2013-06-26 09:52 - 00036352 _____ (Microsoft Corporation) D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\PnPutil.exe
2014-06-16 09:51 - 2013-06-26 09:52 - 00000181 _____ () D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\gacutil.exe.config
2014-06-16 09:51 - 2013-06-26 09:52 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\KODAK AiO Home Center843093722
2014-06-16 09:51 - 2013-06-26 09:51 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Local Settings\Temp
2014-06-16 09:51 - 2012-12-06 20:27 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\Temp
2014-06-16 09:51 - 2012-12-06 20:27 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\KODAK AiO Home Center914976119
2014-06-16 09:51 - 2011-08-27 21:55 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F\Application Data\Macromedia
2014-06-16 09:51 - 2011-08-09 23:28 - 00001606 _____ () D:\Documents and Settings\Administrator.43C23ECBA36044F\Start Menu\Programs\Remote Assistance.lnk
2014-06-16 09:51 - 2011-08-09 23:28 - 00000799 _____ () D:\Documents and Settings\Administrator.43C23ECBA36044F\Start Menu\Programs\Windows Media Player.lnk
2014-06-16 09:51 - 2011-08-09 23:28 - 00000000 ___RD () D:\Documents and Settings\Administrator.43C23ECBA36044F\Start Menu\Programs\Accessories
2014-06-16 09:49 - 2014-06-16 09:50 - 00001265 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-3844-F.txt
2014-06-16 09:49 - 2014-06-16 09:50 - 00001265 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-3844-F.txt
2014-06-16 09:35 - 2014-06-16 09:38 - 00000460 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4092-F.txt
2014-06-16 09:35 - 2014-06-16 09:38 - 00000460 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4092-F.txt
2014-06-16 09:22 - 2014-06-16 09:23 - 00001263 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2568-F.txt
2014-06-16 09:22 - 2014-06-16 09:23 - 00001263 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2568-F.txt
2014-06-16 02:17 - 2014-06-16 02:23 - 00002921 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4336-F.txt
2014-06-16 02:17 - 2014-06-16 02:23 - 00002921 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4336-F.txt
2014-06-16 02:10 - 2014-06-24 19:53 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\0B32E07996E47B447DDE23211791C7B4
2014-06-16 02:10 - 2014-06-24 19:53 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\0B32E07996E47B447DDE23211791C7B4
2014-05-26 12:14 - 2014-05-26 12:14 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hasbro Interactive
2014-05-26 12:14 - 2014-05-26 12:14 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hasbro Interactive
2014-05-26 12:12 - 1997-06-02 12:32 - 00314880 _____ (InstallShield Software Corporation) D:\WINDOWS\IsUninst.exe
2014-05-26 12:09 - 2014-05-28 18:30 - 00000036 _____ () D:\WINDOWS\Tiny_Run.ini
2014-05-26 12:09 - 2014-05-26 12:09 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F\WINDOWS

==================== One Month Modified Files and Folders =======

2019-03-07 18:56 - 2019-03-07 18:54 - 00000000 ____D () D:\i386
2019-03-07 18:53 - 2019-03-07 18:53 - 00000000 ____D () D:\cmpnents
2014-06-25 12:43 - 2014-06-25 12:41 - 00022117 _____ () D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\FRST.txt
2014-06-25 12:43 - 2011-08-09 23:35 - 00000000 ____D () D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp
2014-06-25 12:43 - 2011-08-09 23:27 - 01593215 _____ () D:\WINDOWS\WindowsUpdate.log
2014-06-25 12:42 - 2014-06-25 12:41 - 00000000 ____D () D:\FRST
2014-06-25 12:40 - 2014-06-25 12:40 - 01073152 _____ (Farbar) D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\FRST.exe
2014-06-25 12:35 - 2014-06-25 12:35 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
2014-06-25 12:35 - 2014-06-25 12:35 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\McAfee
2014-06-25 12:32 - 2014-02-15 00:02 - 01055873 _____ () D:\WINDOWS\setupapi.log
2014-06-25 12:31 - 2014-06-25 12:31 - 00000000 ____D () D:\WINDOWS\LastGood
2014-06-25 10:07 - 2014-04-09 10:17 - 00000220 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-25 10:07 - 2005-12-02 09:43 - 00000000 ____D () D:\WINDOWS\Registration
2014-06-25 10:06 - 2012-09-27 20:48 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
2014-06-25 10:06 - 2012-09-27 20:48 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
2014-06-25 10:06 - 2011-08-10 00:19 - 00000159 _____ () D:\WINDOWS\wiadebug.log
2014-06-25 10:06 - 2011-08-10 00:19 - 00000050 _____ () D:\WINDOWS\wiaservc.log
2014-06-25 10:06 - 2011-08-09 23:34 - 00000006 ____H () D:\WINDOWS\Tasks\SA.DAT
2014-06-25 10:05 - 2011-08-09 23:35 - 00000178 ___SH () D:\Documents and Settings\Dave.43C23ECBA36044F\ntuser.ini
2014-06-25 10:05 - 2006-03-15 13:00 - 00000477 _____ () D:\WINDOWS\win.ini
2014-06-25 10:05 - 2006-03-15 13:00 - 00000227 _____ () D:\WINDOWS\system.ini
2014-06-25 09:51 - 2011-08-09 23:34 - 00032452 _____ () D:\WINDOWS\SchedLgU.Txt
2014-06-24 19:53 - 2014-06-16 02:10 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\0B32E07996E47B447DDE23211791C7B4
2014-06-24 19:53 - 2014-06-16 02:10 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Application Data\0B32E07996E47B447DDE23211791C7B4
2014-06-24 19:21 - 2014-06-24 19:21 - 00000552 _____ () D:\WINDOWS\system32\d3d8caps.dat
2014-06-24 10:21 - 2006-03-15 13:00 - 00013646 _____ () D:\WINDOWS\system32\wpa.dbl
2014-06-16 11:13 - 2014-06-16 11:13 - 00000059 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2988-F.txt
2014-06-16 11:13 - 2014-06-16 11:13 - 00000059 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2988-F.txt
2014-06-16 11:13 - 2008-09-11 17:20 - 00000000 ____D () D:\WINDOWS\pss
2014-06-16 11:10 - 2011-08-28 19:12 - 00000178 ___SH () D:\Documents and Settings\Siobhan.43C23ECBA36044F\ntuser.ini
2014-06-16 11:08 - 2011-07-26 01:39 - 00000000 __SHD () D:\WINDOWS\CSC
2014-06-16 09:58 - 2014-06-16 09:55 - 00002372 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-1984-F.txt
2014-06-16 09:58 - 2014-06-16 09:55 - 00002372 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-1984-F.txt
2014-06-16 09:56 - 2014-06-16 09:56 - 00040776 _____ (Malwarebytes Corporation) D:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-06-16 09:56 - 2014-06-16 09:56 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F\Application Data\Malwarebytes
2014-06-16 09:56 - 2011-08-28 19:12 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F\Local Settings\Temp
2014-06-16 09:53 - 2014-06-16 09:52 - 00000178 ___SH () D:\Documents and Settings\Administrator.43C23ECBA36044F\ntuser.ini
2014-06-16 09:52 - 2014-06-16 09:51 - 00000000 ____D () D:\Documents and Settings\Administrator.43C23ECBA36044F
2014-06-16 09:50 - 2014-06-16 09:49 - 00001265 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-3844-F.txt
2014-06-16 09:50 - 2014-06-16 09:49 - 00001265 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-3844-F.txt
2014-06-16 09:38 - 2014-06-16 09:35 - 00000460 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4092-F.txt
2014-06-16 09:38 - 2014-06-16 09:35 - 00000460 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4092-F.txt
2014-06-16 09:24 - 2011-08-09 23:35 - 00000000 ____D () D:\Documents and Settings\Dave.43C23ECBA36044F
2014-06-16 09:23 - 2014-06-16 09:22 - 00001263 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2568-F.txt
2014-06-16 09:23 - 2014-06-16 09:22 - 00001263 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-2568-F.txt
2014-06-16 02:23 - 2014-06-16 02:17 - 00002921 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4336-F.txt
2014-06-16 02:23 - 2014-06-16 02:17 - 00002921 _____ () D:\Documents and Settings\All Users.WINDOWS\Application Data\RUNDLL32.EXE-4336-F.txt
2014-06-11 21:21 - 2012-09-27 21:06 - 00000000 ____D () D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Application Data\Eastman_Kodak_Company
2014-06-10 21:16 - 2013-08-03 03:48 - 00000000 ____D () D:\WINDOWS\system32\MRT
2014-06-10 21:14 - 2011-08-27 14:09 - 92708840 _____ (Microsoft Corporation) D:\WINDOWS\system32\MRT.exe
2014-06-09 23:43 - 2014-04-09 10:16 - 00000214 _____ () D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-06-03 10:23 - 2011-08-09 23:24 - 00120182 _____ () D:\WINDOWS\wmsetup.log
2014-06-03 07:12 - 2011-08-10 00:06 - 00302917 _____ () D:\WINDOWS\setupact.log
2014-05-28 18:30 - 2014-05-26 12:09 - 00000036 _____ () D:\WINDOWS\Tiny_Run.ini
2014-05-26 14:00 - 2012-01-02 20:21 - 00000284 _____ () D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-05-26 12:14 - 2014-05-26 12:14 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hasbro Interactive
2014-05-26 12:14 - 2014-05-26 12:14 - 00000000 ____D () D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hasbro Interactive
2014-05-26 12:13 - 2005-12-02 09:34 - 00000000 ____D () D:\WINDOWS\Help
2014-05-26 12:09 - 2014-05-26 12:09 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F\WINDOWS
2014-05-26 12:09 - 2011-08-28 19:12 - 00000000 ____D () D:\Documents and Settings\Siobhan.43C23ECBA36044F

Files to move or delete:
====================
D:\Documents and Settings\Katie\jagex_runescape_preferences.dat
D:\Documents and Settings\Katie\jagex_runescape_preferences2.dat
D:\Documents and Settings\Katie\jagex__preferences3.dat

Some content of TEMP:
====================
D:\Documents and Settings\Dave\Local Settings\Temp\CmdLineExt03.dll
D:\Documents and Settings\Dave\Local Settings\Temp\drm_dyndata_7330017.dll
D:\Documents and Settings\Dave\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Dave\Local Settings\Temp\eauninstall.exe
D:\Documents and Settings\Dave\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
D:\Documents and Settings\Dave\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
D:\Documents and Settings\Dave\Local Settings\Temp\SC4_UNINST.EXE
D:\Documents and Settings\Dave\Local Settings\Temp\SimCity 4_uninst.exe
D:\Documents and Settings\Dave\Local Settings\Temp\SIntf16.dll
D:\Documents and Settings\Dave\Local Settings\Temp\SIntf32.dll
D:\Documents and Settings\Dave\Local Settings\Temp\SIntfNT.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\CmdLineExt03.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU19C.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU19D.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU1A.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU1B.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU4.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU5.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU57.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU58.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU5E.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBU5F.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBUD.exe
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\EBUE.DLL
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\pcDesktopAlertNotifierX.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\SIntf16.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\SIntf32.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\SIntfNT.dll
D:\Documents and Settings\Dave.43C23ECBA36044F\Local Settings\Temp\vcredist_x86.exe
D:\Documents and Settings\Katie\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Katie.43C23ECBA36044F\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Luke\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Siobhan\Local Settings\Temp\drm_dyndata_7370014.dll
D:\Documents and Settings\Siobhan.43C23ECBA36044F\Local Settings\Temp\drm_dyndata_7370014.dll

==================== Bamital & volsnap Check =================

D:\WINDOWS\explorer.exe => File is digitally signed
D:\WINDOWS\system32\winlogon.exe => File is digitally signed
D:\WINDOWS\system32\svchost.exe => File is digitally signed
D:\WINDOWS\system32\services.exe => File is digitally signed
D:\WINDOWS\system32\User32.dll => File is digitally signed
D:\WINDOWS\system32\userinit.exe => File is digitally signed
D:\WINDOWS\system32\rpcss.dll => File is digitally signed
D:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[say-no-2-trojans]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Dave at 2014-06-25 12:45:50
Running from D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Attansic Giga Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 1.0 - )
Attansic L1 Gigabit Ethernet Driver (HKLM\...\AtcL1) (Version:  - )
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Basic Operation Guide EPSON SX430 Series (HKLM\...\EPSON SX430 Series Bog) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BT Broadband Support Tools (HKLM\...\{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}) (Version:  - British Telecommunications Plc)
BT Desktop Help (HKLM\...\BT Desktop Help) (Version:  - )
BT NetProtect Plus (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
BT Wireless Connection Manager (HKLM\...\BT Wireless Connection Manager) (Version:  - )
BT Yahoo! Applications (HKLM\...\BT Yahoo! Applications) (Version:  - )
BTHomeHub (HKLM\...\BTHomeHub) (Version:  - British Telecommunications Plc.)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Corporate (Version: 9.0.570 - Citrix) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Homeworld2 (HKLM\...\Homeworld2) (Version:  - Sierra)
Impossible Creatures (HKLM\...\Impossible Creatures 1.0) (Version:  - )
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kidzui (HKLM\...\Kidzui) (Version:  - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LEGOLAND (HKLM\...\LEGOLANDDeInstKey) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
My Little Pony (HKLM\...\My Little Pony) (Version:  - )
Norton Safe Web Lite (HKLM\...\NST) (Version: 1.2.0.6 - Symantec Corporation)
NVIDIA Control Panel 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.3.5 - NVIDIA Corporation) Hidden
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4151 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.11 - Piriform)
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0) (HKLM\...\6194C28A8F62DD817EA1B918E6E46E806A21B452) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0) (HKLM\...\65B6FE5418CE28F4D72543FB2D964C3CEC83F161) (Version: 02/23/2007 2.5.0.0 - MobileTop)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2006-03-15 13:00 - 2006-03-15 13:00 - 00000734 ____A D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: D:\WINDOWS\Tasks\AppleSoftwareUpdate.job => D:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => D:\WINDOWS\system32\xp_eos.exe
Task: D:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => D:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-03-15 13:00 - 2006-03-15 13:00 - 00268288 _____ () D:\WINDOWS\system32\sbe.dll
2006-03-15 13:00 - 2013-01-02 07:49 - 01292288 _____ () D:\WINDOWS\system32\quartz.dll
2006-03-15 13:00 - 2008-04-14 01:11 - 00059904 _____ () D:\WINDOWS\system32\devenum.dll
2006-03-15 13:00 - 2008-04-14 01:11 - 00014336 _____ () D:\WINDOWS\system32\msdmo.dll
2006-03-15 13:00 - 2013-01-02 07:49 - 00148992 _____ () D:\WINDOWS\system32\mpg2splt.ax
2006-03-15 13:00 - 2006-03-15 13:00 - 00165376 _____ () D:\WINDOWS\system32\WSTPager.ax
2006-03-15 13:00 - 2006-03-15 13:00 - 00154112 _____ () D:\WINDOWS\system32\VBICodec.ax
2006-03-15 13:00 - 2006-03-15 13:00 - 00331776 _____ () D:\WINDOWS\system32\encdec.dll
2002-09-23 19:11 - 2002-09-23 19:11 - 00040960 _____ () D:\WINDOWS\system32\hcwxds.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () D:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2011-01-17 17:19 - 2012-01-14 17:51 - 00985088 _____ () D:\Program Files\OpenOffice.org 3\program\libxml2.dll
2011-08-17 20:55 - 2006-02-23 17:13 - 00038912 _____ () D:\Program Files\Yahoo!\browser\YCommonPS.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (06/25/2014 00:20:34 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/25/2014 00:20:34 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (06/25/2014 00:20:31 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7855484

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7855484

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/25/2014 00:59:57 PM) (Source: DCOM) (EventID: 10010) (User: 43C23ECBA36044F)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:59:27 PM) (Source: DCOM) (EventID: 10010) (User: 43C23ECBA36044F)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:58:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:58:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:57:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:57:27 PM) (Source: DCOM) (EventID: 10010) (User: 43C23ECBA36044F)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:56:57 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:56:26 PM) (Source: DCOM) (EventID: 10010) (User: 43C23ECBA36044F)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:55:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (06/25/2014 00:55:26 PM) (Source: DCOM) (EventID: 10010) (User: 43C23ECBA36044F)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================
Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (06/25/2014 00:25:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (06/25/2014 00:20:34 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved

Error: (06/25/2014 00:20:34 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (06/25/2014 00:20:31 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....hrootseq.txtThe server name or address could not be resolved

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7855484

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7855484

Error: (06/25/2014 00:20:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Percentage of memory in use: 77%
Total physical RAM: 1023.17 MB
Available physical RAM: 225.95 MB
Total Pagefile: 2464.41 MB
Available Pagefile: 1547.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.25 MB

==================== Drives ================================

Drive c: (RECOVERY) (Fixed) (Total:4.39 GB) (Free:2.28 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (Windows) (Fixed) (Total:228.49 GB) (Free:113.17 GB) NTFS
Drive e: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: DA3B81F4)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=228 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[----------------]

What about aswMBR?

[say-no-2-trojans]

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-25 13:08:06
-----------------------------
13:08:06.843    OS Version: Windows 5.1.2600 Service Pack 3
13:08:06.843    Number of processors: 2 586 0xF06
13:08:06.843    ComputerName: 43C23ECBA36044F  UserName: Dave
13:08:08.625    Initialize success
13:08:08.656    VM: initialized successfully
13:08:08.718    VM: Intel CPU supported
13:16:53.484    AVAST engine defs: 14062500
13:17:01.015    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:17:01.015    Disk 0 Vendor: ST3250820AS 3.AAC Size: 238475MB BusType: 3
13:17:01.203    Disk 0 MBR read successfully
13:17:01.218    Disk 0 MBR scan
13:17:01.328    Disk 0 Windows XP default MBR code
13:17:01.328    Disk 0 Partition 1 80 (A) 0C    FAT32 LBA MSDOS5.0     4502 MB offset 63
13:17:01.343    Disk 0 Boot: MSDOS5.0 code=1
13:17:01.375    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       233970 MB offset 9221310
13:17:01.468    Disk 0 scanning sectors +488392065
13:17:01.656    Disk 0 scanning D:\WINDOWS\system32\drivers
13:17:47.765    Service scanning
13:18:15.234    Modules scanning
13:18:22.234    Disk 0 trace - called modules:
13:18:22.265    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
13:18:22.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87352ab8]
13:18:22.265    3 CLASSPNP.SYS[f756ffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x87339b00]
13:18:23.781    AVAST engine scan D:\WINDOWS
13:18:50.015    AVAST engine scan D:\WINDOWS\system32
13:27:54.218    AVAST engine scan D:\WINDOWS\system32\drivers
13:28:24.468    AVAST engine scan D:\Documents and Settings\Dave.43C23ECBA36044F
13:32:55.687    AVAST engine scan D:\Documents and Settings\All Users.WINDOWS
13:34:50.171    Scan finished successfully
14:04:35.125    Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\MBR.dat"
14:04:35.140    The log file has been saved successfully to "D:\Documents and Settings\Dave.43C23ECBA36044F\Desktop\aswMBR.txt"

 

[----------------]

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[say-no-2-trojans]

ComboFix 14-06-24.01 - Dave 25/06/2014  15:52:11.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1023.217 [GMT 1:00]
Running from: d:\documents and settings\Dave.43C23ECBA36044F\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc100.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc101.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc102.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc103.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc104.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc105.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc106.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc107.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc108.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc109.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc10F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc111.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc116.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc16.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc162.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc17D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc18.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc19.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc199.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc1F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc20.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc21.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc210.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc22.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc228.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc23.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc24.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc24B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc25.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc26.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc265B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc269.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc27.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc28.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc29.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2B72.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2ED2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc2F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc30.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc31.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3143.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc32.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc33.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc34.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc35.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc36.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc37.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc38.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc39.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc3F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc40.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc41.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc42.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc43.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc44.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc45.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc46.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc47.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc48.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc49.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc4F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc50.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc51.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc52.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc53.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc54.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc55.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc56.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc57.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc58.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc59.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc5F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc60.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc61.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc62.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc63.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc64.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc65.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc66.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc67.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc68.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc69.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc6F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc70.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc71.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc72.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc73.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc74.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc75.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc76.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc77.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc78.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc79.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc7F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc80.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc81.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc82.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc83.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc84.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc85.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc86.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc87.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc88.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc89.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc8F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc90.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc91.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc92.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc93.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc94.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc95.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc96.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc97.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc98.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc99.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9A.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9B.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9C.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9D.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9E.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mcc9F.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccA9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAD.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccAF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccB9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBD.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccBF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccC9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCD.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccCF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccD9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDD.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccDF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccEA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccEB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccEC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccED.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccEE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccEF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF0.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF1.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF2.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF3.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF4.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF5.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF6.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF7.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF8.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccF9.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFA.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFB.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFC.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFD.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFE.tmp
d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccFF.tmp
d:\documents and settings\Dave.43C23ECBA36044F\WINDOWS
d:\documents and settings\Dave\WINDOWS
d:\documents and settings\Katie.43C23ECBA36044F\Local Settings\Temporary Internet Files\mccE0.tmp
d:\documents and settings\Luke\WINDOWS
d:\documents and settings\Siobhan.43C23ECBA36044F\WINDOWS
d:\documents and settings\Siobhan\WINDOWS
d:\windows\system32\html
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-25 to 2014-06-25  )))))))))))))))))))))))))))))))
.
.
2067-05-27 14:16 . 2007-02-27 20:49 1249280 ----a-w- d:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-21 21:35 . 2003-06-05 16:40 106496 ----a-w- d:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2019-03-07 17:54 . 2019-03-07 17:56 -------- d-----w- D:\i386
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- D:\cmpnents
2014-06-25 11:41 . 2014-06-25 12:00 -------- d-----w- D:\FRST
2014-06-16 08:56 . 2014-06-16 08:56 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2014-06-16 08:51 . 2014-06-16 08:52 -------- d-----w- d:\documents and settings\Administrator.43C23ECBA36044F
2014-06-16 01:10 . 2014-06-24 18:53 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\0B32E07996E47B447DDE23211791C7B4
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-03 17:07 . 2013-09-09 20:15 61400 ----a-w- d:\windows\system32\drivers\cfwids.sys
2014-04-03 16:59 . 2013-09-09 19:57 179600 ----a-w- d:\windows\system32\mfevtps.exe
2014-04-03 16:58 . 2013-02-19 13:11 92216 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2014-04-03 16:52 . 2013-02-19 13:09 574576 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2014-04-03 16:51 . 2013-09-09 20:16 86120 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2014-04-03 16:50 . 2013-09-09 20:15 367776 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2014-04-03 16:49 . 2013-09-09 20:15 66408 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2014-04-03 16:48 . 2013-09-09 20:15 236672 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2014-04-03 16:47 . 2013-02-19 13:07 134600 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2006-11-19 11:48 . 2006-11-19 11:48 14879120 ----a-w- d:\program files\GoogleEarthWin.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"btbb_McciTrayApp"="d:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2013-11-11 2039096]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Conime"="d:\windows\system32\conime.exe" [2008-04-14 27648]
"EKStatusMonitor"="d:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"mcpltui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="d:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
d:\documents and settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK32.EXE [2011-12-23 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-08-17 19:56 16680 ----a-w- d:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"d:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"d:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kodak\\Installer\\Setup.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.4.0.53.bt.0.5\\ma\\bin\\node.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;d:\windows\system32\drivers\hcw88aud.sys [26/02/2009 00:09 13440]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [19/02/2013 14:11 92216]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;d:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 18:07 759048]
R2 BT Help Wizard;BT Help Wizard;d:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe [21/01/2014 08:29 321024]
R2 HomeNetSvc;McAfee Home Network;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;d:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 15:07 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;d:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 13:07 780152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/09/2013 21:15 167784]
R2 McAPExe;McAfee AP Service;d:\program files\McAfee\MSC\McAPExe.exe [28/11/2013 01:03 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 mcpltsvc;McAfee Platform Services;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 mfecore;McAfee Anti-Malware Core;d:\program files\Common Files\Mcafee\AMCore\mcshield.exe [28/11/2013 01:04 655936]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [09/09/2013 21:16 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [09/09/2013 20:57 179600]
R2 NSL;Norton Safe Web Lite;d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [27/08/2011 13:52 130000]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;d:\windows\system32\drivers\atl01_xp.sys [13/09/2006 23:57 34944]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [09/09/2013 21:15 61400]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;d:\windows\system32\drivers\hcw88tse.sys [26/02/2009 00:09 320512]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;d:\windows\system32\drivers\hcw88tun.sys [25/02/2009 23:09 75904]
R3 hcw88vid;Hauppauge WinTV 88x Video;d:\windows\system32\drivers\hcw88vid.sys [25/02/2009 23:09 396032]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;d:\windows\system32\drivers\hcw88bar.sys [25/02/2009 23:09 17792]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [09/09/2013 21:15 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;d:\windows\system32\drivers\mfencbdc.sys [20/09/2013 10:37 345584]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [09/09/2013 21:16 86120]
R3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;d:\windows\system32\drivers\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [01/10/2012 16:32 36608]
S3 HipShieldK;McAfee Inc. HipShieldK;d:\windows\system32\drivers\HipShieldK.sys [09/09/2013 21:17 147912]
S3 mfencrk;McAfee Inc. mfencrk;d:\windows\system32\drivers\mfencrk.sys [20/09/2013 10:37 81264]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [09/09/2013 21:16 86120]
S3 yati1snx;yati1snx;\??\d:\docume~1\DAVE~1.43C\LOCALS~1\Temp\yati1snx.sys --> d:\docume~1\DAVE~1.43C\LOCALS~1\Temp\yati1snx.sys [?]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2014-06-25 d:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- d:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-06-09 d:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- d:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?p=us
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo...fo/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-25 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NSL]
"ImagePath"="\"d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-1123561945-2147039463-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,97,0d,37,2b,f9,39,5c,8f,17,d4,9c,03,b8,d4,d4,9e,fe,ba,cd,82,
   13,69,70,4a,46,0b,5b,65,fa,bf,cd,4a,41,3f,af,59,ee,b2,9b,31,57,69,13,4c,c7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1424)
d:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2576)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\windows\eHome\ehRecvr.exe
d:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\node.exe
d:\windows\eHome\ehSched.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
d:\program files\OpenOffice.org 3\program\soffice.exe
d:\program files\OpenOffice.org 3\program\soffice.bin
d:\program files\Common Files\McAfee\Platform\mcuicnt.exe
d:\windows\system32\dllhost.exe
d:\windows\system32\wscntfy.exe
d:\windows\eHome\ehmsas.exe
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2014-06-25  16:17:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-25 15:17
.
Pre-Run: 122,639,298,560 bytes free
Post-Run: 123,994,533,888 bytes free
.
- - End Of File - - 5323D82645747ADE7892E261FEC2C4CF
8F558EB6672622401DA993E1E865C861
 

[----------------]

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes Anti-Malware to your desktop.
• Double-click the downloaded setup file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

Attached Files

•  CFScript.txt   205bytes   253 downloads

[say-no-2-trojans]

ComboFix 14-06-24.01 - Dave 25/06/2014  17:20:37.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1023.386 [GMT 1:00]
Running from: d:\documents and settings\Dave.43C23ECBA36044F\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Dave.43C23ECBA36044F\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"d:\documents and settings\Dave.43C23ECBA36044F\Local Settings\Temp\yati1snx.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\docume~1\ALLUSE~1.WIN\APPLIC~1\0B32E07996E47B447DDE23211791C7B4
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_yati1snx
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-25 to 2014-06-25  )))))))))))))))))))))))))))))))
.
.
2067-05-27 14:16 . 2007-02-27 20:49 1249280 ----a-w- d:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-21 21:35 . 2003-06-05 16:40 106496 ----a-w- d:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2019-03-07 17:54 . 2019-03-07 17:56 -------- d-----w- D:\i386
2019-03-07 17:53 . 2019-03-07 17:53 -------- d-----w- D:\cmpnents
2014-06-25 11:41 . 2014-06-25 12:00 -------- d-----w- D:\FRST
2014-06-16 08:56 . 2014-06-16 08:56 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2014-06-16 08:51 . 2014-06-16 08:52 -------- d-----w- d:\documents and settings\Administrator.43C23ECBA36044F
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-03 17:07 . 2013-09-09 20:15 61400 ----a-w- d:\windows\system32\drivers\cfwids.sys
2014-04-03 16:59 . 2013-09-09 19:57 179600 ----a-w- d:\windows\system32\mfevtps.exe
2014-04-03 16:58 . 2013-02-19 13:11 92216 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2014-04-03 16:52 . 2013-02-19 13:09 574576 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2014-04-03 16:51 . 2013-09-09 20:16 86120 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2014-04-03 16:50 . 2013-09-09 20:15 367776 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2014-04-03 16:49 . 2013-09-09 20:15 66408 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2014-04-03 16:48 . 2013-09-09 20:15 236672 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2014-04-03 16:47 . 2013-02-19 13:07 134600 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2006-11-19 11:48 . 2006-11-19 11:48 14879120 ----a-w- d:\program files\GoogleEarthWin.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="d:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"btbb_McciTrayApp"="d:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2013-11-11 2039096]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Conime"="d:\windows\system32\conime.exe" [2008-04-14 27648]
"EKStatusMonitor"="d:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"mcpltui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="d:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
d:\documents and settings\Dave.43C23ECBA36044F\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\program files\WinZip\WZQKPICK32.EXE [2011-12-23 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-08-17 19:56 16680 ----a-w- d:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"d:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"d:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"d:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kodak\\Installer\\Setup.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"d:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.4.0.53.bt.0.5\\ma\\bin\\node.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;d:\windows\system32\drivers\hcw88aud.sys [26/02/2009 00:09 13440]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [19/02/2013 14:11 92216]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;d:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 18:07 759048]
R2 BT Help Wizard;BT Help Wizard;d:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\MAHostService.exe [21/01/2014 08:29 321024]
R2 HomeNetSvc;McAfee Home Network;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;d:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 15:07 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;d:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 13:07 780152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/09/2013 21:15 167784]
R2 McAPExe;McAfee AP Service;d:\program files\McAfee\MSC\McAPExe.exe [28/11/2013 01:03 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 mcpltsvc;McAfee Platform Services;"d:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [28/11/2013 01:02 281560]
R2 mfecore;McAfee Anti-Malware Core;d:\program files\Common Files\Mcafee\AMCore\mcshield.exe [28/11/2013 01:04 655936]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [09/09/2013 21:16 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [09/09/2013 20:57 179600]
R2 NSL;Norton Safe Web Lite;d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [27/08/2011 13:52 130000]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;d:\windows\system32\drivers\atl01_xp.sys [13/09/2006 23:57 34944]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [09/09/2013 21:15 61400]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;d:\windows\system32\drivers\hcw88tse.sys [26/02/2009 00:09 320512]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;d:\windows\system32\drivers\hcw88tun.sys [25/02/2009 23:09 75904]
R3 hcw88vid;Hauppauge WinTV 88x Video;d:\windows\system32\drivers\hcw88vid.sys [25/02/2009 23:09 396032]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;d:\windows\system32\drivers\hcw88bar.sys [25/02/2009 23:09 17792]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [09/09/2013 21:15 367776]
R3 mfencbdc;McAfee Inc. mfencbdc;d:\windows\system32\drivers\mfencbdc.sys [20/09/2013 10:37 345584]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [09/09/2013 21:16 86120]
R3 u2kg54l;BUFFALO WLI-U2-KG54L Wireless LAN Driver;d:\windows\system32\drivers\U2KG54L.SYS [24/08/2006 05:44 477696]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.Sys [01/10/2012 16:32 36608]
S3 HipShieldK;McAfee Inc. HipShieldK;d:\windows\system32\drivers\HipShieldK.sys [09/09/2013 21:17 147912]
S3 mfencrk;McAfee Inc. mfencrk;d:\windows\system32\drivers\mfencrk.sys [20/09/2013 10:37 81264]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [09/09/2013 21:16 86120]
S4 fasttrak;fasttrak; [x]
S4 iteraid;iteraid; [x]
S4 m5287;m5287; [x]
S4 m5289;m5289; [x]
S4 Si3112r;Si3112r; [x]
S4 viasraid;viasraid; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-26 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2014-06-25 d:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- d:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-06-09 d:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- d:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?p=us
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo...fo/bt_side.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-25 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NSL]
"ImagePath"="\"d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"d:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-682003330-1123561945-2147039463-1003\Software\SecuROM\License information*]
"datasecu"=hex:41,97,0d,37,2b,f9,39,5c,8f,17,d4,9c,03,b8,d4,d4,9e,fe,ba,cd,82,
   13,69,70,4a,46,0b,5b,65,fa,bf,cd,4a,41,3f,af,59,ee,b2,9b,31,57,69,13,4c,c7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1424)
d:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2724)
d:\windows\system32\WININET.dll
d:\progra~1\mcafee\SITEAD~1\saHook.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\windows\eHome\ehRecvr.exe
d:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.0.5\ma\bin\node.exe
d:\windows\eHome\ehSched.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
d:\windows\system32\rundll32.exe
d:\program files\OpenOffice.org 3\program\soffice.exe
d:\program files\Common Files\McAfee\Platform\mcuicnt.exe
d:\program files\OpenOffice.org 3\program\soffice.bin
d:\windows\system32\dllhost.exe
d:\windows\system32\wscntfy.exe
d:\windows\eHome\ehmsas.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
.
**************************************************************************
.
Completion time: 2014-06-25  17:41:59 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-25 16:41
ComboFix2.txt  2014-06-25 15:17
.
Pre-Run: 124,003,901,440 bytes free
Post-Run: 123,977,478,144 bytes free
.
- - End Of File - - 13FD4ED0A5792C8310417B91DC1A4F03
8F558EB6672622401DA993E1E865C861
 

 

 

 

 

 

MBAM to follow

[say-no-2-trojans]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.25.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dave :: 43C23ECBA36044F [administrator]

25/06/2014 17:51:54
mbam-log-2014-06-25 (17-51-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 746542
Time elapsed: 36 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)