combo says i have avg in the pc , i took it out 3 years ago and also ran the uninstall tool twice
there are a lot of
very old files in combo that i could take out its the first i've seen them if you tell me where to go they must be hidden
ComboFix 10-02-26.03 - harold mullan 27/02/2010 16:02:53.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1247.817 [GMT 0:00]
Running from: c:\documents and settings\harold mullan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\harold mullan\Application Data\Desktopicon
c:\documents and settings\harold mullan\Application Data\Desktopicon\config.ini
c:\program files\Fast Browser Search
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40030.8808081944
c:\program files\RegGenie\RegGenie.ini
c:\windows\Downloaded Program Files\popcaploader.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-26 11:09 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-26 10:58 . 2010-02-26 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-02-26 10:52 . 2010-02-26 10:52 -------- d-----w- c:\documents and settings\harold mullan\Local Settings\Application Data\PCHealth
2010-02-26 10:52 . 2010-02-26 10:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-02-26 10:52 . 2010-02-26 10:52 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-23 23:50 . 2010-02-23 23:50 16312832 ----a-w- c:\documents and settings\harold mullan\Application Data\Folding@home-x86\FahCore_b4.exe
2010-02-20 14:29 . 2010-02-20 14:29 -------- d-----w- c:\program files\Romancing the Seven Wonders - Taj Mahal
2010-02-19 19:00 . 2010-02-19 19:00 -------- d-----w- c:\program files\The Tarot's Misfortune
2010-02-18 22:49 . 2010-02-18 22:49 -------- d-----w- c:\documents and settings\harold mullan\Application Data\BigFishGames
2010-02-18 16:15 . 2010-02-18 16:15 -------- d-----w- c:\documents and settings\harold mullan\Application Data\GameMill
2010-02-18 16:15 . 2010-02-18 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\GameMill
2010-02-17 23:57 . 2010-02-17 23:57 -------- d-----w- c:\documents and settings\harold mullan\Application Data\LaJangada
2010-02-04 16:09 . 2010-02-04 16:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-01 23:37 . 2010-02-01 23:37 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Gestalt Games
2010-02-01 23:30 . 2010-02-01 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Million
2010-01-28 21:17 . 2010-01-28 21:17 -------- d-----w- c:\documents and settings\harold mullan\Local Settings\Application Data\Menge
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 23:23 . 2009-08-06 21:16 117760 ----a-w- c:\documents and settings\harold mullan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-23 23:41 . 2007-05-14 19:08 61 ---ha-w- c:\windows\popcinfo.dat
2010-01-25 23:55 . 2010-01-25 23:55 -------- d-----w- c:\documents and settings\harold mullan\Application Data\SevenSails
2010-01-24 23:25 . 2010-01-24 23:25 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Valusoft
2010-01-24 23:25 . 2010-01-24 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Valusoft
2010-01-24 23:22 . 2010-01-24 23:22 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Green Clover Games
2010-01-24 23:22 . 2010-01-24 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Green Clover Games
2010-01-24 19:59 . 2010-01-24 19:59 -------- d-----w- c:\program files\World Poker Championship
2010-01-23 21:26 . 2010-01-23 21:26 -------- d-----w- c:\documents and settings\harold mullan\Application Data\WhatPulse
2010-01-18 20:07 . 2008-04-22 21:52 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-17 22:34 . 2010-01-17 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-17 22:33 . 2010-01-17 22:33 -------- d-----w- c:\program files\Bonjour
2010-01-17 22:32 . 2010-01-17 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-17 22:31 . 2010-01-17 22:31 -------- d-----w- c:\program files\Apple Software Update
2010-01-17 22:30 . 2010-01-17 22:30 -------- d-----w- c:\program files\Common Files\Apple
2010-01-17 22:30 . 2010-01-17 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-17 18:48 . 2009-12-31 19:29 52224 ----a-w- c:\documents and settings\harold mullan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-15 23:22 . 2010-01-15 23:22 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Gold Casual Games
2010-01-14 19:36 . 2010-01-14 19:36 -------- d-----w- c:\program files\SpongeBob SquarePants Diner Dash
2010-01-14 19:12 . 2010-01-14 19:12 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_DinerDash\IAF.dll
2010-01-14 19:12 . 2010-01-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-01-14 19:12 . 2010-01-14 19:12 -------- d-----w- c:\program files\Yahoo! Games
2010-01-12 23:08 . 2010-01-12 23:08 -------- d-----w- c:\program files\Microsoft DirectX SDK (August 2009)
2010-01-12 23:07 . 2010-01-12 23:07 93512 ----a-w- c:\windows\dxsdkuninst.exe
2010-01-10 00:11 . 2010-01-10 00:11 -------- d-----w- c:\documents and settings\harold mullan\Application Data\BrokenHearts
2010-01-10 00:10 . 2010-01-10 00:10 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Dragon Altar Games
2010-01-07 16:07 . 2008-07-24 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2008-05-08 23:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2006-06-23 11:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-06-14 15:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2002-09-23 09:02 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 18:43 . 2010-01-03 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2010-01-02 23:07 . 2010-01-02 23:07 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Virtual City
2010-01-02 19:00 . 2010-01-02 19:00 -------- d-----w- c:\program files\SeaMonkey
2010-01-01 23:21 . 2010-01-01 23:20 -------- d-----w- c:\documents and settings\harold mullan\Application Data\Friday's games
2009-12-31 20:09 . 2009-12-31 20:09 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-31 16:50 . 2002-09-23 09:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 17:14 . 2008-10-30 19:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-30 14:29 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-09-23 09:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2002-09-23 09:03 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 21:08 . 2009-05-12 23:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2002-09-23 09:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"EPSON Stylus Photo RX520 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE" [2005-04-07 98304]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-11-24 2156816]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\harold mullan\Start Menu\Programs\Startup\
[email protected] - c:\documents and settings\harold mullan\Application Data\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2009-5-7 98477]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2007-05-26 20:21 936960 ------w- c:\program files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPASTATUS]
2003-02-26 16:18 620032 ------w- c:\program files\Internet Explorer\Connection Wizard\status.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-08-07 18:49 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17/02/2009 20:08 55152]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968]
S2 gupdate1c99aa9e4bae958;Google Update Service (gupdate1c99aa9e4bae958);c:\program files\Google\Update\GoogleUpdate.exe [01/03/2009 20:11 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408]
S3 Vsp;Vsp;\??\c:\windows\System32\drivers\Vsp.sys --> c:\windows\System32\drivers\Vsp.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-26 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-26 13:48]
2010-02-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-27 16:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2485982703-2457388570-1893012673-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-27 16:12:02
ComboFix-quarantined-files.txt 2010-02-27 16:12
Pre-Run: 53,495,988,224 bytes free
Post-Run: 53,540,421,632 bytes free
- - End Of File - - 2BD237A39B491DE99D0802F26476D4C7
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:15, on 27/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /M "Stylus Photo RX520" /EF "HKCU"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup:
[email protected] = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/Dcode/ActiveX/MSDcode.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219531497140O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178998938015O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179009861625O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabO16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
http://help.broadbandassist.com/prequal/MotivePreQual.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99aa9e4bae958) (gupdate1c99aa9e4bae958) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8152 bytes