Sign in to follow this  
mferguson26

Sorry, I'm new to using forums, but I need help.

Recommended Posts

First, Let me say that I posted all this once before, and I thought I subscribed to the thread and waited for a reply in my email, but I guess I messed it up. I came back to check, and someone had stopped by to help and since I hadn't replied in so long, the thread was closed. So here it is again. Again, my apologies, I am new to using forums and such. :o

Hello all. Any help would be greatly appreciaited. My problem is this: my internet seems slow these days. I thought it was a problem with Comcast, so I got a new modem from them, and the problem remains. If i'm surfing the web, sometimes IE will not open the page. The problem is momentary, because if I hit refresh, it will open. My boys play Xbox live alot, and now in the middle of a game, the connection to the server will drop momentarily and re-establish itself. I have norton, Ccleaner, spybot, lavasoft ad-aware and Avira. Ad-aware and Avira scans freeze about 20 percent through. Any help would be immensely appreciated.

I posted this in another forum and got no response, so I figured I may have put it in the wrong forum. Anyway, to anyone who thinks they can help, I have some more info. I have been pressing Comcast hard to find and fix the problem. A supervisor is scheduled to come to my house tomorrow and run some tests. However. The problem was especially bad last night. Cell phones, computer, and Xbox would drop three or four times a minute momentarily. The xbox is a different one, so it's not the xbox causing it. I went and bought a new router, and the problem remains, so it's not the router. Comcast have been out twice, and they replaced the modem (again), so we're on modem #3, so the modem is not causing the problem. They actually replaced the line out in the back yard, and the problem remains. I am convinced that the problem is with comcast, but I want to rule out my computer

I did all the steps required before posting except the ERUNT one because it said that program was not for vista. So here are my logs. I also did the system restore step.

GMER log:
GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-02-17 02:46:18
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F00A000, 0x2585E6, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x78 0x54 0x99 0xCE ...

---- EOF - GMER 1.0.15 ----


I couldn't find the AdAware log, but when I ran the scan, It said there were 0 issues found.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:29 AM, on 2/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html"]http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com"]http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.mostfungames.com/bmx-freestyle.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url="http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab"]http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab[/url]
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - [url="http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab"]http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - [url="http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab"]http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab[/url]
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlba_device - - C:\Windows\system32\dlbacoms.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca7d61dd48efd7) (gupdate1ca7d61dd48efd7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9767 bytes

Again, thank you for your time.

Share this post


Link to post
Share on other sites
Before the other thread was closed, I got these instructions from a helper, and i followed them.

Hey mferguson26,

Welcome to Lavasoft Support Forum! I'm Ltangelic and I'll be helping you fix your computer problem. Sorry for the long wait, we have very limited number of staff here, and it can take a while before someone replies to your thread. Thanks for your patience in waiting.

Unfortunately, HijackThis is no longer enough to tackle the current infections. We need to run some more tools to scan deeper.

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

after this he gave me specific instructions, which i followed......HERE IS THE POST FROM THE OTS PROGRAM

CODE
OTS logfile created on: 3/4/2010 1:06:38 AM - Run 1
OTS by OldTimer - Version 3.1.23.0     Folder = C:\Users\Mike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 210.01 Gb Free Space | 70.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.01 Gb Total Space | 69.96 Gb Free Space | 46.95% Space Free | Partition Type: FAT32
Drive G: | 976.73 Mb Total Space | 650.80 Mb Free Space | 66.63% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:24:49 | 001,181,328 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/01/27 17:18:22 | 000,788,880 | ---- | M] (Lavasoft)
arccon.ac -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac -> [2009/10/10 12:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2009/10/10 12:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.)
ccsvchst.exe -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -> [2009/08/22 01:28:17 | 000,117,640 | R--- | M] (Symantec Corporation)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/07/31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2009/04/11 00:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation)
ieuser.exe -> C:\Program Files\Internet Explorer\ieuser.exe -> [2009/04/11 00:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
sdwinsec.exe -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2008/01/19 01:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation)
mobsync.exe -> C:\Windows\System32\mobsync.exe -> [2008/01/19 01:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation)
iashost.exe -> C:\Windows\System32\iashost.exe -> [2008/01/19 01:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation)
e_s40st7.exe -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -> [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION)
dlbacoms.exe -> C:\Windows\System32\dlbacoms.exe -> [2007/03/05 20:57:30 | 000,538,096 | ---- | M] ( )
e_s40rp7.exe -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)

[Modules - Safe List]
ots.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 00:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/02/04 11:24:49 | 001,181,328 | ---- | M] (Lavasoft)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2009/09/28 08:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(Norton Internet Security) Norton Internet Security [Auto | Running] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -> [2009/08/22 01:28:17 | 000,117,640 | R--- | M] (Symantec Corporation)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -> [2009/06/08 00:13:03 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
(WinDefend) Windows Defender [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(EPSON_EB_RPCV4_01) EPSON V5 Service4(01) [Auto | Running] -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -> [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION)
(dlba_device) dlba_device [Auto | Running] -> C:\Windows\System32\dlbacoms.exe -> [2007/03/05 20:57:30 | 000,538,096 | ---- | M] ( )
(EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
(ehstart) Windows Media Center Service Launcher [Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 06:34:14 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/08 00:52:44 | 000,056,816 | ---- | M] (Avira GmbH)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.033\NAVEX15.SYS -> [2010/02/03 03:00:00 | 001,324,720 | ---- | M] (Symantec Corporation)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100303.033\NAVENG.SYS -> [2010/02/03 03:00:00 | 000,084,912 | ---- | M] (Symantec Corporation)
(ccHP) Symantec Hash Provider [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -> [2010/01/27 21:19:08 | 000,482,432 | ---- | M] (Symantec Corporation)
(IDSVix86) IDSVix86 [Kernel | System | Running] -> C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSvix86.sys -> [2009/10/28 16:37:22 | 000,343,088 | ---- | M] (Symantec Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2009/09/23 06:55:23 | 000,064,288 | ---- | M] (Lavasoft AB)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\usbaapl.sys -> [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/08/26 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/08/26 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -> [2009/08/22 01:28:17 | 000,310,320 | ---- | M] (Symantec Corporation)
(SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -> [2009/08/22 01:28:17 | 000,308,272 | ---- | M] (Symantec Corporation)
(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -> [2009/08/22 01:28:17 | 000,259,632 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -> [2009/08/22 01:28:17 | 000,217,136 | ---- | M] (Symantec Corporation)
(SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -> [2009/08/22 01:28:17 | 000,089,904 | ---- | M] (Symantec Corporation)
(SYMNDISV) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -> [2009/08/22 01:28:17 | 000,048,688 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -> [2009/08/22 01:28:17 | 000,043,696 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SYMEVENT.SYS -> [2009/08/19 10:06:35 | 000,124,976 | ---- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\SymIMV.sys -> [2009/08/18 13:11:17 | 000,025,648 | R--- | M] (Symantec Corporation)
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\pcouffin.sys -> [2009/06/11 17:39:32 | 000,047,360 | ---- | M] (VSO Software)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\Windows\System32\drivers\ssmdrv.sys -> [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2009/05/01 15:03:38 | 000,043,528 | ---- | M] (Sonic Solutions)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation)
(SCREAMINGBDRIVER) Screaming Bee Audio [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ScreamingBAudio.sys -> [2009/04/06 12:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC)
(avipbb) avipbb [Kernel | System | Running] -> C:\Windows\System32\drivers\avipbb.sys -> [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/25 22:59:52 | 004,385,792 | ---- | M] (ATI Technologies Inc.)
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2009/02/25 22:59:52 | 004,385,792 | ---- | M] (ATI Technologies Inc.)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\BVRPMPR5.SYS -> [2008/05/21 10:26:40 | 000,049,904 | R--- | M] (Avanquest Software)
(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\serscan.sys -> [2008/01/19 00:14:10 | 000,009,216 | ---- | M] (Microsoft Corporation)
(b57nd60x) %SvcDispName% [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\b57nd60x.sys -> [2008/01/18 22:25:04 | 000,179,712 | ---- | M] (Broadcom Corporation)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\afc.sys -> [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(ATIAVPCI) ATI Unified AVStream service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atinavrr.sys -> [2006/11/02 02:27:21 | 000,377,472 | ---- | M] (ATI Technologies Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(VSTHWBS2) VSTHWBS2 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTBS23.SYS -> [2006/11/02 01:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.)
(VST_DPV) VST_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTDPV3.SYS -> [2006/11/02 01:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\VSTCNXT3.SYS -> [2006/11/02 01:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 00:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(smwdm) smwdm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\smwdm.sys -> [2005/11/29 20:30:24 | 000,260,224 | ---- | M] (Analog Devices, Inc.)
(ovt519) VGA USB Camera [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ov519vid.sys -> [2003/10/20 00:45:48 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: Main\\"StartPageCache" -> 2 ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Mike\AppData\Roaming\Mozilla\FireFox\Profiles\c5l497xp.default\prefs.js ->
browser.startup.homepage -> "www.yahoo.com" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\Program Files\Google\Web Accelerator\firefox [C:\PROGRAM FILES\GOOGLE\WEB ACCELERATOR\FIREFOX] -> [2010/02/04 01:47:47 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} -> C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\ [C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN\] -> [2010/03/03 23:49:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/12 02:47:46 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/24 08:18:02 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
  -> C:\Users\Mike\AppData\Roaming\Mozilla\Extensions -> [2009/12/10 22:38:36 | 000,000,000 | ---D | M]
  -> C:\Users\Mike\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/06/08 20:37:13 | 000,000,000 | ---D | M]
  -> C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\extensions -> [2010/02/13 04:16:42 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/12/27 16:35:53 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/03 23:48:30 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/02/04 01:28:05 | 000,378,553 | R--- | M] - 13090 lines) -> C:\Windows\System32\drivers\etc\hosts ->
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1001namen.com
127.0.0.1    1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [SnagIt Toolbar Loader] -> [2008/09/22 00:31:26 | 000,066,888 | ---- | M] (TechSmith Corporation)
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 11:07:26 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [BitComet Helper] -> [2009/03/02 04:01:38 | 000,636,216 | ---- | M] (BitComet)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Symantec NCO BHO] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation)
{69A87B7D-DE56-4136-9655-716BA50C19C7} [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [&Google Web Accelerator Helper] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] ()
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll [Symantec Intrusion Prevention] -> [2009/08/22 01:28:15 | 000,107,896 | R--- | M] (Symantec Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/07/31 14:23:13 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2008/07/28 04:47:42 | 000,160,496 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [SnagIt] -> [2008/09/22 00:31:30 | 000,161,096 | ---- | M] (TechSmith Corporation)
"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] ()
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2008/07/28 04:47:40 | 000,882,416 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{5BED3930-2E9E-76D8-BACC-80DF2188D455}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll [Norton Toolbar] -> [2009/08/22 01:28:15 | 000,378,736 | R--- | M] (Symantec Corporation)
WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll [Google Web Accelerator] -> [2007/01/29 20:22:50 | 000,237,568 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 16:10:28 | 000,035,696 | ---- | M] (Adobe Systems Incorporated)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2009/10/10 12:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/07/31 14:23:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 00:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 00:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SmileboxTray" -> C:\Users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe ["C:\Users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe"] -> [2010/01/19 04:34:22 | 000,266,888 | ---- | M] (Smilebox, Inc.)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
< RunOnce [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( [C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.mostfungames.com/bmx-freestyle.htm"] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->
&D&ownload &with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
&D&ownload all video with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
&D&ownload all with BitComet -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}:res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 [HKLM] -> C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [Button: BitComet] -> [2009/03/02 04:01:38 | 000,636,216 | ---- | M] (BitComet)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6738 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\] > -> HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] ->
{2EDF75C0-5ABD-49f9-BAB6-220476A32034} [HKLM] -> http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab [System Requirements Lab Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab [Windows Live Hotmail Photo Upload Tool] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{09455FBB-D53C-4774-8385-3136925138DC}\\DhcpNameServer -> 192.168.1.1   (Broadcom NetXtreme 57xx Gigabit Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
GoToAssist -> C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Uforia\Mercenary Wars\Bin\MWGame.exe" -> C:\Uforia\Mercenary Wars\Bin\MWGame.exe [C:\Uforia\Mercenary Wars\Bin\MWGame.exe:*:Enabled:MWGame] -> [2009/11/21 09:41:32 | 002,183,168 | ---- | M] ((c)NMP)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 15:43:36 | 000,000,024 | ---- | M] ()
F:\AUTORUN.INF [[autorun] | OPEN=setupSNK.exe | ACTION=Wireless Network Setup Wizard | ] -> F:\AUTORUN.INF [ FAT32 ] -> [2008/01/04 11:35:22 | 000,000,066 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command
\F\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> [2006/11/02 06:32:26 | 000,013,312 | ---- | M] (Microsoft Corporation)
\{3ad0cebe-f535-11de-878a-001111bf0a9a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell
\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\AutoRun\command
\{3ad0cebe-f535-11de-878a-001111bf0a9a}\shell\AutoRun\command\\"" -> K:\iStudio.exe [K:\iStudio.exe] -> File not found
\{f215764f-53ee-11de-a394-001111bf0a9a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f215764f-53ee-11de-a394-001111bf0a9a}\shell\AutoRun\command
\{f215764f-53ee-11de-a394-001111bf0a9a}\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe] -> [2006/11/02 06:32:26 | 000,013,312 | ---- | M] (Microsoft Corporation)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 03:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* ->
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 03:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 13:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 01:33:12 | 000,011,776 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* ->
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 01:32:56 | 000,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 01:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/26/2010 6:07:53 PM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 2/27/2010 7:07:10 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 2/28/2010 6:28:59 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 3/1/2010 7:27:22 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 3/1/2010 2:10:06 PM Computer Name = Mike-PC | Source = Application Hang | ID = 1002 -> Description = The program AVSVideoConverter.exe version 6.3.3.371 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 176c  Start Time: 01cab96996bba94a  Termination Time: 5978
Application [ Error ] 3/1/2010 4:03:31 PM Computer Name = Mike-PC | Source = SDWinSec.exe | ID = 0 -> Description =
Application [ Error ] 3/2/2010 1:50:36 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 3/2/2010 6:27:47 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 3/3/2010 6:50:15 AM Computer Name = Mike-PC | Source = EventSystem | ID = 4621 -> Description =
Application [ Error ] 3/4/2010 1:56:59 AM Computer Name = Mike-PC | Source = Application Hang | ID = 1002 -> Description = The program iTunes.exe version 9.0.3.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 14c4  Start Time: 01cabb5f48457579  Termination Time: 27
Media Center [ Error ] 9/10/2009 7:42:16 PM Computer Name = Mike-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 10/11/2009 10:34:45 PM Computer Name = Mike-PC | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 3/2/2010 9:10:55 PM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.4 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 3/3/2010 7:44:24 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =
System [ Error ] 3/3/2010 7:44:26 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =
System [ Error ] 3/3/2010 7:41:27 PM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.7 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 3/3/2010 9:31:28 PM Computer Name = Mike-PC | Source = DCOM | ID = 10010 -> Description =
System [ Error ] 3/3/2010 9:36:52 PM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =
System [ Error ] 3/3/2010 9:36:54 PM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =
System [ Error ] 3/4/2010 1:47:36 AM Computer Name = Mike-PC | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.4 for the Network Card with network address 001111BF0A9A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 3/4/2010 1:51:02 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =
System [ Error ] 3/4/2010 1:51:04 AM Computer Name = Mike-PC | Source = Service Control Manager | ID = 7022 -> Description =

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:48 | 000,634,368 | ---- | C] (OldTimer Tools)
xml_param -> C:\ProgramData\xml_param -> [2010/02/28 00:51:23 | 000,000,000 | ---D | C]
download.exe -> C:\Users\Mike\Documents\download.exe -> [2010/02/28 00:46:54 | 009,965,143 | ---- | C] (iSkysoft Software                                           )
iSkysoft iPod Movie Converter -> C:\Users\Mike\Documents\iSkysoft iPod Movie Converter -> [2010/02/28 00:46:06 | 000,000,000 | ---D | C]
iSkysoft -> C:\Program Files\iSkysoft -> [2010/02/28 00:45:51 | 000,000,000 | ---D | C]
Logitech Touch Mouse Server -> C:\Program Files\Logitech Touch Mouse Server -> [2010/02/24 05:51:42 | 000,000,000 | ---D | C]
tzres.dll -> C:\Windows\System32\tzres.dll -> [2010/02/23 13:27:56 | 000,002,048 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\System32\secproc_isv.dll -> [2010/02/23 13:26:51 | 000,471,552 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\System32\secproc.dll -> [2010/02/23 13:26:51 | 000,471,552 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\System32\RMActivate_isv.exe -> [2010/02/23 13:26:49 | 000,526,336 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\System32\RMActivate.exe -> [2010/02/23 13:26:49 | 000,518,144 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\System32\RMActivate_ssp.exe -> [2010/02/23 13:26:49 | 000,347,136 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\System32\RMActivate_ssp_isv.exe -> [2010/02/23 13:26:49 | 000,346,624 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\System32\secproc_ssp_isv.dll -> [2010/02/23 13:26:48 | 000,152,576 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\System32\secproc_ssp.dll -> [2010/02/23 13:26:48 | 000,152,064 | ---- | C] (Microsoft Corporation)
msdrm.dll -> C:\Windows\System32\msdrm.dll -> [2010/02/23 13:26:47 | 000,332,288 | ---- | C] (Microsoft Corporation)
gameux.dll -> C:\Windows\System32\gameux.dll -> [2010/02/23 13:26:42 | 001,696,256 | ---- | C] (Microsoft Corporation)
Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/02/23 13:26:42 | 000,028,672 | ---- | C] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/02/23 13:26:41 | 004,240,384 | ---- | C] (Microsoft)
Microsoft Silverlight -> C:\Program Files\Microsoft Silverlight -> [2010/02/22 13:30:38 | 000,000,000 | ---D | C]
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2010/02/09 18:24:17 | 003,600,456 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2010/02/09 18:24:17 | 003,548,216 | ---- | C] (Microsoft Corporation)
quartz.dll -> C:\Windows\System32\quartz.dll -> [2010/02/09 18:23:59 | 001,314,816 | ---- | C] (Microsoft Corporation)
msvfw32.dll -> C:\Windows\System32\msvfw32.dll -> [2010/02/09 18:23:57 | 000,123,904 | ---- | C] (Microsoft Corporation)
avifil32.dll -> C:\Windows\System32\avifil32.dll -> [2010/02/09 18:23:57 | 000,091,136 | ---- | C] (Microsoft Corporation)
mciavi32.dll -> C:\Windows\System32\mciavi32.dll -> [2010/02/09 18:23:57 | 000,082,944 | ---- | C] (Microsoft Corporation)
BVRPMPR5.SYS -> C:\Windows\System32\drivers\BVRPMPR5.SYS -> [2010/02/09 00:56:53 | 000,049,904 | R--- | C] (Avanquest Software)
Netgear -> C:\Netgear -> [2010/02/09 00:52:32 | 000,000,000 | ---D | C]
pss -> C:\Windows\pss -> [2010/02/07 23:30:08 | 000,000,000 | ---D | C]
avipbb.sys -> C:\Windows\System32\drivers\avipbb.sys -> [2010/02/07 00:50:39 | 000,096,104 | ---- | C] (Avira GmbH)
avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/07 00:50:39 | 000,056,816 | ---- | C] (Avira GmbH)
ssmdrv.sys -> C:\Windows\System32\drivers\ssmdrv.sys -> [2010/02/07 00:50:37 | 000,028,520 | ---- | C] (Avira GmbH)
Avira -> C:\ProgramData\Avira -> [2010/02/07 00:50:31 | 000,000,000 | ---D | C]
Avira -> C:\Program Files\Avira -> [2010/02/07 00:50:31 | 000,000,000 | ---D | C]
Apple Computer -> C:\Users\Mike\AppData\Roaming\Apple Computer -> [2010/02/05 20:57:01 | 000,000,000 | ---D | C]
GEARAspi.dll -> C:\Windows\System32\GEARAspi.dll -> [2010/02/05 20:56:23 | 000,107,368 | ---- | C] (GEAR Software Inc.)
GEARAspiWDM.sys -> C:\Windows\System32\drivers\GEARAspiWDM.sys -> [2010/02/05 20:56:23 | 000,026,600 | ---- | C] (GEAR Software Inc.)
iPod -> C:\Program Files\iPod -> [2010/02/05 20:55:31 | 000,000,000 | ---D | C]
iTunes -> C:\Program Files\iTunes -> [2010/02/05 20:55:27 | 000,000,000 | ---D | C]
{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2010/02/05 20:55:27 | 000,000,000 | ---D | C]
QuickTime -> C:\Program Files\QuickTime -> [2010/02/05 20:52:50 | 000,000,000 | ---D | C]
Apple Computer -> C:\ProgramData\Apple Computer -> [2010/02/05 20:52:49 | 000,000,000 | ---D | C]
Apple Software Update -> C:\Program Files\Apple Software Update -> [2010/02/05 20:51:03 | 000,000,000 | ---D | C]
BVRP Software -> C:\Users\Mike\AppData\Local\BVRP Software -> [2010/02/04 11:23:25 | 000,000,000 | ---D | C]
FaxTools -> C:\Program Files\FaxTools -> [2010/02/04 11:12:42 | 000,000,000 | ---D | C]
BVRP Software -> C:\ProgramData\BVRP Software -> [2010/02/04 11:12:42 | 000,000,000 | ---D | C]
Dell A940 -> C:\Program Files\Dell A940 -> [2010/02/04 11:07:36 | 000,000,000 | ---D | C]
uninst.exe -> C:\Windows\uninst.exe -> [2010/02/04 11:07:29 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.)
dlbapmui.dll -> C:\Windows\System32\dlbapmui.dll -> [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( )
dlbaserv.dll -> C:\Windows\System32\dlbaserv.dll -> [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( )
dlbacomm.dll -> C:\Windows\System32\dlbacomm.dll -> [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( )
dlbalmpm.dll -> C:\Windows\System32\dlbalmpm.dll -> [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( )
dlbaiesc.dll -> C:\Windows\System32\dlbaiesc.dll -> [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( )
dlbapplc.dll -> C:\Windows\System32\dlbapplc.dll -> [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( )
dlbacomc.dll -> C:\Windows\System32\dlbacomc.dll -> [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( )
dlbaprox.dll -> C:\Windows\System32\dlbaprox.dll -> [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( )
dlbainpa.dll -> C:\Windows\System32\dlbainpa.dll -> [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( )
dlbausb1.dll -> C:\Windows\System32\dlbausb1.dll -> [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( )
dlbahbn3.dll -> C:\Windows\System32\dlbahbn3.dll -> [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( )
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Mike\NTUSER.DAT -> [2010/03/04 01:06:19 | 007,077,888 | -HS- | M] ()
User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> C:\Windows\tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> [2010/03/04 00:56:19 | 000,000,420 | -H-- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/04 00:55:00 | 000,000,886 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/03/04 00:05:37 | 000,595,446 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/03/04 00:05:36 | 000,690,960 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/03/04 00:05:36 | 000,101,144 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/04 00:04:06 | 000,003,952 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/03/04 00:04:06 | 000,003,952 | -H-- | M] ()
OTS.exe -> C:\Users\Mike\Desktop\OTS.exe -> [2010/03/04 00:03:54 | 000,634,368 | ---- | M] (OldTimer Tools)
Norton Internet Security - Mike - Scan downloads.job -> C:\Windows\tasks\Norton Internet Security - Mike - Scan downloads.job -> [2010/03/04 00:00:00 | 000,000,640 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/03 23:47:46 | 000,000,882 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/03/03 23:47:44 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/03/03 23:47:30 | 000,067,584 | --S- | M] ()
NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/03 23:22:55 | 000,524,288 | -HS- | M] ()
NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> C:\Users\Mike\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf -> [2010/03/03 23:22:55 | 000,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Mike\AppData\Local\IconCache.db -> [2010/03/03 19:31:23 | 002,765,958 | -H-- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/03/03 16:49:18 | 000,137,216 | ---- | M] ()
Play Wizard101.lnk -> C:\Users\Public\Desktop\Play Wizard101.lnk -> [2010/02/28 18:20:25 | 000,000,761 | ---- | M] ()
iSkysoft iPod Movie Converter.lnk -> C:\Users\Mike\Desktop\iSkysoft iPod Movie Converter.lnk -> [2010/02/28 00:48:34 | 000,001,090 | ---- | M] ()
download.exe -> C:\Users\Mike\Documents\download.exe -> [2010/02/28 00:47:51 | 009,965,143 | ---- | M] (iSkysoft Software                                           )
DivX Player.lnk -> C:\Users\Public\Desktop\DivX Player.lnk -> [2010/02/24 08:18:06 | 000,000,945 | ---- | M] ()
DivX Converter.lnk -> C:\Users\Public\Desktop\DivX Converter.lnk -> [2010/02/24 08:17:46 | 000,000,981 | ---- | M] ()
Logitech Touch Mouse Server.lnk -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk -> [2010/02/24 05:51:49 | 000,001,018 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/02/24 03:27:11 | 000,390,192 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/02/24 03:20:18 | 001,407,360 | ---- | M] ()
Driver Robot.job -> C:\Windows\tasks\Driver Robot.job -> [2010/02/21 04:37:00 | 000,000,446 | ---- | M] ()
gmer.zip -> C:\Users\Mike\Desktop\gmer.zip -> [2010/02/17 00:22:15 | 000,284,915 | ---- | M] ()
Router_Setup.html -> C:\Users\Mike\Desktop\Router_Setup.html -> [2010/02/09 01:21:55 | 000,006,029 | ---- | M] ()
avgntflt.sys -> C:\Windows\System32\drivers\avgntflt.sys -> [2010/02/08 00:52:44 | 000,056,816 | ---- | M] (Avira GmbH)
Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/02/07 00:51:03 | 000,001,857 | ---- | M] ()
.googlewebacchosts -> C:\Users\Mike\AppData\Roaming\.googlewebacchosts -> [2010/02/06 23:06:45 | 000,000,000 | ---- | M] ()
Msft_User_WpdMtpDr_01_07_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf -> [2010/02/06 11:12:57 | 000,000,000 | -H-- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/02/05 20:56:32 | 000,001,804 | ---- | M] ()
diagwrn.xml -> C:\Windows\diagwrn.xml -> [2010/02/04 12:06:57 | 000,001,905 | ---- | M] ()
diagerr.xml -> C:\Windows\diagerr.xml -> [2010/02/04 12:06:57 | 000,001,905 | ---- | M] ()
FaxTools.lnk -> C:\Users\Public\Desktop\FaxTools.lnk -> [2010/02/04 11:12:56 | 000,001,671 | ---- | M] ()
hosts -> C:\Windows\System32\drivers\etc\hosts -> [2010/02/04 01:28:05 | 000,378,553 | R--- | M] ()
dellstat.ini -> C:\Windows\dellstat.ini -> [2010/02/03 00:12:07 | 000,000,102 | ---- | M] ()
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->

[Files - No Company Name]
Play Wizard101.lnk -> C:\Users\Public\Desktop\Play Wizard101.lnk -> [2010/02/28 18:20:25 | 000,000,761 | ---- | C] ()
iSkysoft iPod Movie Converter.lnk -> C:\Users\Mike\Desktop\iSkysoft iPod Movie Converter.lnk -> [2010/02/28 00:45:58 | 000,001,090 | ---- | C] ()
DivX Player.lnk -> C:\Users\Public\Desktop\DivX Player.lnk -> [2010/02/24 08:18:06 | 000,000,945 | ---- | C] ()
DivX Converter.lnk -> C:\Users\Public\Desktop\DivX Converter.lnk -> [2010/02/24 08:17:46 | 000,000,981 | ---- | C] ()
Logitech Touch Mouse Server.lnk -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk -> [2010/02/24 05:51:49 | 000,001,018 | ---- | C] ()
gmer.exe -> C:\Users\Mike\Desktop\gmer.exe -> [2010/02/17 00:22:51 | 000,293,376 | ---- | C] ()
gmer.zip -> C:\Users\Mike\Desktop\gmer.zip -> [2010/02/17 00:22:12 | 000,284,915 | ---- | C] ()
Router Login.url -> C:\Users\Mike\Desktop\Router Login.url -> [2010/02/09 01:21:56 | 000,000,172 | R--- | C] ()
Router_Setup.html -> C:\Users\Mike\Desktop\Router_Setup.html -> [2010/02/09 01:21:55 | 000,006,029 | ---- | C] ()
lsdelete.exe -> C:\Windows\System32\lsdelete.exe -> [2010/02/08 02:54:04 | 000,015,880 | ---- | C] ()
Avira AntiVir Control Center.lnk -> C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> [2010/02/07 00:51:03 | 000,001,857 | ---- | C] ()
Msft_User_WpdMtpDr_01_07_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf -> [2010/02/06 11:12:57 | 000,000,000 | -H-- | C] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2010/02/05 20:56:31 | 000,001,804 | ---- | C] ()
FaxTools.lnk -> C:\Users\Public\Desktop\FaxTools.lnk -> [2010/02/04 11:12:56 | 000,001,671 | ---- | C] ()
.googlewebacchosts -> C:\Users\Mike\AppData\Roaming\.googlewebacchosts -> [2010/02/04 01:52:32 | 000,000,000 | ---- | C] ()
dellstat.ini -> C:\Windows\dellstat.ini -> [2010/02/03 00:12:06 | 000,000,102 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/08/04 13:07:55 | 000,117,248 | ---- | C] ()
manage-bde.ini.en -> C:\Windows\System32\manage-bde.ini.en -> [2009/06/13 22:48:08 | 000,081,158 | ---- | C] ()
dlbajswr.dll -> C:\Windows\System32\dlbajswr.dll -> [2007/02/26 18:08:32 | 000,479,232 | ---- | C] ()
dlbacur.dll -> C:\Windows\System32\dlbacur.dll -> [2007/02/26 18:08:26 | 000,090,112 | ---- | C] ()
dlbacu.dll -> C:\Windows\System32\dlbacu.dll -> [2007/02/26 17:59:24 | 000,073,728 | ---- | C] ()
dlbautil.dll -> C:\Windows\System32\dlbautil.dll -> [2007/02/26 17:59:12 | 000,413,696 | ---- | C] ()
dlbacoin.dll -> C:\Windows\System32\dlbacoin.dll -> [2007/02/22 22:32:00 | 000,344,064 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 06:35:51 | 000,037,665 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 06:35:51 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 06:35:51 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 06:35:51 | 000,026,040 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 06:34:20 | 000,005,632 | ---- | C] ()
atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 04:25:44 | 000,159,744 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 01:40:29 | 000,013,750 | ---- | C] ()
dlbavs.dll -> C:\Windows\System32\dlbavs.dll -> [2005/12/16 19:15:18 | 000,040,960 | ---- | C] ()
dlbacnv4.dll -> C:\Windows\System32\dlbacnv4.dll -> [2005/09/13 17:27:08 | 000,061,440 | ---- | C] ()
px.ini -> C:\Windows\System32\px.ini -> [2004/04/09 02:15:50 | 000,000,000 | ---- | C] ()

[File - Lop Check]
Disney Mix It Plug-in -> C:\Users\Mike\AppData\Roaming\Disney Mix It Plug-in -> [2009/11/22 01:23:57 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Users\Mike\AppData\Roaming\GetRightToGo -> [2009/09/01 19:04:12 | 000,000,000 | ---D | M]
Leadertech -> C:\Users\Mike\AppData\Roaming\Leadertech -> [2009/06/14 03:12:44 | 000,000,000 | ---D | M]
LimeWire -> C:\Users\Mike\AppData\Roaming\LimeWire -> [2010/02/26 06:42:08 | 000,000,000 | ---D | M]
Skinux -> C:\Users\Mike\AppData\Roaming\Skinux -> [2009/06/10 23:58:24 | 000,000,000 | ---D | M]
Smart-Ads-Solutions -> C:\Users\Mike\AppData\Roaming\Smart-Ads-Solutions -> [2009/10/15 00:10:20 | 000,000,000 | ---D | M]
Smilebox -> C:\Users\Mike\AppData\Roaming\Smilebox -> [2010/02/26 03:25:45 | 000,000,000 | ---D | M]
Thinstall -> C:\Users\Mike\AppData\Roaming\Thinstall -> [2009/07/23 13:02:15 | 000,000,000 | ---D | M]
TigerPlayer -> C:\Users\Mike\AppData\Roaming\TigerPlayer -> [2009/08/09 10:26:49 | 000,000,000 | ---D | M]
uTorrent -> C:\Users\Mike\AppData\Roaming\uTorrent -> [2009/06/08 20:45:26 | 000,000,000 | ---D | M]
Vso -> C:\Users\Mike\AppData\Roaming\Vso -> [2009/10/22 12:55:42 | 000,000,000 | ---D | M]
W Photo Studio Viewer -> C:\Users\Mike\AppData\Roaming\W Photo Studio Viewer -> [2009/08/03 22:59:06 | 000,000,000 | ---D | M]
Driver Robot.job -> C:\Windows\Tasks\Driver Robot.job -> [2010/02/21 04:37:00 | 000,000,446 | ---- | M] ()
SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/03/03 23:23:00 | 000,032,552 | ---- | M] ()
User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job -> [2010/03/04 00:56:19 | 000,000,420 | -H-- | M] ()

[File - Purity Scan]

[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 09:56:00 | 000,700,416 | ---- | M] (LimeWire)
< %ProgramFiles%\Movie Maker\*.dll >
MOVIEMK.dll -> C:\Program Files\Movie Maker\MOVIEMK.dll -> [2009/04/11 00:28:20 | 010,927,104 | ---- | M] (Microsoft Corporation)
OmdBase.dll -> C:\Program Files\Movie Maker\OmdBase.dll -> [2009/04/11 00:28:23 | 009,090,560 | ---- | M] (Microsoft Corporation)
OmdProject.dll -> C:\Program Files\Movie Maker\OmdProject.dll -> [2009/04/11 00:28:23 | 004,137,984 | ---- | M] (Microsoft Corporation)
Pipeline.dll -> C:\Program Files\Movie Maker\Pipeline.dll -> [2008/01/19 01:36:06 | 001,597,440 | ---- | M] (Microsoft Corporation)
PipeTran.dll -> C:\Program Files\Movie Maker\PipeTran.dll -> [2008/01/19 01:36:06 | 001,500,160 | ---- | M] (Microsoft Corporation)
VideoMediaHandler.dll -> C:\Program Files\Movie Maker\VideoMediaHandler.dll -> [2008/01/19 01:36:47 | 000,453,120 | ---- | M] (Microsoft Corporation)
WMM2AE.dll -> C:\Program Files\Movie Maker\WMM2AE.dll -> [2009/04/11 00:28:25 | 000,195,072 | ---- | M] (Microsoft Corporation)
WMM2CLIP.dll -> C:\Program Files\Movie Maker\WMM2CLIP.dll -> [2009/04/11 00:28:25 | 000,243,712 | ---- | M] (Microsoft Corporation)
WMM2EXT.dll -> C:\Program Files\Movie Maker\WMM2EXT.dll -> [2009/04/11 00:28:25 | 000,023,040 | ---- | M] (Microsoft Corporation)
WMM2FILT.dll -> C:\Program Files\Movie Maker\WMM2FILT.dll -> [2009/04/11 00:28:25 | 000,322,560 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: ALLUSERSAPPDATA
< %SYSTEMROOT%\*.tmp >
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
< %PROGRAMFILES%\Internet Explorer\*.dll >
hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2008/01/19 01:34:26 | 000,069,632 | ---- | M] (Microsoft Corporation)
iessetup.dll -> C:\Program Files\Internet Explorer\iessetup.dll -> [2006/11/02 03:46:05 | 000,016,384 | ---- | M] (Microsoft Corporation)
sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2009/06/07 23:47:50 | 000,129,536 | ---- | M] (Microsoft Corporation)
Invalid Environment Variable: DriveLetter
< %systemroot%\system32\*.dll /lockedfiles >
comsvcs.dll : Unable to obtain MD5  -> C:\Windows\System32\comsvcs.dll -> [2009/04/11 00:28:18 | 001,209,856 | ---- | M] (Microsoft Corporation)
rsaenh.dll : Unable to obtain MD5  -> C:\Windows\System32\rsaenh.dll -> [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)
SLC.dll : Unable to obtain MD5  -> C:\Windows\System32\SLC.dll -> [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)
vbscript.dll : Unable to obtain MD5  -> C:\Windows\System32\vbscript.dll -> [2009/04/11 00:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation)
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/19 01:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\drivers\AGP440.sys -> [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\drivers\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2009/06/08 23:20:25 | 000,021,560 | ---- | M] (Microsoft Corporation)
< %systemdrive%\CNGAUDIT.DLL  /md5 /s >
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
< %systemdrive%\IASTORV.SYS  /md5 /s >
iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys -> [2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 01:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\drivers\iaStorV.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\System32\netlogon.dll -> [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 01:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NVSTOR.SYS  /md5 /s >
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\drivers\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 01:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 01:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 03:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\System32\scecli.dll -> [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/11 00:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
comsvcs.dll : Unable to obtain MD5  -> C:\Windows\System32\comsvcs.dll -> [2009/04/11 00:28:18 | 001,209,856 | ---- | M] (Microsoft Corporation)
rsaenh.dll : Unable to obtain MD5  -> C:\Windows\System32\rsaenh.dll -> [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)
SLC.dll : Unable to obtain MD5  -> C:\Windows\System32\SLC.dll -> [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)
vbscript.dll : Unable to obtain MD5  -> C:\Windows\System32\vbscript.dll -> [2009/04/11 00:28:25 | 000,430,080 | ---- | M] (Microsoft Corporation)
< %systemroot%\Tasks\*.job /lockedfiles >
< c:\$recycle.bin\*.* /s >
desktop.ini -> c:\$recycle.bin\S-1-5-20\desktop.ini -> [2009/06/13 13:09:56 | 000,000,129 | -HS- | M] ()
desktop.ini -> c:\$recycle.bin\S-1-5-21-2577028956-973465584-2722947088-1000\desktop.ini -> [2009/06/07 22:11:25 | 000,000,129 | -HS- | M] ()
desktop.ini -> c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500\desktop.ini -> [2006/11/02 07:02:47 | 000,000,129 | -HS- | M] ()
OTS cannot create restorepoints on Vista OSs!
< End of report >




Share this post


Link to post
Share on other sites
Hey [b]mferguson26[/b],

Apologies for the delay.

From your log, you seem to have multiple anti-virus and anti-spyware running on your computer. This is not recommended as multiple protection of the [b]same kind[/b] can cause conflicts and reduce the efficiency of the softwares. Please keep only ONE anti-virus and ONE anti-spyware active protection running and disable/uninstall the rest. I would advise you to keep [b]Norton Internet Security[/b] as it provides anti-virus, anti-spyware and firewall protection at the same time. Please disable/uninstall the other softwares listed below:

[b]Avira Antivir
Spybot Search and Destroy
Windows Defender[/b]

I don't see much in your log, let's run some tools. ;)

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Norton Internet Security[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1)[/size] Run SystemLook[/b][/color]

Please download [color="red"][b]SystemLook[/b][/color] from one of the links below and save it to your [u]Desktop[/u].
[b][url="http://jpshortstuff.247fixes.com/SystemLook.exe"][color="blue"]Download Mirror #1[/color][/url]
[url="http://images.malwareremoval.com/jpshortstuff/SystemLook.exe"][color="blue"]Download Mirror #2[/color][/url][/b][list]
[*]Double-click [b]SystemLook.exe[/b] to run it.
[*]Copy the [u]content[/u] of the following codebox into the main textfield:
[code]&#58;Filefind
comsvcs.dll
rsaenh.dll
SLC.dll
vbscript.dll[/code]

[*]Click the [b]Look[/b] button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
[/list][b]Note:[/b] The log can also be found on your Desktop entitled [b]SystemLook.txt[/b]

[color="#8B0000"][b][size=5]2) [/size]Run Malwarebytes Anti-Malware[/b][/color]

Please download Malwarebytes' Anti-Malware from [url="http://www.besttechie.net/tools/mbam-setup.exe"][color="#2E8B57"][b]Here[/b][/color][/url] or [url="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"][color="#2E8B57"][b]Here[/b][/color][/url]

Double Click mbam-setup.exe to install the application.[list]
[*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b].
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b].
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]Extra Note:
[color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/b][/color]

[color="#8B0000"][b][size=5]3)[/size] Run GMER[/b][/color]

Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop.

[color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color]

Double-click [b]gmer.exe[/b]. The program will begin to run.

[color="red"][b]**Caution**[/b]
These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised![/color]

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list]
[*]Click [b]NO[/b]
[*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]un-checked[/b].
[*]Now click the Scan button.
[i]Once the scan is complete, you may receive another notice about rootkit activity.[/i]
[*]Click OK.
[*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]"
[*]Save it where you can easily find it, such as your desktop.
[/list]Post the contents of GMER.txt in your next reply.

[b]Next reply (please include in your post):[/b]

SystemLook.txt
MBAM scan log
GMER.txt

Share this post


Link to post
Share on other sites
Hi,

Do you still need help?

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Opened as per OP's request.

Please run the tools I recommended above and post me the logs. Thanks. :rolleyes:

Share this post


Link to post
Share on other sites
Hi,

Do you still need help?

Share this post


Link to post
Share on other sites
[quote name='Ltangelic' post='118521' date='Apr 2 2010, 12:49 PM']Hi,

Do you still need help?[/quote]
Yes, and thank you for re-opening this topic. I work weird hours and I've been putting in alot of overtime. Couple that with the kids always hogging the computer at home and I barely have time to sit at the computer. But I printed ur instructions and will perform your recommended actions a.s.a.p and will post the logs you requested. Please bear with me if I take a longer than usual to respond, and thank you so much in advance for your help.

Fergy.

Share this post


Link to post
Share on other sites
Ok I'm starting on your instructions. First off, my Norton is expired, so I left Avira in place so my computer would be protected. I will renew Norton on Wednesday and will delete Avira then. For the purposes of the troubleshooting, I disabled Avira and Windows Defender.

Here's the report from SystemLook
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:28 on 02/04/2010 by Mike (Administrator - Elevation successful)

========== Filefind ==========

Searching for "comsvcs.dll"
C:\Windows\System32\comsvcs.dll --a--- 1209856 bytes [19:08 04/08/2009] [06:28 11/04/2009] 95A5497D129D95D12A46F7848AFFE1DB
C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6000.16386_none_708ba331a2f2ea29\comsvcs.dll --a--- 1210880 bytes [08:51 02/11/2006] [09:46 02/11/2006] 92E4AD213BBCA2895B836F913EF85478
C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\comsvcs.dll --a--- 1208320 bytes [04:50 14/06/2009] [07:33 19/01/2008] EE11E4FE19D61275246E5772BC1EC795
C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6002.18005_none_74adde399cffc649\comsvcs.dll --a--- 1209856 bytes [19:08 04/08/2009] [06:28 11/04/2009] 95A5497D129D95D12A46F7848AFFE1DB

Searching for "rsaenh.dll"
C:\Windows\System32\rsaenh.dll --a--- 241128 bytes [19:07 04/08/2009] [06:27 11/04/2009] E14170AEA125119B98FA2BDE3FF4F462
C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6000.16386_none_5d904dcbb4596800\rsaenh.dll --a--- 228968 bytes [08:45 02/11/2006] [09:47 02/11/2006] A90247CD20C2DB51C264EACC00A3039F
C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\rsaenh.dll --a--- 242744 bytes [04:49 14/06/2009] [07:38 19/01/2008] 5178D99B1CBD1C9D310904417E2C5A11
C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6002.18005_none_61b288d3ae664420\rsaenh.dll --a--- 241128 bytes [19:07 04/08/2009] [06:27 11/04/2009] E14170AEA125119B98FA2BDE3FF4F462

Searching for "SLC.dll"
C:\Windows\System32\SLC.dll --a--- 228352 bytes [19:08 04/08/2009] [06:28 11/04/2009] C6DF7A87063D006ECF1FD8156CB6DE3F
C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16386_none_c2e898f3a9024b10\SLC.dll --a--- 221184 bytes [08:44 02/11/2006] [09:46 02/11/2006] C984BA7C8AAB74D1ED8A38A14B19D8C6
C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.16509_none_c3421cfda8beb1db\SLC.dll --a--- 223232 bytes [06:46 08/06/2009] [06:46 08/06/2009] AE43F1EEA8CB7BD6D372F5A08B00849D
C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6000.20624_none_c3b1187ec1f10ad4\SLC.dll --a--- 223232 bytes [06:46 08/06/2009] [06:46 08/06/2009] D1F0A982F40CF6E48A157C317A4794DF
C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\SLC.dll --a--- 225792 bytes [04:50 14/06/2009] [07:36 19/01/2008] C0D487FD64092792B47E80A0FF27E5C6
C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6002.18005_none_c70ad3fba30f2730\SLC.dll --a--- 228352 bytes [19:08 04/08/2009] [06:28 11/04/2009] C6DF7A87063D006ECF1FD8156CB6DE3F

Searching for "vbscript.dll"
C:\Windows\System32\vbscript.dll --a--- 430080 bytes [19:08 04/08/2009] [06:28 11/04/2009] 34762E419CB79416BE49A8E484525453
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6000.16386_none_4623415330fbf275\vbscript.dll --a--- 413696 bytes [08:50 02/11/2006] [09:46 02/11/2006] 56379B9F65E26F04D987BBCF0662BAD2
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18000_none_485a034f2de70349\vbscript.dll --a--- 430080 bytes [04:50 14/06/2009] [07:36 19/01/2008] A50CFEE5140F2704459C22D264A4BDB0
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.18068_none_482126172e1075a7\vbscript.dll --a--- 430080 bytes [06:28 02/08/2009] [21:59 08/05/2008] C7EC53FBE59F47DDF3648BCA256D79D2
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6001.22175_none_489cf2184738e55d\vbscript.dll --a--- 430080 bytes [06:28 02/08/2009] [05:22 08/05/2008] DC948E750D1A82F39BD93740ED835257
C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_6.0.6002.18005_none_4a457c5b2b08ce95\vbscript.dll --a--- 430080 bytes [19:08 04/08/2009] [06:28 11/04/2009] 34762E419CB79416BE49A8E484525453

-=End Of File=-




AND HERE IS THE ONE FROM MALWAREBYTES

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/2/2010 11:47:54 PM
mbam-log-2010-04-02 (23-47-54).txt

Scan type: Quick scan
Objects scanned: 111817
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 106
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 69

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Roaming\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.


I have to restart so the GMER one will be next

Share this post


Link to post
Share on other sites
Ok two things. I forgot to mention before that I uninstalled Spybot search and destroy, so that one is gone


Now I ran the GMER one, and some time into it a msg popped up that said "a problem occurred and GMER.exe has been stopped" and then something about windows notifying me if a solution was found. I ran this one before and It didn't do that, so I don't know what happened.

Thanks for your time!

Fergy

Share this post


Link to post
Share on other sites
Allright, I ran GMER again and here's what I got:

GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-04-03 01:38:08
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwldypow.sys


---- System - GMER 1.0.15 ----

SSDT 8748DF90 ZwAlertResumeThread
SSDT 867E9E88 ZwAlertThread
SSDT 87371E38 ZwAllocateVirtualMemory
SSDT 867032C0 ZwAlpcConnectPort
SSDT 87519B08 ZwAssignProcessToJobObject
SSDT 874CFF80 ZwCreateMutant
SSDT 8757DEE0 ZwCreateSymbolicLinkObject
SSDT 9C5E722C ZwCreateThread
SSDT 87500D68 ZwDebugActiveProcess
SSDT 867A57C0 ZwDuplicateObject
SSDT 87371C58 ZwFreeVirtualMemory
SSDT 867C5C30 ZwImpersonateAnonymousToken
SSDT 867AA2C0 ZwImpersonateThread
SSDT 866CA350 ZwLoadDriver
SSDT 86F66B10 ZwMapViewOfSection
SSDT 874CFEA0 ZwOpenEvent
SSDT 9C5E7218 ZwOpenProcess
SSDT 87371F28 ZwOpenProcessToken
SSDT 87500F90 ZwOpenSection
SSDT 9C5E721D ZwOpenThread
SSDT 87519A18 ZwProtectVirtualMemory
SSDT 868F2820 ZwResumeThread
SSDT 86F66880 ZwSetContextThread
SSDT 86F66960 ZwSetInformationProcess
SSDT 87500E48 ZwSetSystemInformation
SSDT 874CFDC0 ZwSuspendProcess
SSDT 86DE2990 ZwSuspendThread
SSDT 9C5E7227 ZwTerminateProcess
SSDT 86DE2630 ZwTerminateThread
SSDT 86F66A50 ZwUnmapViewOfSection
SSDT 87371D48 ZwWriteVirtualMemory
SSDT 8757DFB0 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 30D 82078904 4 Bytes [90, DF, 48, 87] {NOP ; FISTTP WORD [EAX-0x79]}
.text ntoskrnl.exe!KeInsertQueue + 312 82078909 3 Bytes [9E, 7E, 86] {SAHF ; JLE 0xffffffffffffff89}
.text ntoskrnl.exe!KeInsertQueue + 321 82078918 4 Bytes [38, 1E, 37, 87]
.text ntoskrnl.exe!KeInsertQueue + 32D 82078924 4 Bytes [C0, 32, 70, 86]
.text ntoskrnl.exe!KeInsertQueue + 381 82078978 4 Bytes [08, 9B, 51, 87]
.text ...
? System32\drivers\brgombn.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F408000, 0x2585E6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2776] ntdll.dll!RtlEncodeSystemPointer + 873 77A3938B 10 Bytes JMP 03E6003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxParamW 776710B0 5 Bytes JMP 6552BF9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxIndirectParamW 77672EF5 5 Bytes JMP 6566B45A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxParamA 77688152 5 Bytes JMP 6566B41F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!DialogBoxIndirectParamA 7768847D 5 Bytes JMP 6566B495 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxIndirectA 7769D4D9 5 Bytes JMP 6566B3DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxIndirectW 7769D5D3 5 Bytes JMP 6566B397 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxExA 7769D639 5 Bytes JMP 6566B35D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] USER32.dll!MessageBoxExW 7769D65D 5 Bytes JMP 6566B323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!OleLoadFromStream 77751E12 5 Bytes JMP 6566B657 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!CoGetTreatAsClass + D2F 7776FAB7 7 Bytes JMP 03E601A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2776] ole32.dll!CoCreateInstance + 3E 77789EE4 7 Bytes JMP 03E600F3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74ABA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74AECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\[email protected] 0x0B 0x5B 0xEA 0x25 ...

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites
Hey [b]mferguson26[/b],

Thank you for getting back to me, let's begin. :)

[color="#0000FF"][b]Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.[/b][/color]

Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) ([b]Avira antivir and Windows Defender[/b]) as it/they may hinder the tools from running. Instructions is in the link below:

[url="http://www.bleepingcomputer.com/forums/topic114351.html"]http://www.bleepingcomputer.com/forums/topic114351.html[/url]

[color="#8B0000"][b][size=5]1) Run ComboFix[/size][/b][/color]

Download ComboFix from one of these locations:

[url="http://subs.geekstogo.com/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url]
[url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url]
[url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 3[/color][/b][/url]

[color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color]
[list]
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[/list]
[color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

[CENTER][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/CENTER]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img]

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] in your next reply.

[color="#8B0000"][b][size=5]2) Run OTS[/size][/b][/color]

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to [url="http://www.mediafire.com/"][color="#FF0000"]Mediafire[/color][/url] and post the sharing link.

Download [url="http://oldtimer.geekstogo.com/OTS.exe"][b][color="red"]OTS[/color][/b][/url] to your Desktop[list]
[*]Close [b]ALL OTHER PROGRAMS[/b].
[*]Double-click on [b]OTS.exe[/b] to start the program.
[*]Check the box that says [b]Scan All Users[/b]
[*]Under Additional Scans check the following:[list]
[*]Reg - Shell Spawning

[*]File - Lop Check

[*]File - Purity Scan

[*]Evnt - EvtViewer (last 10)
[/list]
[*]Under custom scans copy and paste the following[list][b]netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\*.*
%ProgramFiles%\Movie Maker\*.dll
%ALLUSERSAPPDATA%\*.dll
%SYSTEMROOT%\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dll
%DriveLetter%\RECYCLER\*S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%d*.
%systemroot%\system32\*.dll /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
c:\$recycle.bin\*.* /s
CREATERESTOREPOINT[/b]
[/list]
[*]Now click the [b]Run Scan[/b] button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete [b]Notepad[/b] will open with the report file loaded in it.
[*]Click the [b]Format[/b] menu and make sure that [b]Wordwrap[/b] is not checked. If it is then click on it to uncheck it.
[/list]Please [b]attach[/b] the log in your next post.

To attach a file, do the following:[list]
[*]Click [b]Add Reply[/b]
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green [b]Upload[/b] button
[*]Once it has uploaded, click the [b]Manage Current Attachments[/b] drop down box
[*]Click on [img]http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png[/img] to insert the attachment into your post
[/list]
[color="#8B0000"][b][size=5]3) Run GMER[/size][/b][/color]

Download the [url="http://www.gmer.net/gmer.zip"][color="#FF0000"][b]GMER Rootkit Scanner[/b][/color][/url]. Unzip it to your Desktop.

[color="#FF0000"][b]Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.[/b][/color]

Double-click [b]gmer.exe[/b]. The program will begin to run.

[color="red"][b]**Caution**[/b]
These types of scans can produce false positives. Do NOT take any action on any [/color][color="#0000FF"]"<--- ROOKIT"[/color] [color="#FF0000"]entries unless advised![/color]

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.[list]
[*]Click [b]NO[/b]
[*]In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is [b]un-checked[/b].
[*]Now click the Scan button.
[i]Once the scan is complete, you may receive another notice about rootkit activity.[/i]
[*]Click OK.
[*]GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "[b]GMER.txt[/b]"
[*]Save it where you can easily find it, such as your desktop.
[/list]Post the contents of GMER.txt in your next reply.

[b]Next reply (please include in your post):[/b]

OTS.txt (attached)
ComboFix.txt
GMER.txt

Share this post


Link to post
Share on other sites
Ok. I disabled Avira. I can't disable Norton because when I click the icon, the only option I get is to renew my subscription, and I can't do that till Wednesday.
But here is the Combofix Log.
ComboFix 10-04-03.01 - Mike 04/03/2010 20:51:35.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1709 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\programdata\ntuser.dat{188db441-964f-11de-a0c7-001111bf0a9a}.TMContainer00000000000000000001.regtrans-ms
c:\users\Mike\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-03 16:29 . 2010-02-12 23:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-04-03 16:29 . 2010-02-02 01:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-04-03 04:39 . 2010-04-03 04:39 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2010-04-03 04:38 . 2010-03-29 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\programdata\Malwarebytes
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 04:38 . 2010-03-29 20:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 04:17 . 2010-04-03 04:17 -------- d-----w- c:\windows\Sun
2010-04-03 04:16 . 2010-04-03 04:16 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 18:09 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 18:09 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 04:00 . 2010-03-28 04:00 -------- d-----w- c:\program files\SopCast
2010-03-22 13:10 . 2010-03-22 13:10 -------- d-----w- c:\program files\DivX Free Codec
2010-03-22 13:01 . 2010-03-22 13:01 2738 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
2010-03-22 13:01 . 2010-03-22 13:01 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-22 13:01 . 2010-03-22 13:01 -------- d-----w- c:\program files\Illustrate
2010-03-22 12:57 . 2010-03-22 12:54 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-03-22 12:57 . 2010-03-22 12:54 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-03-22 12:57 . 2010-03-22 12:57 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-22 12:57 . 2010-03-22 12:57 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-22 12:57 . 2010-03-22 12:57 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-22 12:57 . 2010-03-22 12:57 57676 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-03-22 12:57 . 2010-03-22 12:57 84035 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-03-22 12:54 . 2010-03-22 12:54 62776 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-03-22 12:54 . 2010-03-22 12:57 -------- d-----w- c:\programdata\DivX
2010-03-22 00:08 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-21 18:21 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVEX32A.DLL
2010-03-21 18:21 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVENG.SYS
2010-03-21 18:21 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVEX15.SYS
2010-03-21 18:21 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\EECTRL.SYS
2010-03-21 18:21 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\ERASER.SYS
2010-03-21 18:21 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\NAVENG32.DLL
2010-03-21 18:21 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\CCERASER.DLL
2010-03-21 18:21 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100321.004\ECMSVR32.DLL
2010-03-14 23:11 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll
2010-03-14 23:11 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys
2010-03-14 23:11 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll
2010-03-14 23:11 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys
2010-03-14 23:11 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys
2010-03-14 13:48 . 2010-03-15 15:14 -------- d-----w- c:\users\Mike\AppData\Local\AirVideoServer
2010-03-14 13:48 . 2010-04-04 01:51 -------- d-----w- C:\jexepackres
2010-03-14 13:48 . 2010-03-14 13:48 -------- d-----w- c:\program files\AirVideoServer
2010-03-11 09:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 09:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 09:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-10 21:46 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSvix86.sys
2010-03-10 21:46 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSXpx86.sys
2010-03-10 21:46 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\Scxpx86.dll
2010-03-10 21:46 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSxpx86.dll
2010-03-10 21:46 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100310.001\IDSviA64.sys
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 05:56 . 2010-03-05 05:56 -------- d-----w- c:\users\Mike\AppData\Local\LogMeIn
2010-03-05 05:56 . 2010-03-05 05:56 -------- d-----w- c:\programdata\LogMeIn
2010-03-05 05:56 . 2009-09-29 01:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-03-05 05:56 . 2009-09-29 01:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-03-05 05:56 . 2009-09-29 01:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-03-05 05:56 . 2008-08-11 18:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-03-05 05:56 . 2009-09-29 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-03-05 05:56 . 2010-04-03 16:29 -------- d-----w- c:\program files\LogMeIn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 04:51 . 2009-06-08 07:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 04:19 . 2009-06-08 07:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-03 04:16 . 2009-06-09 02:33 -------- d-----w- c:\program files\Java
2010-03-28 04:03 . 2010-01-16 22:00 -------- d-----w- c:\program files\Veetle
2010-03-26 00:11 . 2009-06-09 02:36 -------- d-----w- c:\users\Mike\AppData\Roaming\LimeWire
2010-03-22 12:59 . 2009-06-29 03:18 -------- d-----w- c:\users\Mike\AppData\Roaming\DivX
2010-03-22 12:57 . 2009-06-29 03:18 -------- d-----w- c:\program files\DivX
2010-03-22 12:57 . 2009-06-29 03:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-19 10:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-19 08:55 . 2009-06-11 06:19 -------- d-----w- c:\program files\Chuzzle Deluxe
2010-03-13 23:04 . 2010-02-06 02:57 -------- d-----w- c:\users\Mike\AppData\Roaming\Apple Computer
2010-03-12 12:36 . 2009-06-08 04:11 390584 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 09:49 . 2009-06-08 17:05 -------- d-----w- c:\program files\Disney
2010-03-12 09:47 . 2010-02-28 06:45 -------- d-----w- c:\program files\iSkysoft
2010-03-09 09:28 . 2009-06-09 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-05 08:26 . 2009-12-26 06:01 680 ----a-w- c:\users\Mike\AppData\Local\d3d9caps.dat
2010-03-04 07:55 . 2009-06-08 13:55 -------- d-----w- c:\program files\Google
2010-03-04 07:44 . 2009-10-15 06:19 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-03-01 11:18 . 2009-10-25 04:18 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-03-01 00:22 . 2010-03-01 00:22 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2010-03-01 00:22 . 2010-03-01 00:22 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2010-03-01 00:20 . 2009-06-08 05:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 06:51 . 2010-02-28 06:51 -------- d-----w- c:\programdata\xml_param
2010-02-26 09:25 . 2009-09-24 09:05 -------- d-----w- c:\users\Mike\AppData\Roaming\Smilebox
2010-02-24 11:51 . 2010-02-24 11:51 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-22 19:30 . 2010-02-22 19:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 18:19 . 2009-06-10 03:29 -------- d-----w- c:\programdata\NOS
2010-02-08 06:52 . 2010-02-07 06:50 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-07 06:50 . 2010-02-07 06:50 -------- d-----w- c:\programdata\Avira
2010-02-07 06:50 . 2010-02-07 06:50 -------- d-----w- c:\program files\Avira
2010-02-06 17:12 . 2010-02-06 17:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-06 03:10 . 2009-09-21 04:47 -------- d-----w- c:\programdata\Apple
2010-02-06 02:56 . 2010-02-06 02:55 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-06 02:56 . 2010-02-06 02:55 -------- d-----w- c:\program files\iTunes
2010-02-06 02:55 . 2010-02-06 02:55 -------- d-----w- c:\program files\iPod
2010-02-06 02:55 . 2009-09-23 07:17 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 02:55 . 2010-02-06 02:52 -------- d-----w- c:\programdata\Apple Computer
2010-02-06 02:51 . 2010-02-06 02:51 -------- d-----w- c:\program files\Apple Software Update
2010-02-04 17:25 . 2009-10-25 04:19 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 17:24 . 2009-10-25 04:18 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 17:24 . 2009-10-25 04:18 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\program files\FaxTools
2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\programdata\BVRP Software
2010-02-04 17:07 . 2010-02-04 17:07 -------- d-----w- c:\program files\Dell A940
2010-02-04 07:31 . 2009-06-14 06:42 -------- d-----w- c:\programdata\Yahoo! Companion
2010-01-25 19:33 . 2010-01-25 17:33 1602184 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxClient.exe
2010-01-25 17:58 . 2010-01-25 17:58 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2010-01-25 12:00 . 2010-02-23 19:26 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 19:26 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 19:26 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 19:26 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 19:26 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 19:26 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 19:26 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 19:26 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 19:26 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 19:27 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 01:51 . 2010-01-23 01:51 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-19 10:34 . 2009-07-31 21:10 373384 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxStarter.exe
2010-01-19 10:34 . 2009-07-31 20:41 168584 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2010-01-19 10:34 . 2009-07-31 19:17 266888 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe
2010-01-19 10:34 . 2009-07-31 19:17 205448 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxDvd.exe
2010-01-19 09:45 . 2010-01-19 09:45 344712 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2010-01-19 09:45 . 2010-01-19 09:45 123528 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2010-01-06 15:39 . 2010-02-23 19:26 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 19:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 19:26 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 19:26 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 19:26 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 19:26 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-23 19:26 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-01-27 4637448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"DivX Free Codec"="c:\program files\DivX Free Codec\Divx Free Update.exe" [2007-03-30 274432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Mike^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 18:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2010-01-19 10:34 266888 ----a-w- c:\users\Mike\AppData\Roaming\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:):2b,75,46,32,bb,15,ca,01

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva311;XDva311;c:\windows\system32\XDva311.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100312.001\IDSvix86.sys [2009-10-28 343088]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe [2007-03-06 538096]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{E3DB24F4-361D-4FA6-B812-065F2D2E9963}.job
- c:\windows\system32\msfeedssync.exe [2009-06-14 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\c5l497xp.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\Mike\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-04-03 21:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Lavasoft\Ad-Aware]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Local AppWizard-Generated Applications\hprbui]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\Uforia\Mercenary Wars]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form]
@DACL=(02 0000)
"Dkp_Log_Visible"="TRUE"
"ShowCmd"=dword:00000001
"Flags"=dword:00000000
"PixelsPerInch"=dword:00000060
"MinMaxPos(1280x1024)"="-1,-1,-1,-1"
"MinMaxPos"="-1,-1,-1,-1"
"NormPos(1280x1024)"="8,303,542,719"
"NormPos"="8,303,542,719"
"Dkp_Log_FloatingHeight"=dword:000000e6
"Dkp_Log_FloatingWidth"=dword:000000a0
"Dkp_Log_Height"=dword:00000056
"Dkp_Log_Width"=dword:00000206
"Dkp_Log_DockPos"=dword:00000000
"Dkp_Log_DockRow"=dword:00000000
"Dkp_Log_SplitHeight"=dword:000000fa
"Dkp_Log_SplitWidth"=dword:00000000
"Dkp_Log_FloatingMode"="fmOnTopOfParentForm"
"Dkp_Log_DockedHeight"=dword:00000052
"Dkp_Log_DockedWidth"=dword:000000c0
"Dkp_Log_floating"="FALSE"
"Dkp_Log_FloatingPosition_x"=dword:00000000
"Dkp_Log_FloatingPosition_y"=dword:00000000
"Dkp_Preview_Visible"="TRUE"
"Dkp_Preview_FloatingHeight"=dword:00000238
"Dkp_Preview_FloatingWidth"=dword:000002e0
"Dkp_Preview_Height"=dword:000000f7
"Dkp_Preview_Width"=dword:000000b9
"Dkp_Preview_DockPos"=dword:00000000
"Dkp_Preview_DockRow"=dword:00000000
"Dkp_Preview_SplitHeight"=dword:00000095
"Dkp_Preview_SplitWidth"=dword:00000000
"Dkp_Preview_FloatingMode"="fmOnTopOfParentForm"
"Dkp_Preview_DockedHeight"=dword:00000080
"Dkp_Preview_DockedWidth"=dword:000000b5
"Dkp_Preview_floating"="FALSE"
"Dkp_Preview_FloatingPosition_x"=dword:00000000
"Dkp_Preview_FloatingPosition_y"=dword:00000000

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form\Dkp_Log_CurrentDock]
@DACL=(02 0000)
"Name"="DockBottom"
"Tag"=dword:00000000
"AlignWithMargins"="FALSE"
"Left"=dword:00000000
"Top"=dword:00000110
"Width"=dword:00000206
"Height"=dword:00000056
"Cursor"="crDefault"
"Hint"=""
"HelpType"="htContext"
"HelpKeyword"=""
"HelpContext"=dword:00000000
"ParentCustomHint"="TRUE"
"AllowDrag"="TRUE"
"BackgroundOnToolbars"="TRUE"
"Color"="clNone"
"FixAlign"="FALSE"
"LimitToOneRow"="FALSE"
"Position"="dpBottom"
"Visible"="TRUE"
"UseParentBackground"="FALSE"

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\main_form\Dkp_Preview_CurrentDock]
@DACL=(02 0000)
"Name"="Mdright"
"Tag"=dword:00000003
"AlignWithMargins"="FALSE"
"Left"=dword:0000014d
"Top"=dword:00000019
"Width"=dword:000000b9
"Height"=dword:000000f7
"Cursor"="crDefault"
"Hint"=""
"HelpType"="htContext"
"HelpKeyword"=""
"HelpContext"=dword:00000000
"ParentCustomHint"="TRUE"
"AllowDrag"="TRUE"
"BackgroundOnToolbars"="TRUE"
"Color"="clBtnFace"
"FixAlign"="FALSE"
"LimitToOneRow"="FALSE"
"Position"="dpRight"
"Visible"="TRUE"

[HKEY_USERS\S-1-5-21-2577028956-973465584-2722947088-1000\Software\VSO\ConvertXtoDVD\3.0\settings]
@DACL=(02 0000)
"Auth_Auto_Start"="FALSE"
"Auth_Integrate_Menu"="TRUE"
"Auth_Sequential_Playback"="FALSE"
"Auth_Loop_Playback"="FALSE"
"Auth_Direct_tt_Play"="TRUE"
"Menu_template_name"="Black Mirror"
"Enc_target_size"=dword:000010cc
"Burn_Speed"="4x"
"locale_file"="CX3_English.ini"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}00\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-03 21:05:35
ComboFix-quarantined-files.txt 2010-04-04 02:05

Pre-Run: 229,126,094,848 bytes free
Post-Run: 229,119,561,728 bytes free

- - End Of File - - D08189F9B5125108199B3AD899E2D8B4

Share this post


Link to post
Share on other sites
Hi,

Please go [url="http://www.mediafire.com/"]here[/url] and upload your OTS.txt there, I can't seem to download the attached OTS.txt from here.

Share this post


Link to post
Share on other sites
Hi,

Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you. :)

Share this post


Link to post
Share on other sites
Hi mferguson26,

Download DDS and save it to your desktop from [url="http://download.bleepingcomputer.com/sUBs/dds.com"][b][color="seagreen"]here[/color][/b][/url] or [url="http://download.bleepingcomputer.com/sUBs/dds.scr"][b][color="seagreen"]here[/color][/b][/url] or [url="http://www.forospyware.com/sUBs/dds"][b][color="seagreen"]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds.scr [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
[attachment=8027:Attach.txt]

I hope i did these right.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 21:41:20.37 on Thu 04/15/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3069.1736 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\dlbacoms.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\snmptrap.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Free Codec] c:\program files\divx free codec\Divx Free Update.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfoforum.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\c5l497xp.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-24 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-27 310320]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-2-7 11608]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSvix86.sys [2010-3-14 343088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-2-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-2-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-7 56816]
R2 dlba_device;dlba_device;c:\windows\system32\dlbacoms.exe -service --> c:\windows\system32\dlbacoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-5 47640]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2009-6-13 179712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-29 102448]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-13 21504]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-1-27 48688]

=============== Created Last 30 ================

2010-04-14 12:14:19 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 12:14:11 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 12:14:10 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 12:14:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 12:14:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 12:14:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 12:14:03 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 12:14:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 12:14:00 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 12:14:00 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 12:14:00 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 12:13:04 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 12:12:03 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 17:50:50 0 d-----w- c:\program files\iPod
2010-04-12 17:50:47 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 17:50:47 0 d-----w- c:\program files\iTunes
2010-04-12 17:44:58 0 d-----w- c:\program files\Bonjour
2010-04-04 02:05:41 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-04 01:49:40 98816 ----a-w- c:\windows\sed.exe
2010-04-04 01:49:40 77312 ----a-w- c:\windows\MBR.exe
2010-04-04 01:49:40 261632 ----a-w- c:\windows\PEV.exe
2010-04-04 01:49:40 161792 ----a-w- c:\windows\SWREG.exe
2010-04-03 04:39:01 0 d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2010-04-03 04:38:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-03 04:38:49 0 d-----w- c:\programdata\Malwarebytes
2010-04-03 04:38:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 04:38:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 04:16:53 0 d-----w- c:\programdata\Sun
2010-03-30 18:09:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 18:09:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 04:00:05 0 d-----w- c:\program files\SopCast
2010-03-22 13:10:20 0 d-----w- c:\program files\DivX Free Codec
2010-03-22 13:01:49 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.bmp
2010-03-22 13:01:49 2738 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DirectShow Decoder.dat
2010-03-22 13:01:49 229752 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-22 13:01:46 0 d-----w- c:\program files\Illustrate
2010-03-22 12:56:11 0 d-----w- c:\program files\common files\DivX Shared
2010-03-22 12:54:51 0 d-----w- c:\programdata\DivX
2010-03-22 00:08:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-18 02:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 02:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-04-12 17:46:31 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-12 17:46:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-12 17:46:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-12 16:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-27 23:18:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-25 17:58:06 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-17 11:27:22 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-02 01:45:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib00\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib00\perfc.dat
2009-11-28 05:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-11-28 05:08:33 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-11-28 05:08:33 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:42:47.89 ===============

Share this post


Link to post
Share on other sites
Hi,

[color="#FF0000"]BitComet
LimeWire[/color]

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My [b]recommendation is to uninstall these (and other if present) P2P file sharing programs[/b].


You seem to have both [b]Antivir [/b]and [b]Norton [/b]installed there. It's not recommended to have multiple antivirus programs installed and running in the same system. Decide which one you want to keep.

Is ComboFix file still on your desktop?


[b]Uninstall old Adobe Reader versions[/b] and get the latest one ([b]9.3 + update 9.3.2[/b]) [url="http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows"]here[/url] or get Foxit Reader [url="http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm"]here[/url]. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced [url="http://pdfreaders.org/"]here[/url].


[b][color="blue"]Your Java is out of date.[/color][/b] Older versions have vulnerabilities that malware can use to infect your system. [b]Please follow these steps to remove older version Java components and update to the latest version...[/b]

[b][color="blue"]Updating Java:[/color][/b][list]
[*]Download the latest version of [b][url="http://java.sun.com/javase/downloads/index.jsp"]Java Runtime Environment (JRE) 6 Update 20[/url][/b].
[*]Click the
[b]Download[/b]
button to the right.
[*]Select Windows on platform combobox and check the box that says:
[b][i]Accept[/b] License Agreement[/i]. Click continue.

[*]The page will refresh.
[*]Click on the link to download [i]Windows Offline Installation[/i] with or without Multi-language and save to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to [b]Start[/b] > [b]Control Panel[/b] double-click on [b]Add/Remove[/b] programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the [b]Remove[/b] or [b]Change/Remove[/b] button.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on [b]jre-6u20-windows-i586-p.exe[/b] to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
[/list]


Download [color="Blue"][u][url="http://www.atribune.org/ccount/click.php?id=1"]ATF (Atribune Temp File) Cleaner© by Atribune[/url][/u][/color] to your desktop.

Double-click [color="green"]ATF Cleaner.exe[/color] to open it

Under [b]Main[/b] choose:
[color="blue"]Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache[/color]
*[i]The other boxes are optional[/i]*
Then click the [color="blue"]Empty Selected[/color] button.

[color="Green"]If you use Firefox:[/color]
Click [color="blue"]Firefox[/color] at the top and choose: [color="blue"]Select All[/color]
Click the [color="blue"]Empty Selected[/color] button.
[color="green"]NOTE:[/color] If you would like to keep your saved passwords, please click [color="blue"]NO[/color] at the prompt.

[color="green"]If you use Opera:[/color]
Click [color="blue"]Opera[/color] at the top and choose: [color="blue"]Select All[/color]
Click the [color="blue"]Empty Selected[/color] button.
[color="green"]NOTE:[/color] If you would like to keep your saved passwords, please click [color="blue"]NO[/color] at the prompt.

Click [color="green"]Exit[/color] on the [color="blue"]Main menu[/color] to close the program.


Please run an online scan with [url="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html"][b]Kaspersky Online Scanner[/b][/url] as instructed in the screenshot [url="http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif"]here[/url].


Post back its report & a fresh dds.txt log. Any remaining problems?

Share this post


Link to post
Share on other sites
Ty for your reply. I know I've said it before but I just wanted to re-state that I work weird hours, but I'll get to your instructions soon. Thank you very much!

Fergy

Share this post


Link to post
Share on other sites
Ok. Hope to hear back from you soon.

Share this post


Link to post
Share on other sites
Due to inactivity, this thread will now be closed. If you still need help I recommend to take the computer to local shop where they can fix it without long delays.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this