[Active] Microsoft download blocked Google links hijacked.

kerbdog · 6th December 2008

I have been trying to figure out what I need to remove to get updates from windows and get my browsers back. Must be a dns issue being rerouted causing bad links and popups and all sorts of fun stuff. I tried the post with combofix and did not get a log file and used atf and malwarebytes also the online trojan scanner on asquared web site. Ran avast antivirus and still have the microsoft download sites blocked. Any help would be great. Here is my rsit log file and could not get Kaspersky or BitDefender online to run either.
Logfile of random's system information tool 1.04 (written by random/random)
Run by Admin at 2008-12-06 13:47:35
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 24 GB (34%) free of 71 GB
Total RAM: 1013 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:20 PM, on 12/6/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Admin\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\Explorer.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Users\Admin\Downloads\Admin.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{231242A9-A7BF-464E-933B-3C11C6E808F3}: NameServer = 85.255.112.104;85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD90436F-AC24-4287-8CB9-B912CDAB002E}: NameServer = 85.255.112.104;85.255.112.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8DD38FF-D46E-4F96-9CA4-0124C0584990}: NameServer = 85.255.112.104;85.255.112.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{231242A9-A7BF-464E-933B-3C11C6E808F3}: NameServer = 85.255.112.104;85.255.112.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdbqi.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11248 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
AddTask Class - C:\Program Files\real\IEeREAD.dll [2007-06-28 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
AddTask Class - C:\Program Files\real\WebHook.dll [2008-02-01 57224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-01-02 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-14 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-27 618496]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-28 4317184]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2008-10-08 2145792]
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe [2005-01-19 128000]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\Empowering Technology\eAPLauncher.exe [2006-11-21 528384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enab led:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{60f65fc5-1980-11dd-8682-0016d4610af5}]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{8ff16ec2-69d1-11dd-9d6d-000d180122b4}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Info.exe protect.ed 480 480

======File associations======

.inf - open -
.inf - install -
.ini - open -
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - open - notepad.exe %1

======List of files/folders created in the last 3 months======

2008-12-06 03:31:16 ----D---- C:\Windows\BDOSCAN8
2008-12-06 02:37:50 ----D---- C:\32788R22FWJFW
2008-12-06 00:34:42 ----A---- C:\Windows\WORDPAD.INI
2008-12-06 00:34:03 ----D---- C:\rsit
2008-12-05 23:56:16 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2008-12-05 23:55:58 ----D---- C:\ProgramData\Malwarebytes
2008-12-05 23:55:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 23:02:36 ----D---- C:\Windows\Sun
2008-12-05 22:46:33 ----A---- C:\Windows\system32\javaws.exe
2008-12-05 22:46:33 ----A---- C:\Windows\system32\javaw.exe
2008-12-05 22:46:33 ----A---- C:\Windows\system32\java.exe
2008-12-05 12:33:22 ----D---- C:\Users\Admin\AppData\Roaming\TuneUp Software
2008-12-05 12:32:58 ----A---- C:\Windows\system32\authuitu.dll
2008-12-05 12:32:37 ----A---- C:\Windows\system32\uxtuneup.dll
2008-12-05 12:32:03 ----D---- C:\ProgramData\TuneUp Software
2008-12-05 12:31:36 ----D---- C:\Program Files\TuneUp Utilities 2007
2008-12-05 12:28:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-29 20:58:55 ----RSHD---- C:\resycled
2008-11-29 17:58:22 ----D---- C:\Program Files\AnvSoft Photo Flash Maker Professional
2008-11-28 21:07:42 ----D---- C:\Program Files\AL-Software
2008-11-28 20:51:31 ----D---- C:\Program Files\Blaze Media Pro
2008-11-28 20:48:58 ----D---- C:\ProgramData\{1A5B87F2-2D79-46CF-B9B6-209E9C84F7A4}
2008-11-26 16:58:40 ----A---- C:\Windows\system32\deploytk.dll
2008-11-25 23:08:54 ----D---- C:\Users\Admin\AppData\Roaming\MxBoost
2008-11-25 23:07:00 ----D---- C:\Users\Admin\AppData\Roaming\Maxthon2
2008-11-24 20:43:00 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-24 20:36:27 ----D---- C:\ProgramData\NOS
2008-11-24 20:36:27 ----D---- C:\Program Files\NOS
2008-11-22 18:28:18 ----D---- C:\Program Files\DivX
2008-11-19 17:41:43 ----D---- C:\ProgramData\AOL Downloads
2008-11-10 17:25:03 ----D---- C:\Program Files\ffdshow
2008-11-10 17:24:30 ----D---- C:\Program Files\TVersity Codec Pack
2008-11-10 17:23:04 ----D---- C:\Program Files\TVersity
2008-11-09 14:15:41 ----D---- C:\Users\Admin\AppData\Roaming\PCF-VLC
2008-11-09 14:11:58 ----D---- C:\Users\Admin\AppData\Roaming\Participatory Culture Foundation
2008-11-08 21:37:24 ----D---- C:\Program Files\Participatory Culture Foundation
2008-11-08 21:37:15 ----D---- C:\OpenCandy
2008-11-08 21:29:21 ----SHD---- C:\imx
2008-11-08 21:28:17 ----D---- C:\Program Files\mytvpal-revolution-player
2008-11-02 22:49:53 ----D---- C:\ProgramData\TVU Networks
2008-11-02 21:35:26 ----D---- C:\Windows\WinRAR
2008-11-02 11:44:22 ----D---- C:\Program Files\Super Internet TV
2008-11-02 11:43:50 ----A---- C:\Windows\Super Internet TV v7.3 Setup.exe
2008-11-02 11:13:07 ----D---- C:\Program Files\TVUPlayer
2008-10-31 13:52:14 ----D---- C:\Users\Admin\AppData\Roaming\VMware
2008-10-31 00:19:34 ----D---- C:\Program Files\Lala.com
2008-10-31 00:19:15 ----D---- C:\Users\Admin\AppData\Roaming\Lala Music Mover
2008-10-30 22:58:31 ----D---- C:\ProgramData\VMware
2008-10-28 19:21:00 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 19:21:00 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 19:20:56 ----A---- C:\Windows\system32\win32spl.dll
2008-10-27 22:28:26 ----D---- C:\Program Files\Windows Mobile Feb. 2008 DST Updates
2008-10-23 16:57:48 ----A---- C:\Windows\system32\netapi32.dll
2008-10-22 19:11:30 ----A---- C:\Lokiwiz.bat
2008-10-22 00:05:56 ----D---- C:\Utils
2008-10-21 20:26:46 ----D---- C:\Program Files\Wizard Service Tool
2008-10-17 15:28:26 ----A---- C:\Windows\system32\cddbmusicid.dll
2008-10-17 15:28:26 ----A---- C:\Windows\system32\cddblink.dll
2008-10-17 15:28:26 ----A---- C:\Windows\system32\cddbcontrol.dll
2008-10-14 23:04:50 ----D---- C:\Users\Admin\AppData\Roaming\Google
2008-10-14 23:02:07 ----D---- C:\ProgramData\Google Updater
2008-10-14 23:02:02 ----D---- C:\Program Files\Google
2008-10-14 18:33:07 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 18:33:06 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 18:32:56 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 18:32:55 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 18:32:53 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 18:32:52 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 18:32:51 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 18:32:49 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 18:32:46 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-08 00:41:51 ----D---- C:\Program Files\uTorrent
2008-10-08 00:41:32 ----D---- C:\Users\Admin\AppData\Roaming\uTorrent
2008-10-05 18:09:38 ----A---- C:\Windows\system32\SHORTCUT.INI
2008-10-05 18:09:26 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2008-10-05 15:25:59 ----D---- C:\Program Files\Avanquest update
2008-10-05 15:18:40 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-10-05 15:18:04 ----D---- C:\ProgramData\BVRP Software
2008-10-05 15:18:04 ----D---- C:\Program Files\Motorola Phone Tools
2008-09-28 21:03:48 ----D---- C:\Program Files\NormSoft, Inc
2008-09-25 18:27:46 ----D---- C:\Program Files\Apache Software Foundation
2008-09-25 16:48:57 ----D---- C:\Users\Admin\AppData\Roaming\Ace
2008-09-25 16:39:13 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-09-25 16:39:11 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-09-25 16:35:38 ----D---- C:\Program Files\THQ
2008-09-25 16:35:11 ----D---- C:\Users\Admin\AppData\Roaming\InstallShield
2008-09-19 16:55:58 ----A---- C:\Windows\system32\ssldivx.dll
2008-09-19 16:55:58 ----A---- C:\Windows\system32\libdivx.dll
2008-09-09 15:14:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-09-09 15:14:30 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-09-09 15:14:24 ----A---- C:\Windows\system32\wmpeffects.dll
2008-09-09 15:14:14 ----A---- C:\Windows\system32\emdmgmt.dll
2008-09-09 15:14:13 ----A---- C:\Windows\system32\dataclen.dll
2008-09-09 15:14:13 ----A---- C:\Windows\system32\cdd.dll

======List of files/folders modified in the last 3 months======

2008-12-06 13:47:34 ----D---- C:\Windows\Temp
2008-12-06 13:28:07 ----D---- C:\Windows\system32\drivers
2008-12-06 13:25:47 ----D---- C:\Windows\Prefetch
2008-12-06 13:12:36 ----D---- C:\Windows\System32
2008-12-06 13:12:36 ----D---- C:\Windows\inf
2008-12-06 13:12:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-06 12:52:42 ----D---- C:\Users\Admin\AppData\Roaming\Vista Start Menu
2008-12-06 05:24:36 ----A---- C:\Windows\system32\bscs.ini
2008-12-06 04:49:11 ----D---- C:\Windows
2008-12-06 03:57:27 ----RD---- C:\Program Files
2008-12-06 03:57:26 ----D---- C:\Program Files\MyWebSearch
2008-12-06 03:34:07 ----SD---- C:\Windows\Downloaded Program Files
2008-12-06 02:56:34 ----D---- C:\Program Files\Mozilla Firefox
2008-12-05 23:55:58 ----HD---- C:\ProgramData
2008-12-05 22:46:47 ----SHD---- C:\Windows\Installer
2008-12-05 22:46:03 ----D---- C:\Program Files\Java
2008-12-05 22:41:20 ----SHD---- C:\System Volume Information
2008-12-05 12:34:29 ----D---- C:\Windows\Tasks
2008-12-05 12:28:02 ----D---- C:\Program Files\Common Files
2008-12-04 12:06:10 ----D---- C:\Windows\Minidump
2008-11-29 20:43:35 ----D---- C:\Program Files\Vista Start Menu
2008-11-28 22:10:52 ----D---- C:\Windows\system32\WDI
2008-11-28 22:08:15 ----D---- C:\Windows\system32\Macromed
2008-11-26 21:57:49 ----RSD---- C:\Windows\assembly
2008-11-24 21:51:43 ----D---- C:\Program Files\WinRAR
2008-11-24 21:02:00 ----D---- C:\Windows\system32\spool
2008-11-24 21:00:42 ----D---- C:\ProgramData\CanonIJPLM
2008-11-24 20:43:22 ----D---- C:\Program Files\Adobe
2008-11-24 20:42:28 ----D---- C:\ProgramData\Adobe
2008-11-24 20:41:31 ----D---- C:\Program Files\Common Files\Adobe
2008-11-22 09:59:58 ----D---- C:\Windows\WindowsMobile
2008-11-21 14:12:01 ----D---- C:\Program Files\AIM6
2008-11-19 17:44:00 ----D---- C:\ProgramData\Viewpoint
2008-11-18 19:04:15 ----D---- C:\Liz
2008-11-18 12:41:38 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-10 17:00:13 ----D---- C:\Windows\system32\catroot2
2008-11-04 23:44:57 ----D---- C:\Windows\system32\catroot
2008-11-04 17:08:09 ----D---- C:\Program Files\Ashampoo
2008-11-04 16:24:59 ----AD---- C:\ProgramData\TEMP
2008-11-02 19:57:26 ----D---- C:\Windows\servicing
2008-11-02 19:50:36 ----D---- C:\Windows\ehome
2008-11-02 18:07:51 ----D---- C:\Program Files\Windows Mail
2008-11-02 17:29:07 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2008-11-01 17:34:26 ----D---- C:\Users\Admin\AppData\Roaming\Canon
2008-10-31 10:51:49 ----D---- C:\Windows\winsxs
2008-10-31 10:51:36 ----D---- C:\Program Files\Paint.NET
2008-10-31 00:20:17 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2008-10-22 15:03:49 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-15 02:16:12 ----D---- C:\Windows\system32\migration
2008-10-15 02:08:30 ----A---- C:\Windows\win.ini
2008-10-11 12:02:32 ----D---- C:\Users\Admin\AppData\Roaming\MP3Rocket
2008-10-07 14:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-05 18:09:19 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2008-10-05 17:41:37 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-05 15:22:27 ----D---- C:\Program Files\Common Files\microsoft shared
2008-10-02 23:09:40 ----D---- C:\Windows\LiveKernelReports
2008-09-22 18:23:22 ----D---- C:\Program Files\Internet Explorer
2008-09-10 02:17:03 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-18 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-18 51792]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2007-01-02 76584]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-03-27 97600]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-15 11984]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-17 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-17 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2008-07-02 29960]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-17 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 int15.sys;int15.sys; \??\C:\Acer\Upgrade Kit\int15.sys [2006-12-14 69632]
S3 a3xbape4;a3xbape4; C:\Windows\system32\drivers\a3xbape4.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2008-07-02 38920]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 16896]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\Windows\system32\drivers\Ndisprot.sys [2008-11-29 29184]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS [2006-06-08 6909]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2008-01-21 14856]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\Windows\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service; C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2008-09-08 749400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-18 770048]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-01-02 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2008-09-02 28762]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2007-12-30 724992]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 69735]
S2 Windows Tribute Service;Windows Tribute Service; C:\Windows\system32\kdbqi.exe -srv []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe []
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

noahdfear · 7th December 2008

Welcome to WindowsBBS kerbdog

Please open MBAM and select the Logs tab, then select a log and click View log. Post it's contents here. Repeat for any other recent logs.

How do you connect to the internet? Is a router in use?

kerbdog · 7th December 2008

Heres the mbam log file. I am connected through cable with a router.

Malwarebytes' Anti-Malware 1.31
Database version: 1466
Windows 6.0.6001 Service Pack 1

12/6/2008 2:27:19 AM
mbam-log-2008-12-06 (02-27-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 166634
Time elapsed: 1 hour(s), 42 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

noahdfear · 7th December 2008

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Physically disconnect your computer from the router.
Press and hold the reset button on the back of the router for approximately 10 seconds, using a small object such as a pencil lead if required.
Reboot to safe mode by tapping the F8 key upon restart, then selecting Safe Mode from the Advanced Start menu.
Logon to your user account in safe mode.

Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Once ComboFix has completed, reconnect to the router and post the ComboFix log here in a reply to this topic.

kerbdog · 7th December 2008

I'm still having the sam thing happen with combofix. I run it I get a little box with a bar fill then finishes and disappears. Doesn't seem to be running. I reset the router. Not sure if the program just runs in the background and I couldn;t see it.

noahdfear · 7th December 2008

Please rename ComboFix to something else, such as FomboCix.exe then try running it again. You may run it in normal mode, just be sure to disable any realtime protections such as your antivirus, or an antispyware app with realtime protection.

kerbdog · 7th December 2008

ok renamed it and still same thing. Runs until bar finishes. It disappears and nothing.

noahdfear · 7th December 2008

Please download a fresh copy and this time rename it prior to saving it. Something completely different, such as kittycat.exe

kerbdog · 8th December 2008

same result.

noahdfear · 8th December 2008

Please disable all of avast's protections. The following link has instructions.

http://www.netfaqs.com/Windows/AntiV...mail/index.asp

kerbdog · 8th December 2008

Still the same. I took a screen shot to show that the avast is stopped and I had also stopped windows defender. I may have missed something else but I don't think so.

http://www.walala.us/untitled.jpg

noahdfear · 8th December 2008

Please right click ComboFix and select Run as Administrator (try each of the CF files if necessary)

kerbdog · 8th December 2008

I saw there was something else running for avast in task manager in services and stopped it and still have no luck with combofix. Tried all of the ones I have and under admin. No clue what i'm doing wrong. I think of myself as a pretty computer savvy guy but this is just beyond me.

noahdfear · 8th December 2008

Please navigate to C:\Windows and look for a file named ntbtlog.txt
If present, delete it.
Restart the computer and begin tapping F8 upon startup to enable the Advanced Start Menu.
Select Enable Boot Logging
The computer will continue to boot normally.
Logon and open the C:\Windows\ntntlog.txt file and post it's contents here.

kerbdog · 8th December 2008

It said it was too big .

http://www.walala.us/ntbtlog.txt