Solved DDS.txt (log1)

Sandis · 2010/10/08

[Resolved] DDS.txt (log1)

DDS (Ver_10-10-05.01) - NTFSx86
Run by Sebastian at 20:58:12,58 on pe 08.10.2010
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.358.1033.18.2525.1022 [GMT 3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\SEBAST~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files\windows defender\MpCmdRun.exe
D:\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wermgr.exe
C:\Users\Sebastian\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=14542
uSearch Bar =
uSearch Page =
mDefault_Page_URL = hxxp://fi.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - MyWebSearch Search Assistant BHO
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - mwsBar BHO
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live inloggningshjÃ¤lpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: TBSB07286: {c23d0d6a-8cba-4b33-9735-47d81f5b2b85} - TBSB07286 Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} -
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: {10000000-1000-1000-1000-100000000000} - No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Google Update] "c:\users\sebastian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe "
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\frostw~1.lnk - d:\frostwire\FrostWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm433YHFI
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sebast~1\appdata\roaming\mozilla\firefox\profiles\f42161rq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Turvalliset hakutoiminnot
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\sebastian\appdata\roaming\mozilla\firefox\profiles\f42161rq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\users\sebastian\appdata\roaming\mozilla\firefox\profiles\f42161rq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\sebastian\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{1bce9228-a236-5601-a33e-9a8361a6ce34}
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.visited_color ", "#551A8B ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.videoFeeds.handler ", "ask ");

============= SERVICES / DRIVERS ===============

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2010-10-08 04:05:36 -------- d-----w- c:\users\sebastian\FrostWire
2010-10-08 03:41:19 -------- d-----w- c:\users\sebast~1\appdata\roaming\Registry Mechanic
2010-10-08 03:18:41 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-10-08 03:18:41 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-10-08 03:18:41 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-10-08 03:18:41 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-10-08 03:18:40 506368 ----a-w- c:\windows\system32\msxml.dll
2010-10-08 03:18:03 -------- d-----w- c:\program files\common files\PC Tools
2010-10-08 03:08:03 65536 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.blf
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.2.regtrans-ms
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.1.regtrans-ms
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.0.regtrans-ms
2010-09-30 19:46:12 -------- d-----w- c:\program files\Zynga
2010-09-29 14:49:27 -------- d-----w- c:\program files\Babylon
2010-09-28 19:05:57 -------- d-----w- c:\users\sebast~1\appdata\local\PMB Files
2010-09-28 19:05:52 -------- d-----w- c:\progra~2\PMB Files
2010-09-28 19:05:31 -------- d-----w- c:\program files\Pando Networks
2010-09-28 18:30:58 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-09-28 17:26:44 -------- d-----w- c:\users\sebast~1\appdata\roaming\Sakura
2010-09-28 17:21:05 -------- d-----w- c:\users\sebast~1\appdata\roaming\Juce VST Host
2010-09-27 18:00:29 -------- d-----w- c:\program files\common files\TI Shared
2010-09-27 18:00:26 -------- d-----w- c:\program files\TI Education
2010-09-27 15:57:23 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-23 16:39:58 65536 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TM.blf
2010-09-23 16:39:58 524288 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TMContainer00000000000000000002.regtrans-ms
2010-09-23 16:39:58 524288 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TMContainer00000000000000000001.regtrans-ms
2010-09-22 17:23:50 49152 ----a-w- c:\windows\system32\PWAD.ocx
2010-09-22 17:23:50 45056 ----a-w- c:\windows\system32\CF.ocx
2010-09-22 17:23:50 40960 ----a-w- c:\windows\system32\hyperlink.ocx
2010-09-22 17:23:50 40960 ----a-w- c:\windows\system32\allenocx.ocx
2010-09-22 17:23:50 24576 ----a-w- c:\windows\system32\runocx.ocx
2010-09-22 17:23:50 24576 ----a-w- c:\windows\system32\dirdlg2.ocx
2010-09-22 17:23:50 237659 ----a-w- c:\windows\system32\EZTW32.DLL
2010-09-22 17:23:47 -------- d-----w- c:\program files\NoteBook
2010-09-18 20:00:16 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-18 19:50:27 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-09-17 14:58:54 -------- d-----w- c:\users\sebast~1\appdata\local\ESET
2010-09-17 14:56:14 -------- d-----w- c:\program files\ESET
2010-09-16 18:00:42 -------- d-----w- c:\program files\EA GAMES
2010-09-15 18:31:57 -------- d-----w- c:\users\sebast~1\appdata\roaming\Mount&Blade
2010-09-14 13:31:20 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys
2010-09-14 13:29:48 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys
2010-09-12 15:44:37 -------- d-----w- c:\progra~2\Alwil Software
2010-09-10 14:45:44 -------- d-----w- c:\users\sebast~1\appdata\roaming\SnapTeam
2010-09-10 14:45:28 -------- d-----w- c:\program files\Snap

==================== Find3M ====================

2010-08-29 18:34:34 240128 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-29 18:34:33 615424 ----a-w- c:\windows\system32\themeui.dll
2010-08-10 02:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 02:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 15:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 15:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 02:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 21:04:55,69 ===============

Admin. · 2010/10/08

Yes, as I suspected you're infected.

Don't forget to post your Attach.txt log too.

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

Sandis · 2010/10/10

The attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22.3.2009 7:57:55
System Uptime: 10.8.2010 9:04:04 (1428 hours ago)

Motherboard: Acer | | TravelMate 5530
Processor: AMD Athlon(tm) X2 Dual-Core QL-60 | Socket S1G2 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 59,424 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 85,884 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================

==== Installed Programs ======================

2007 Microsoft Office system
Acer Crystal Eye Webcam 2.0.8
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Reader 8.2.4
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMD USB Audio Driver Filter
AnalogX AutoTune
Any Video Converter 2.7.7
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Catalyst Install Manager
Battlefield 2(TM)
BitLord 1.1
BlueVoda Website Builder 10.2m
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 5.6
Cheat Engine 5.6.1
Contextual Tracker Dymanet
Dance eJay 7
ESET NOD32 Antivirus
eSobi v2
EVEREST Home Edition v2.20
Evrsoft First Page 2006
Express Burn
Fable - The Lost Chapters
FFILoveThisAdPlatform
FL Studio 9
FrostWire 4.20.7
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.71
Guild Wars
Hardcore
HDAUDIO Soft Data Fax Modem with SmartCP
Hernline
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
ijji REACTOR
IL-2 Sturmovik
IL Download Manager
ILoveThisAdPlatform
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Launch Manager
League of Legends
LightScribe 1.4.142.1
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft XML Parser
MobileMe Control Panel
Mount & Blade
Mozilla Firefox (3.0.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
My Web Search (IWON)
NCH Toolbox
Norton Security Scan
NoteBook 5.3.6
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver (x86)
O2Micro Flash Memory Card Reader Driver Installer(x86)
OGA Notifier 2.0.0048.0
Ohjelman Microsoft Office Excel 2007 Help pÃ¤ivitys (KB963678)
Ohjelman Microsoft Office Powerpoint 2007 Help pÃ¤ivitys (KB963669)
Ohjelman Microsoft Office Word 2007 Help pÃ¤ivitys (KB963665)
OpenOffice.org 3.0
Pando Media Booster
PDF Settings
PerformanceAdSystem
PlayMP3z
PoiZone
QuickTime
RC DareDevil
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Registry Mechanic 10.0
Safari
Sakura
Sawer
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype™ 4.0
Sony Picture Utility
Sony USB Driver
Steam
Streamingstar Converter
Synaptics Pointing Device Driver
Team Fortress 2
TI Connect 1.6
ToggleSW Toolbar
Toxic Biohazard
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
WarBirds
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
VistaGlazz 2.1
VLC media player 1.0.1
Xfire (remove only)
Zynga Toolbar

==== End Of File ===========================

broni · 2010/10/10

Uninstall My Web Search (IWON) and Zynga Toolbar, known adwares.

Uninstall Uniblue RegistryBooster and Registry Mechanic 10.0.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

===============================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Sandis · 2010/10/10

Frost wire is now uninstalled, anything i can do while i wait for the malware expert to check my log?

broni · 2010/10/10

Please, read my previous reply.

Sandis · 2010/10/10

Sorry you were fast, the "My websearch IWON" says: ERROR loading C:\MYWEBS~1\bar\3.bin\mwsbar.dll The specified module could not be found

broni · 2010/10/10

That's fine. We'll remove leftovers later.
Proceed with others.

Sandis · 2010/10/10

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4791

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

10.10.2010 21:28:27
mbam-log-2010-10-10 (21-28-27).txt

Scan type: Quick scan
Objects scanned: 144630
Time elapsed: 39 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 171
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 28
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d5ae610-803a-e578-8b93-ee9ce23be350} (Adware.Dymanet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d41f3a83-68f0-3198-78ba-4ace22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d41f3a83-68f0-3198-78ba-4ace22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2625d30-7dc3-137f-be78-0f8f4225f6b8 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ILoveThisAdPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ILoveThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PerformanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ILoveThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PerformanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\373096118 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Sebastian\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\f3install (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\sysmon\flvdirect (Adware.Dropper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\e2625d30-7dc3-137f-be78-0f8f4225f6b8.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Sebastian\AppData\Local\Temp\NS42A7.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\ecobar.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbcore3.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbcore3.inf (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\update.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.inf (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\jkot25826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\muvxt5317.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\ujkbk64122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\bqbsu7082.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\dmnrw36047.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\itrg8235.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\lnol20734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\flvdirect\flvsetup.exe (Adware.Dropper) -> Quarantined and deleted successfully.

Sandis · 2010/10/10

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 169):
0x82A4E000 \SystemRoot\system32\ntkrnlpa.exe
0x82A1B000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\System32\Drivers\sppw.sys
0x806FE000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80707000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8072D000 \SystemRoot\system32\drivers\acpi.sys
0x80773000 \SystemRoot\system32\drivers\msisadrv.sys
0x8077B000 \SystemRoot\system32\drivers\pci.sys
0x807A2000 \SystemRoot\System32\drivers\partmgr.sys
0x807B1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807B4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807BE000 \SystemRoot\system32\drivers\volmgr.sys
0x83405000 \SystemRoot\System32\drivers\volmgrx.sys
0x8344F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8347C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8348C000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83494000 \SystemRoot\system32\drivers\atapi.sys
0x8349C000 \SystemRoot\system32\drivers\ataport.SYS
0x834BA000 \SystemRoot\system32\drivers\msahci.sys
0x834C4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x834D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x83504000 \SystemRoot\system32\drivers\fileinfo.sys
0x83514000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8351D000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x83526000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83608000 \SystemRoot\system32\drivers\ndis.sys
0x83713000 \SystemRoot\system32\drivers\msrpc.sys
0x8373E000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B1D000 \SystemRoot\system32\drivers\volsnap.sys
0x89B56000 \SystemRoot\System32\Drivers\spldr.sys
0x89B5E000 \SystemRoot\System32\Drivers\mup.sys
0x89B6D000 \SystemRoot\System32\drivers\ecache.sys
0x89B94000 \SystemRoot\system32\drivers\disk.sys
0x89BA5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BC6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x83778000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x837B9000 \SystemRoot\system32\DRIVERS\storport.sys
0x89BEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x835D8000 \SystemRoot\system32\DRIVERS\processr.sys
0x835E7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E00B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E4DA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E579000 \SystemRoot\System32\drivers\watchdog.sys
0x8E586000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E598000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x8EAEF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EB07000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EB0F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB1C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB5A000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8EB63000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB65000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EB74000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EB8B000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8EB95000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EBA0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EBCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EBDA000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8EBE4000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F007000 \SystemRoot\System32\Drivers\aerooo7x.SYS
0x8F03F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F06D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F078000

broni · 2010/10/10

Gmer?

broni · 2010/10/10

BTW...

MBRCheck log is incomplete.
Please, repost.

Sandis · 2010/10/10

Gmer opens but it crashes the pc, when i choose the other tab the whole screen goes striped and i need to reboot.

broni · 2010/10/10

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Click to expand...

If still a problem, skip GMER for now.

I still need complete MBRCheck log.

Sandis · 2010/10/10

I ran MBR again heres the log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 168):
0x82A34000 \SystemRoot\system32\ntkrnlpa.exe
0x82A01000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060E000 \SystemRoot\System32\Drivers\spap.sys
0x80707000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80710000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80736000 \SystemRoot\system32\drivers\acpi.sys
0x8077C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80784000 \SystemRoot\system32\drivers\pci.sys
0x807AB000 \SystemRoot\System32\drivers\partmgr.sys
0x807BA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807BD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807C7000 \SystemRoot\system32\drivers\volmgr.sys
0x83402000 \SystemRoot\System32\drivers\volmgrx.sys
0x8344C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x83479000 \SystemRoot\System32\drivers\mountmgr.sys
0x83489000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83491000 \SystemRoot\system32\drivers\atapi.sys
0x83499000 \SystemRoot\system32\drivers\ataport.SYS
0x834B7000 \SystemRoot\system32\drivers\msahci.sys
0x834C1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x834CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x83501000 \SystemRoot\system32\drivers\fileinfo.sys
0x83511000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8351A000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x83523000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83606000 \SystemRoot\system32\drivers\ndis.sys
0x83711000 \SystemRoot\system32\drivers\msrpc.sys
0x8373C000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B17000 \SystemRoot\system32\drivers\volsnap.sys
0x89B50000 \SystemRoot\System32\Drivers\spldr.sys
0x89B58000 \SystemRoot\System32\Drivers\mup.sys
0x89B67000 \SystemRoot\System32\drivers\ecache.sys
0x89B8E000 \SystemRoot\system32\drivers\disk.sys
0x89B9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BC0000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BC8000 \SystemRoot\system32\drivers\crcdisk.sys
0x83776000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x837B7000 \SystemRoot\system32\DRIVERS\storport.sys
0x89BE8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89BF3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x835D5000 \SystemRoot\system32\DRIVERS\processr.sys
0x835E4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F007000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F4D6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F575000 \SystemRoot\System32\drivers\watchdog.sys
0x8F582000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F594000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8E000000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E0E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E0FC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E104000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E107000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E111000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E14F000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8E158000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E15A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E169000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E16D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E180000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E18A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E195000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E1C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E1CF000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8E1D9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F80B000 \SystemRoot\System32\Drivers\akm6rmjy.SYS
0x8F843000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F871000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F87C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F893000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F89E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F8C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F8D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F8E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F8F9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F909000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F90B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F935000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F93F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F94C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F980000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F991000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F9D0000 \SystemRoot\system32\drivers\portcls.sys
0x8F5CB000 \SystemRoot\system32\drivers\drmk.sys
0x9000D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90217000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90254000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90403000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x904B7000 \SystemRoot\system32\drivers\modem.sys
0x904C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x904CD000 \SystemRoot\System32\Drivers\Null.SYS
0x904D4000 \SystemRoot\System32\Drivers\Beep.SYS
0x904DB000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x90503000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9050A000 \SystemRoot\System32\drivers\vga.sys
0x90516000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90537000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9054E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90556000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9055F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9056F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90577000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9057F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90588000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90593000 \SystemRoot\System32\Drivers\Npfs.SYS
0x905A1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90C04000 \SystemRoot\System32\drivers\tcpip.sys
0x90CED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90D08000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90D29000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90D3F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90D53000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90D85000 \SystemRoot\system32\drivers\afd.sys
0x90DCD000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90DD6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90DEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905BD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90357000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90361000 \SystemRoot\System32\Drivers\dfsc.sys
0x90378000 \SystemRoot\System32\Drivers\fastfat.SYS
0x903A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x903AD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x903B7000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x98600000 \SystemRoot\System32\win32k.sys
0x90000000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E1E5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98820000 \SystemRoot\System32\TSDDD.dll
0x98840000 \SystemRoot\System32\cdd.dll
0x98850000 \SystemRoot\System32\ATMFD.DLL
0x83594000 \SystemRoot\system32\drivers\luafv.sys
0x99000000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x990A6000 \SystemRoot\system32\drivers\spsys.sys
0x99155000 \SystemRoot\system32\DRIVERS\irda.sys
0x99173000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99183000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x991AD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x991B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B202000 \SystemRoot\system32\drivers\HTTP.sys
0x9B26D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B28A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B2A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B2B8000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B2D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B2F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B330000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B348000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B36F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B3D3000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x9B3EC000 \??\C:\Windows\system32\drivers\int15.sys
0x9B3F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E20B000 \SystemRoot\system32\drivers\peauth.sys
0x9E2E9000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9E2F2000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9E304000 \SystemRoot\system32\drivers\regi.sys
0x9E306000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E310000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E31C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E324000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76E10000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 93):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
592 csrss.exe
664 C:\Windows\System32\wininit.exe
672 csrss.exe
708 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\Ati2evxx.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\Ati2evxx.exe
1568 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
356 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
428 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
444 C:\Program Files\Bonjour\mDNSResponder.exe
464 C:\Windows\System32\svchost.exe
532 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
564 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
596 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1472 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1976 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
560 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2076 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
2088 C:\Acer\Mobility Center\MobilityService.exe
2144 C:\Windows\System32\rundll32.exe
2200 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2236 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2264 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2312 C:\Windows\System32\svchost.exe
2344 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2380 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2404 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2420 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\svchost.exe
2540 C:\Windows\System32\SearchIndexer.exe
2584 C:\Windows\System32\drivers\XAudio.exe
2960 unsecapp.exe
2988 WmiPrvSE.exe
3640 C:\Windows\System32\taskeng.exe
1176 C:\Windows\servicing\TrustedInstaller.exe
1400 C:\Windows\System32\taskeng.exe
2208 C:\Windows\System32\dwm.exe
2888 C:\Windows\explorer.exe
3044 C:\Program Files\Windows Defender\MSASCui.exe
2488 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
1496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3320 C:\Windows\RtHDVCpl.exe
3164 C:\Windows\PLFSetI.exe
252 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3620 C:\Windows\System32\wuauclt.exe
2600 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2656 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3772 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
1000 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1924 C:\Windows\System32\wpcumi.exe
3876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4012 C:\Program Files\Windows Media Player\wmpnscfg.exe
908 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
584 C:\Program Files\Windows Media Player\wmpnetwk.exe
2732 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4068 C:\Windows\ehome\ehtray.exe
2700 C:\Program Files\DAEMON Tools Pro\DTAgent.exe
264 C:\Users\Sebastian\AppData\Local\Temp\RtkBtMnt.exe
1396 C:\Windows\ehome\ehmsas.exe
4172 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4372 C:\Windows\System32\wbem\unsecapp.exe
4484 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5776 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6044 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
4108 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6116 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
324 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5308 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
1880 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
4924 C:\Users\Sebastian\Downloads\7fsh7wg7.exe
4560 C:\Users\Sebastian\Downloads\MBRCheck.exe
3624 C:\Windows\System32\conime.exe
1896 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
3520 <unknown>
3156 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`7bf00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Sandis · 2010/10/10

Gmer does run but crashes the pc

broni · 2010/10/10

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Sandis · 2010/10/11

Now that the CD has been burned but should i have done some settings already since it didn't ask me for anything else than to start the burn? And is this a safe disc with the computer reboot imformation and does this delete all my personal files when i do reboot?

Sandis · 2010/10/11

Sorry for 2 unessecary replies, i successfully rebooted the PC nad learned alot, thx! Log in reply;

Sandis · 2010/10/11

"Sandis said: ↑

Sorry for 2 unessecary replies, i successfully rebooted the PC nad learned alot, thx! Log in reply;
Click to expand...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 168):
0x82A35000 \SystemRoot\system32\ntkrnlpa.exe
0x82A02000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\System32\Drivers\spwn.sys
0x80700000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80709000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8072F000 \SystemRoot\system32\drivers\acpi.sys
0x80775000 \SystemRoot\system32\drivers\msisadrv.sys
0x8077D000 \SystemRoot\system32\drivers\pci.sys
0x807A4000 \SystemRoot\System32\drivers\partmgr.sys
0x807B3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807B6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807C0000 \SystemRoot\system32\drivers\volmgr.sys
0x83401000 \SystemRoot\System32\drivers\volmgrx.sys
0x8344B000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x83478000 \SystemRoot\System32\drivers\mountmgr.sys
0x83488000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83490000 \SystemRoot\system32\drivers\atapi.sys
0x83498000 \SystemRoot\system32\drivers\ataport.SYS
0x834B6000 \SystemRoot\system32\drivers\msahci.sys
0x834C0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x834CE000 \SystemRoot\system32\drivers\fltmgr.sys
0x83500000 \SystemRoot\system32\drivers\fileinfo.sys
0x83510000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x83519000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x83522000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83605000 \SystemRoot\system32\drivers\ndis.sys
0x83710000 \SystemRoot\system32\drivers\msrpc.sys
0x8373B000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B16000 \SystemRoot\system32\drivers\volsnap.sys
0x89B4F000 \SystemRoot\System32\Drivers\spldr.sys
0x89B57000 \SystemRoot\System32\Drivers\mup.sys
0x89B66000 \SystemRoot\System32\drivers\ecache.sys
0x89B8D000 \SystemRoot\system32\drivers\disk.sys
0x89B9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BBF000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x83775000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x837B6000 \SystemRoot\system32\DRIVERS\storport.sys
0x89BE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89BF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x835D4000 \SystemRoot\system32\DRIVERS\processr.sys
0x837F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8D804000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8DCD3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DD72000 \SystemRoot\System32\drivers\watchdog.sys
0x8DD7F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8DD91000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8DE09000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DEED000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DF05000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8DF0D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DF10000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8DF1A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DF58000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8DF61000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DF63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DF72000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DF76000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DF89000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8DF93000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DF9E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DFCD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DFD8000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8DFE2000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8DDC8000 \SystemRoot\System32\Drivers\afr0maw4.SYS
0x807CF000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DFEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x835E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x805CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805D7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E409000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E418000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E42C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E441000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E451000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E453000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E47D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E487000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E494000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E4C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E4D9000 \SystemRoot\system32\drivers\HdAudio.sys
0x8E518000 \SystemRoot\system32\drivers\portcls.sys
0x8E545000 \SystemRoot\system32\drivers\drmk.sys
0x8E606000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E810000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8E84D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8EA04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EAB8000 \SystemRoot\system32\drivers\modem.sys
0x8EAC5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EACE000 \SystemRoot\System32\Drivers\Null.SYS
0x8EAD5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EADC000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x8EB04000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EB0B000 \SystemRoot\System32\drivers\vga.sys
0x8EB17000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EB38000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EB4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8EB58000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EB68000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EB71000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EB79000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EB81000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EB89000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EB94000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EBA2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F000000 \SystemRoot\System32\drivers\tcpip.sys
0x8F0E9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F104000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F11A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F12E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F160000 \SystemRoot\system32\drivers\afd.sys
0x8F1A8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F1B1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F1C7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1D5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBAB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F1E8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EBE7000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E950000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8E971000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F1F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E999000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8E9A3000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x96EB0000 \SystemRoot\System32\win32k.sys
0x8E9E4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E9EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x970D0000 \SystemRoot\System32\TSDDD.dll
0x970F0000 \SystemRoot\System32\cdd.dll
0x97100000 \SystemRoot\System32\ATMFD.DLL
0x8E56A000 \SystemRoot\system32\drivers\luafv.sys
0x98008000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x980AE000 \SystemRoot\system32\DRIVERS\irda.sys
0x980CC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x980DC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98106000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98110000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x98123000 \SystemRoot\system32\drivers\spsys.sys
0x8E585000 \SystemRoot\system32\drivers\HTTP.sys
0x981D2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x83593000 \SystemRoot\system32\DRIVERS\bowser.sys
0x89BD0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x835AC000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A01F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A058000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A070000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A097000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A0FB000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x9A114000 \??\C:\Windows\system32\drivers\int15.sys
0x9A11B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9A11F000 \SystemRoot\system32\drivers\peauth.sys
0x9A0E3000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9CE02000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9CE14000 \SystemRoot\system32\drivers\regi.sys
0x9CE16000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CE20000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CE2C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9CE34000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C80000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 97):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
536 csrss.exe
608 csrss.exe
616 C:\Windows\System32\wininit.exe
652 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\winlogon.exe
828 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\Ati2evxx.exe
1056 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\audiodg.exe
1252 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1464 C:\Windows\System32\Ati2evxx.exe
1512 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\spoolsv.exe
1796 C:\Windows\System32\svchost.exe
124 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
288 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
312 C:\Program Files\Bonjour\mDNSResponder.exe
368 C:\Windows\System32\svchost.exe
388 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
480 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
476 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1148 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1520 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1708 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1852 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
1904 C:\Program Files\Google\Update\GoogleUpdate.exe
1392 C:\Acer\Mobility Center\MobilityService.exe
2092 C:\Windows\System32\rundll32.exe
2184 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2220 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2264 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2312 C:\Windows\System32\svchost.exe
2348 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2376 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2388 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2416 C:\Windows\System32\svchost.exe
2460 C:\Windows\System32\svchost.exe
2496 C:\Windows\System32\SearchIndexer.exe
2544 C:\Windows\System32\drivers\XAudio.exe
3036 C:\Windows\System32\taskeng.exe
3052 unsecapp.exe
3104 WmiPrvSE.exe
3276 C:\Windows\System32\taskeng.exe
2272 dllhost.exe
2940 C:\Windows\System32\dwm.exe
3048 C:\Windows\explorer.exe
3220 C:\Windows\System32\taskeng.exe
868 C:\Program Files\Windows Defender\MSASCui.exe
2592 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2164 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3436 C:\Windows\RtHDVCpl.exe
2156 C:\Windows\PLFSetI.exe
3820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3628 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3684 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3024 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
3636 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
512 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
400 C:\Windows\System32\wpcumi.exe
2564 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1472 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2756 C:\Program Files\Windows Media Player\wmpnscfg.exe
1104 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1108 C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
3012 C:\Windows\ehome\ehtray.exe
3016 C:\Program Files\DAEMON Tools Pro\DTAgent.exe
3396 C:\Program Files\Windows Media Player\wmpnetwk.exe
3328 C:\Windows\ehome\ehmsas.exe
3536 C:\Windows\servicing\TrustedInstaller.exe
4532 C:\Windows\System32\wuauclt.exe
4540 C:\Users\SEBAST~1\AppData\Local\Temp\RtkBtMnt.exe
4896 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5116 C:\Windows\System32\wbem\unsecapp.exe
5260 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5304 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5800 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5816 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5852 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5868 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6000 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6140 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
4104 C:\Windows\System32\SearchProtocolHost.exe
3292 C:\Windows\System32\SearchFilterHost.exe
4508 C:\Users\Sebastian\Desktop\MBRCheck.exe
4632 C:\Windows\System32\conime.exe
4712 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`7bf00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Log in or Sign up

Solved DDS.txt (log1)

Sandis Inactive Thread Starter

Admin. Administrator Administrator Staff

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

Share This Page

Log in or Sign up

Solved DDS.txt (log1)

Sandis Inactive Thread Starter

Admin. Administrator Administrator Staff

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

broni Moderator Malware Analyst

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

Sandis Inactive Thread Starter

Share This Page

Useful Searches