Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 8th October 2010   #1
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

Post

[Resolved] DDS.txt (log1)


DDS (Ver_10-10-05.01) - NTFSx86
Run by Sebastian at 20:58:12,58 on pe 08.10.2010
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.358.1033.18.2525.1022 [GMT 3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\SEBAST~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files\windows defender\MpCmdRun.exe
D:\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskmgr.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wermgr.exe
C:\Users\Sebastian\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home?AF=14542
uSearch Bar =
uSearch Page =
mDefault_Page_URL = hxxp://fi.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} -
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mURLSearchHooks: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - MyWebSearch Search Assistant BHO
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - mwsBar BHO
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: TBSB07286: {c23d0d6a-8cba-4b33-9735-47d81f5b2b85} - TBSB07286 Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: ToggleSW Toolbar: {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - c:\program files\togglesw\tbTogg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} -
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: {10000000-1000-1000-1000-100000000000} - No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\sebastian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\3.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
StartupFolder: c:\users\sebast~1\appdata\roaming\micros~1\windows\startm~1\programs\startu p\frostw~1.lnk - d:\frostwire\FrostWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm433YHFI
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\sebast~1\appdata\roaming\mozilla\firefox\profiles\f42161rq.default \
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Turvalliset hakutoiminnot
FF - prefs.js: browser.startup.homepage - www.google.fi
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=14542&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - component: c:\users\sebastian\appdata\roaming\mozilla\firefox\profiles\f42161rq.defaul t\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\FFExternalAlert.dll
FF - component: c:\users\sebastian\appdata\roaming\mozilla\firefox\profiles\f42161rq.defaul t\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\sebastian\appdata\local\google\update\1.2.183.29\npGoogleOneClick8 .dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{1bce9228-a236-5601-a33e-9a8361a6ce34}
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-10-08 04:05:36 -------- d-----w- c:\users\sebastian\FrostWire
2010-10-08 03:41:19 -------- d-----w- c:\users\sebast~1\appdata\roaming\Registry Mechanic
2010-10-08 03:18:41 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-10-08 03:18:41 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-10-08 03:18:41 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-10-08 03:18:41 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-10-08 03:18:40 506368 ----a-w- c:\windows\system32\msxml.dll
2010-10-08 03:18:03 -------- d-----w- c:\program files\common files\PC Tools
2010-10-08 03:08:03 65536 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.blf
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.2.regtrans-ms
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.1.regtrans-ms
2010-10-08 03:08:03 1048576 --sha-w- c:\users\sebastian\ntuser.dat{87583f78-c686-11df-a99e-001d723b4586}.TxR.0.regtrans-ms
2010-09-30 19:46:12 -------- d-----w- c:\program files\Zynga
2010-09-29 14:49:27 -------- d-----w- c:\program files\Babylon
2010-09-28 19:05:57 -------- d-----w- c:\users\sebast~1\appdata\local\PMB Files
2010-09-28 19:05:52 -------- d-----w- c:\progra~2\PMB Files
2010-09-28 19:05:31 -------- d-----w- c:\program files\Pando Networks
2010-09-28 18:30:58 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-09-28 17:26:44 -------- d-----w- c:\users\sebast~1\appdata\roaming\Sakura
2010-09-28 17:21:05 -------- d-----w- c:\users\sebast~1\appdata\roaming\Juce VST Host
2010-09-27 18:00:29 -------- d-----w- c:\program files\common files\TI Shared
2010-09-27 18:00:26 -------- d-----w- c:\program files\TI Education
2010-09-27 15:57:23 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-09-23 16:39:58 65536 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TM.blf
2010-09-23 16:39:58 524288 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TMContainer00000000000000000002.regtrans-ms
2010-09-23 16:39:58 524288 --sha-w- c:\users\sebastian\ntuser.dat{87583f79-c686-11df-a99e-001d723b4586}.TMContainer00000000000000000001.regtrans-ms
2010-09-22 17:23:50 49152 ----a-w- c:\windows\system32\PWAD.ocx
2010-09-22 17:23:50 45056 ----a-w- c:\windows\system32\CF.ocx
2010-09-22 17:23:50 40960 ----a-w- c:\windows\system32\hyperlink.ocx
2010-09-22 17:23:50 40960 ----a-w- c:\windows\system32\allenocx.ocx
2010-09-22 17:23:50 24576 ----a-w- c:\windows\system32\runocx.ocx
2010-09-22 17:23:50 24576 ----a-w- c:\windows\system32\dirdlg2.ocx
2010-09-22 17:23:50 237659 ----a-w- c:\windows\system32\EZTW32.DLL
2010-09-22 17:23:47 -------- d-----w- c:\program files\NoteBook
2010-09-18 20:00:16 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-18 19:50:27 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-09-17 14:58:54 -------- d-----w- c:\users\sebast~1\appdata\local\ESET
2010-09-17 14:56:14 -------- d-----w- c:\program files\ESET
2010-09-16 18:00:42 -------- d-----w- c:\program files\EA GAMES
2010-09-15 18:31:57 -------- d-----w- c:\users\sebast~1\appdata\roaming\Mount&Blade
2010-09-14 13:31:20 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys
2010-09-14 13:29:48 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys
2010-09-12 15:44:37 -------- d-----w- c:\progra~2\Alwil Software
2010-09-10 14:45:44 -------- d-----w- c:\users\sebast~1\appdata\roaming\SnapTeam
2010-09-10 14:45:28 -------- d-----w- c:\program files\Snap

==================== Find3M ====================

2010-08-29 18:34:34 240128 ----a-w- c:\windows\system32\uxtheme.dll
2010-08-29 18:34:33 615424 ----a-w- c:\windows\system32\themeui.dll
2010-08-10 02:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 02:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-07-27 15:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 15:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 02:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 21:04:55,69 ===============

Sandis is offline  
Old 8th October 2010   #2
Administrator
 
Admin.'s Avatar
 
Profile:
Join Date: Dec 2001
Location: 35⁰ 53'55.1" N, 14⁰ 28'37.5" E
Posts: 5,979
Computer Experience:
***
Admin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation LevelAdmin. Reputation Level

My System
Yes, as I suspected you're infected.

Don't forget to post your Attach.txt log too.

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

Admin. is offline  
Old 10th October 2010   #3
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

The attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22.3.2009 7:57:55
System Uptime: 10.8.2010 9:04:04 (1428 hours ago)

Motherboard: Acer | | TravelMate 5530
Processor: AMD Athlon(tm) X2 Dual-Core QL-60 | Socket S1G2 | 1900/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 59,424 GiB free.
D: is FIXED (NTFS) - 144 GiB total, 85,884 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office system
Acer Crystal Eye Webcam 2.0.8
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Reader 8.2.4
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AMD USB Audio Driver Filter
AnalogX AutoTune
Any Video Converter 2.7.7
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Catalyst Install Manager
Battlefield 2(TM)
BitLord 1.1
BlueVoda Website Builder 10.2m
Bonjour
Broadcom Gigabit Integrated Controller
Business Contact Manager for Outlook 2007 SP2
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 5.6
Cheat Engine 5.6.1
Contextual Tracker Dymanet
Dance eJay 7
ESET NOD32 Antivirus
eSobi v2
EVEREST Home Edition v2.20
Evrsoft First Page 2006
Express Burn
Fable - The Lost Chapters
FFILoveThisAdPlatform
FL Studio 9
FrostWire 4.20.7
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.71
Guild Wars
Hardcore
HDAUDIO Soft Data Fax Modem with SmartCP
Hero_Online
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 2
ijji REACTOR
IL-2 Sturmovik
IL Download Manager
ILoveThisAdPlatform
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Launch Manager
League of Legends
LightScribe 1.4.142.1
McAfee SiteAdvisor
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Finnish) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft XML Parser
MobileMe Control Panel
Mount & Blade
Mozilla Firefox (3.0.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
My Web Search (IWON)
NCH Toolbox
Norton Security Scan
NoteBook 5.3.6
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver (x86)
O2Micro Flash Memory Card Reader Driver Installer(x86)
OGA Notifier 2.0.0048.0
Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678)
Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669)
Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665)
OpenOffice.org 3.0
Pando Media Booster
PDF Settings
PerformanceAdSystem
PlayMP3z
PoiZone
QuickTime
RC DareDevil
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Registry Mechanic 10.0
Safari
Sakura
Sawer
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype™ 4.0
Sony Picture Utility
Sony USB Driver
Steam
Streamingstar Converter
Synaptics Pointing Device Driver
Team Fortress 2
TI Connect 1.6
ToggleSW Toolbar
Toxic Biohazard
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
WarBirds
WIDCOMM Bluetooth Software 6.0.1.6300
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
VistaGlazz 2.1
VLC media player 1.0.1
Xfire (remove only)
Zynga Toolbar

==== End Of File ===========================

Sandis is offline  
Old 10th October 2010   #4
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Uninstall My Web Search (IWON) and Zynga Toolbar, known adwares.

Uninstall Uniblue RegistryBooster and Registry Mechanic 10.0.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

===============================================================

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni is online now  
Old 10th October 2010   #5
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

Frost wire is now uninstalled, anything i can do while i wait for the malware expert to check my log?

Sandis is offline  
Old 10th October 2010   #6
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please, read my previous reply.

broni is online now  
Old 10th October 2010   #7
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

Sorry you were fast, the "My websearch IWON" says: ERROR loading C:\MYWEBS~1\bar\3.bin\mwsbar.dll The specified module could not be found

Sandis is offline  
Old 10th October 2010   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
That's fine. We'll remove leftovers later.
Proceed with others.

broni is online now  
Old 10th October 2010   #9
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4791

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

10.10.2010 21:28:27
mbam-log-2010-10-10 (21-28-27).txt

Scan type: Quick scan
Objects scanned: 144630
Time elapsed: 39 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 171
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 28
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d5ae610-803a-e578-8b93-ee9ce23be350} (Adware.Dymanet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0 0a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0 7b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0 7b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1 d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d 41f3a83-68f0-3198-78ba-4ace22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6 faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6 faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b1 8ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b1 8ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4d b7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d41f 3a83-68f0-3198-78ba-4ace22487449} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApprove d\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e262 5d30-7dc3-137f-be78-0f8f4225f6b8 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ILoveThisAdPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ILoveThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PerformanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.Out lookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.Outloo kAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ILov eThisAdPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWe bSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perf ormanceAdSystem (Adware.YouWontFindBetterDeals) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Play MP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearc h email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\373096118 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Sebastian\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\f3install (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\sysmon\flvdirect (Adware.Dropper) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\e2625d30-7dc3-137f-be78-0f8f4225f6b8.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Sebastian\AppData\Local\Temp\NS42A7.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\ecobar.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbcore3.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbcore3.inf (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\update.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\ecobar.inf (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Ecobar\tbunse25A3.tmp\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\jkot25826.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\muvxt5317.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\nhrmi74428\ujkbk64122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\bqbsu7082.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\dmnrw36047.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\itrg8235.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\toxto06642\lnol20734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\sysmon\flvdirect\flvsetup.exe (Adware.Dropper) -> Quarantined and deleted successfully.

Sandis is offline  
Old 10th October 2010   #10
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 169):
0x82A4E000 \SystemRoot\system32\ntkrnlpa.exe
0x82A1B000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80605000 \SystemRoot\System32\Drivers\sppw.sys
0x806FE000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80707000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8072D000 \SystemRoot\system32\drivers\acpi.sys
0x80773000 \SystemRoot\system32\drivers\msisadrv.sys
0x8077B000 \SystemRoot\system32\drivers\pci.sys
0x807A2000 \SystemRoot\System32\drivers\partmgr.sys
0x807B1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807B4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807BE000 \SystemRoot\system32\drivers\volmgr.sys
0x83405000 \SystemRoot\System32\drivers\volmgrx.sys
0x8344F000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8347C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8348C000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83494000 \SystemRoot\system32\drivers\atapi.sys
0x8349C000 \SystemRoot\system32\drivers\ataport.SYS
0x834BA000 \SystemRoot\system32\drivers\msahci.sys
0x834C4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x834D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x83504000 \SystemRoot\system32\drivers\fileinfo.sys
0x83514000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8351D000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x83526000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83608000 \SystemRoot\system32\drivers\ndis.sys
0x83713000 \SystemRoot\system32\drivers\msrpc.sys
0x8373E000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B1D000 \SystemRoot\system32\drivers\volsnap.sys
0x89B56000 \SystemRoot\System32\Drivers\spldr.sys
0x89B5E000 \SystemRoot\System32\Drivers\mup.sys
0x89B6D000 \SystemRoot\System32\drivers\ecache.sys
0x89B94000 \SystemRoot\system32\drivers\disk.sys
0x89BA5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BC6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BCE000 \SystemRoot\system32\drivers\crcdisk.sys
0x83778000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x837B9000 \SystemRoot\system32\DRIVERS\storport.sys
0x89BEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x835D8000 \SystemRoot\system32\DRIVERS\processr.sys
0x835E7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E00B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E4DA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E579000 \SystemRoot\System32\drivers\watchdog.sys
0x8E586000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E598000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x8EAEF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EB07000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EB0F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB12000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB1C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB5A000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8EB63000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB65000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EB74000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EB8B000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8EB95000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EBA0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EBCF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EBDA000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8EBE4000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F007000 \SystemRoot\System32\Drivers\aerooo7x.SYS
0x8F03F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F06D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F078000

Sandis is offline  
Old 10th October 2010   #11
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Gmer?

broni is online now  
Old 10th October 2010   #12
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
BTW...

MBRCheck log is incomplete.
Please, repost.

broni is online now  
Old 10th October 2010   #13
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

Gmer opens but it crashes the pc, when i choose the other tab the whole screen goes striped and i need to reboot.

Sandis is offline  
Old 10th October 2010   #14
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,885
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Quote:
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
If still a problem, skip GMER for now.

I still need complete MBRCheck log.

broni is online now  
Old 10th October 2010   #15
Inactive
THREAD STARTER
 
Profile:
Join Date: Oct 2010
Posts: 43
Computer Experience:
Experienced
Sandis Reputation Level

I ran MBR again heres the log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: TravelMate 5530
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 168):
0x82A34000 \SystemRoot\system32\ntkrnlpa.exe
0x82A01000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\PSHED.dll
0x80422000 \SystemRoot\system32\BOOTVID.dll
0x8042A000 \SystemRoot\system32\CLFS.SYS
0x8046B000 \SystemRoot\system32\CI.dll
0x8054B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060E000 \SystemRoot\System32\Drivers\spap.sys
0x80707000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80710000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80736000 \SystemRoot\system32\drivers\acpi.sys
0x8077C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80784000 \SystemRoot\system32\drivers\pci.sys
0x807AB000 \SystemRoot\System32\drivers\partmgr.sys
0x807BA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807BD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807C7000 \SystemRoot\system32\drivers\volmgr.sys
0x83402000 \SystemRoot\System32\drivers\volmgrx.sys
0x8344C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x83479000 \SystemRoot\System32\drivers\mountmgr.sys
0x83489000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83491000 \SystemRoot\system32\drivers\atapi.sys
0x83499000 \SystemRoot\system32\drivers\ataport.SYS
0x834B7000 \SystemRoot\system32\drivers\msahci.sys
0x834C1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x834CF000 \SystemRoot\system32\drivers\fltmgr.sys
0x83501000 \SystemRoot\system32\drivers\fileinfo.sys
0x83511000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8351A000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x83523000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83606000 \SystemRoot\system32\drivers\ndis.sys
0x83711000 \SystemRoot\system32\drivers\msrpc.sys
0x8373C000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B17000 \SystemRoot\system32\drivers\volsnap.sys
0x89B50000 \SystemRoot\System32\Drivers\spldr.sys
0x89B58000 \SystemRoot\System32\Drivers\mup.sys
0x89B67000 \SystemRoot\System32\drivers\ecache.sys
0x89B8E000 \SystemRoot\system32\drivers\disk.sys
0x89B9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BC0000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BC8000 \SystemRoot\system32\drivers\crcdisk.sys
0x83776000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x837B7000 \SystemRoot\system32\DRIVERS\storport.sys
0x89BE8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89BF3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x835D5000 \SystemRoot\system32\DRIVERS\processr.sys
0x835E4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F007000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8F4D6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F575000 \SystemRoot\System32\drivers\watchdog.sys
0x8F582000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F594000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8E000000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E0E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E0FC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E104000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E107000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E111000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E14F000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8E158000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E15A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E169000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E16D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E180000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E18A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E195000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E1C4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E1CF000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8E1D9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F80B000 \SystemRoot\System32\Drivers\akm6rmjy.SYS
0x8F843000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F871000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F87C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F893000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F89E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F8C1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F8D0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F8E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F8F9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F909000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F90B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F935000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F93F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F94C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F980000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F991000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F9D0000 \SystemRoot\system32\drivers\portcls.sys
0x8F5CB000 \SystemRoot\system32\drivers\drmk.sys
0x9000D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90217000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90254000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90403000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x904B7000 \SystemRoot\system32\drivers\modem.sys
0x904C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x904CD000 \SystemRoot\System32\Drivers\Null.SYS
0x904D4000 \SystemRoot\System32\Drivers\Beep.SYS
0x904DB000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x90503000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9050A000 \SystemRoot\System32\drivers\vga.sys
0x90516000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90537000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9054E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90556000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9055F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9056F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90577000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9057F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90588000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90593000 \SystemRoot\System32\Drivers\Npfs.SYS
0x905A1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90C04000 \SystemRoot\System32\drivers\tcpip.sys
0x90CED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90D08000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90D29000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90D3F000 \SystemRoot\system32\DRIVERS\smb.sys
0x90D53000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90D85000 \SystemRoot\system32\drivers\afd.sys
0x90DCD000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90DD6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90DEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x905AA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x905BD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90357000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90361000 \SystemRoot\System32\Drivers\dfsc.sys
0x90378000 \SystemRoot\System32\Drivers\fastfat.SYS
0x903A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x903AD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x903B7000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x98600000 \SystemRoot\System32\win32k.sys
0x90000000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E1E5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98820000 \SystemRoot\System32\TSDDD.dll
0x98840000 \SystemRoot\System32\cdd.dll
0x98850000 \SystemRoot\System32\ATMFD.DLL
0x83594000 \SystemRoot\system32\drivers\luafv.sys
0x99000000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x990A6000 \SystemRoot\system32\drivers\spsys.sys
0x99155000 \SystemRoot\system32\DRIVERS\irda.sys
0x99173000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99183000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x991AD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x991B7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B202000 \SystemRoot\system32\drivers\HTTP.sys
0x9B26D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B28A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B2A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B2B8000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B2D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B2F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B330000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B348000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B36F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B3D3000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x9B3EC000 \??\C:\Windows\system32\drivers\int15.sys
0x9B3F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E20B000 \SystemRoot\system32\drivers\peauth.sys
0x9E2E9000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9E2F2000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9E304000 \SystemRoot\system32\drivers\regi.sys
0x9E306000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E310000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E31C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E324000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76E10000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 93):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
592 csrss.exe
664 C:\Windows\System32\wininit.exe
672 csrss.exe
708 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\Ati2evxx.exe
1080 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1300 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\Ati2evxx.exe
1568 C:\Windows\System32\svchost.exe
1792 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
356 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
428 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
444 C:\Program Files\Bonjour\mDNSResponder.exe
464 C:\Windows\System32\svchost.exe
532 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
564 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
596 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1472 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1976 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
560 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2076 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
2088 C:\Acer\Mobility Center\MobilityService.exe
2144 C:\Windows\System32\rundll32.exe
2200 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2236 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2264 C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
2312 C:\Windows\System32\svchost.exe
2344 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
2380 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2404 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2420 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\svchost.exe
2540 C:\Windows\System32\SearchIndexer.exe
2584 C:\Windows\System32\drivers\XAudio.exe
2960 unsecapp.exe
2988 WmiPrvSE.exe
3640 C:\Windows\System32\taskeng.exe
1176 C:\Windows\servicing\TrustedInstaller.exe
1400 C:\Windows\System32\taskeng.exe
2208 C:\Windows\System32\dwm.exe
2888 C:\Windows\explorer.exe
3044 C:\Program Files\Windows Defender\MSASCui.exe
2488 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
1496 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3320 C:\Windows\RtHDVCpl.exe
3164 C:\Windows\PLFSetI.exe
252 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3620 C:\Windows\System32\wuauclt.exe
2600 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
2656 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3772 C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
1000 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1924 C:\Windows\System32\wpcumi.exe
3876 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4012 C:\Program Files\Windows Media Player\wmpnscfg.exe
908 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
584 C:\Program Files\Windows Media Player\wmpnetwk.exe
2732 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4068 C:\Windows\ehome\ehtray.exe
2700 C:\Program Files\DAEMON Tools Pro\DTAgent.exe
264 C:\Users\Sebastian\AppData\Local\Temp\RtkBtMnt.exe
1396 C:\Windows\ehome\ehmsas.exe
4172 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4372 C:\Windows\System32\wbem\unsecapp.exe
4484 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5776 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6044 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
4108 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
6116 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
324 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
5308 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
1880 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
4924 C:\Users\Sebastian\Downloads\7fsh7wg7.exe
4560 C:\Users\Sebastian\Downloads\MBRCheck.exe
3624 C:\Windows\System32\conime.exe
1896 C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
3520 <unknown>
3156 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`7bf00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 1.10

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Sandis is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 03:27.


Recent Discussions
Re-starting IE8 every time I change.. (3)
Windows 8.1 Update 2 (19)
8.1 Flash Player probs (1)
Backing up C: (5)
Text overlapping in Google Chrome (4)
Comp is slow to recognize USB HD? (12)
Intel's two new PC chips (1)
Pagefile 8GB and Hiberfile 6GB on 1.. (9)
Because of an error in data encrypt.. (1)
Start Program Won't Execute (6)
Start Menu Question (9)
Seamonkey Mail Address Random Sort (4)
How get Outlook 2007 to display Mai.. (3)
Buying Windows 8.1 from MS Store. (10)
The remote procedure call failed (2)
Problem with password resetting. (9)
Refurb laptops ok to buy? (8)
Mouse left clicker wont work for ce.. (6)
Firefox - running "new tab, ne.. (5)
Computer Slow to Boot and Files Cor.. (75)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 0.70397 seconds with 7 queries