1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Adware, My Web Page

Discussion in 'Malware and Virus Removal Archive' started by deester, 2009/06/22.

  1. 2009/06/22
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    [Resolved] Adware, My Web Page

    While doing regular maintainance, which I wish I had never done, I found issues with computer again and I'm sorry.
    Dell Inspiron Laptop w XP, wireless on Linskys router w DSl


    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Dell at 12:23:46.85 on Mon 06/22/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.465 [GMT -4:00]

    AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7DD6A279-63AD-4EB9-9A3F-421342D795CE}
    AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: iolo Personal Firewall® *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
    C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Ocucom\PreCast\tmon.exe
    C:\Program Files\MostFun\Bin\MostFun.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\iAVEmailScanner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\MsiExec.exe
    C:\Documents and Settings\Dell\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=l4HxehpLgiRGwAO_03CWBA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SystemGuardAlerter] "c:\program files\iolo\system shield 3\SystemGuardAlerter.exe "
    mRun: [iolo AntiVirus] "c:\program files\iolo\system shield 3\antivirus\ioloAV.exe "
    mRun: [HostManager] "c:\program files\common files\aol\1211762669\ee\AOLSoftware.exe "
    mRun: [iolo Personal Firewall] "c:\program files\iolo\system shield 3\personal firewall\ioloFW.exe "
    StartupFolder: c:\docume~1\dell\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
    StartupFolder: c:\docume~1\dell\startm~1\programs\startup\mostfun.lnk - c:\program files\mostfun\bin\MostFun.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\runner.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
    IE: &Search
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    LSP: c:\windows\system32\iavlsp.dll
    LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
    DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1221952782890
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\5af4a9ci.default\
    FF - component: c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
    FF - component: c:\program files\permissionresearch\components\prxg.dll
    FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\dell\application data\mozilla\firefox\profiles\5af4a9ci.default\extensions\npmozax@real.com\plugins\npmozax.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\npmozax.dll
    FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PermissionResearch

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE ", "AllAccess ");

    ============= SERVICES / DRIVERS ===============

    R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2009-3-30 39424]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
    R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2008-9-17 14336]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-9-17 8832]
    S2 gupdate1c9e6fc72c9d62;Google Update Service (gupdate1c9e6fc72c9d62);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-24 79240]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-24 35240]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-24 34152]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-24 40488]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2009-06-22 11:34 <DIR> --d----- c:\program files\Digital Support
    2009-06-20 01:33 389,120 a------- c:\windows\system32\CF30824.exe
    2009-06-20 00:38 <DIR> --d----- c:\docume~1\dell\applic~1\YoudaGames
    2009-06-18 19:18 <DIR> --d----- c:\docume~1\dell\applic~1\Dream Farm Games
    2009-06-18 19:14 <DIR> --d----- c:\program files\Dreams
    2009-06-17 13:51 <DIR> --d----- c:\docume~1\dell\applic~1\Playrix Entertainment
    2009-06-16 21:59 <DIR> --d----- c:\docume~1\dell\applic~1\Enlightenus1Beta
    2009-06-16 21:39 <DIR> --d----- c:\docume~1\dell\applic~1\SunRay Games
    2009-06-16 21:32 <DIR> --d----- c:\program files\Runtime Software
    2009-06-16 11:09 <DIR> --d----- c:\docume~1\dell\applic~1\Big Fish
    2009-06-15 08:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Becky Brogan
    2009-06-15 02:33 720,896 a------- c:\windows\iun6002ev.exe
    2009-06-15 02:33 <DIR> --d----- c:\program files\Bejeweled 2 Deluxe
    2009-06-15 00:09 <DIR> --d----- c:\docume~1\dell\applic~1\FairyTale
    2009-06-14 23:48 <DIR> --d----- c:\windows\A Fairy Tale
    2009-06-14 23:48 <DIR> --d----- c:\program files\A Fairy Tale
    2009-06-14 13:17 <DIR> --d----- C:\1cdb1188b57f6d636c9f704925
    2009-06-14 11:05 <DIR> --d----- c:\program files\WOT
    2009-06-13 21:07 <DIR> --d----- c:\docume~1\dell\applic~1\Purple Patch Games
    2009-06-13 13:18 <DIR> --d----- c:\documents and settings\dell\.SunDownloadManager
    2009-06-13 12:51 <DIR> --ds---- C:\ComboFix
    2009-06-11 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-06-11 23:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-06-11 23:15 <DIR> --d----- c:\docume~1\dell\applic~1\SUPERAntiSpyware.com
    2009-06-11 11:56 <DIR> --d----- c:\program files\MyPlayCity
    2009-06-10 15:08 <DIR> --d----- C:\My Download Files
    2009-06-10 14:43 <DIR> --d----- C:\My Games
    2009-06-08 17:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Enkord
    2009-06-08 12:02 <DIR> --d----- c:\docume~1\dell\applic~1\ERS G-Studio
    2009-06-07 22:32 <DIR> --d----- c:\windows\Hidden Wonders of the Depths 2
    2009-06-07 22:32 <DIR> --d----- c:\program files\Hidden Wonders of the Depths 2
    2009-06-07 15:10 <DIR> --d----- c:\program files\MyPlayCity.com
    2009-06-07 01:32 <DIR> --d----- c:\program files\RealArcade
    2009-06-06 21:48 <DIR> --d----- c:\docume~1\dell\applic~1\Hidden Island Data
    2009-06-05 15:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RealArcade

    ==================== Find3M ====================

    2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-06-13 03:45 218,124,320 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-06-13 03:45 2,557,220 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-06-10 13:45 103,720 a------- c:\documents and settings\dell\GoToAssistDownloadHelper.exe
    2009-05-12 15:46 803 a------- c:\program files\Internet Explorer (2).lnk
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
    2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2008-09-07 10:31 0 a------- c:\program files\temp01
    2008-07-22 14:44 110 a------- c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
    2008-07-07 15:56 774,144 a------- c:\program files\RngInterstitial.dll
    2002-07-01 10:13 224 a--sh--- c:\docume~1\dell\applic~1\maildriver32.dat

    ============= FINISH: 12:24:32.73 ===============

    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Dell at 12:23:46.85 on Mon 06/22/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.465 [GMT -4:00]

    AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7DD6A279-63AD-4EB9-9A3F-421342D795CE}
    AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: iolo Personal Firewall® *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
    C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Ocucom\PreCast\tmon.exe
    C:\Program Files\MostFun\Bin\MostFun.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\iAVEmailScanner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\MsiExec.exe
    C:\Documents and Settings\Dell\Desktop\dds.scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=l4HxehpLgiRGwAO_03CWBA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyPl.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SystemGuardAlerter] "c:\program files\iolo\system shield 3\SystemGuardAlerter.exe "
    mRun: [iolo AntiVirus] "c:\program files\iolo\system shield 3\antivirus\ioloAV.exe "
    mRun: [HostManager] "c:\program files\common files\aol\1211762669\ee\AOLSoftware.exe "
    mRun: [iolo Personal Firewall] "c:\program files\iolo\system shield 3\personal firewall\ioloFW.exe "
    StartupFolder: c:\docume~1\dell\startm~1\programs\startup\aoldes~1.lnk - c:\program files\common files\aol\launch\aollaunch.exe
    StartupFolder: c:\docume~1\dell\startm~1\programs\startup\mostfun.lnk - c:\program files\mostfun\bin\MostFun.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\runner.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\precas~1.lnk - c:\program files\ocucom\precast\tmon.exe
    IE: &Search
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    LSP: c:\windows\system32\iavlsp.dll
    LSP: c:\program files\iolo\common\firewall\iFW_Xfilter.dll
    DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1221952782890
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\5af4a9ci.default\
    FF - component: c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
    FF - component: c:\program files\permissionresearch\components\prxg.dll
    FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\dell\application data\mozilla\firefox\profiles\5af4a9ci.default\extensions\npmozax@real.com\plugins\npmozax.dll
    FF - plugin: c:\progra~1\mozill~1\plugins\npmozax.dll
    FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\PermissionResearch

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149 ", "AllAccess ");
    c:\program files\mozilla firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE ", "AllAccess ");

    ============= SERVICES / DRIVERS ===============

    R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [2009-3-30 39424]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 207656]
    R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2008-9-17 14336]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 628584]
    R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2008-9-17 8832]
    S2 gupdate1c9e6fc72c9d62;Google Update Service (gupdate1c9e6fc72c9d62);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-24 79240]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-24 35240]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-24 34152]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-24 40488]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2009-06-22 11:34 <DIR> --d----- c:\program files\Digital Support
    2009-06-20 01:33 389,120 a------- c:\windows\system32\CF30824.exe
    2009-06-20 00:38 <DIR> --d----- c:\docume~1\dell\applic~1\YoudaGames
    2009-06-18 19:18 <DIR> --d----- c:\docume~1\dell\applic~1\Dream Farm Games
    2009-06-18 19:14 <DIR> --d----- c:\program files\Dreams
    2009-06-17 13:51 <DIR> --d----- c:\docume~1\dell\applic~1\Playrix Entertainment
    2009-06-16 21:59 <DIR> --d----- c:\docume~1\dell\applic~1\Enlightenus1Beta
    2009-06-16 21:39 <DIR> --d----- c:\docume~1\dell\applic~1\SunRay Games
    2009-06-16 21:32 <DIR> --d----- c:\program files\Runtime Software
    2009-06-16 11:09 <DIR> --d----- c:\docume~1\dell\applic~1\Big Fish
    2009-06-15 08:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Becky Brogan
    2009-06-15 02:33 720,896 a------- c:\windows\iun6002ev.exe
    2009-06-15 02:33 <DIR> --d----- c:\program files\Bejeweled 2 Deluxe
    2009-06-15 00:09 <DIR> --d----- c:\docume~1\dell\applic~1\FairyTale
    2009-06-14 23:48 <DIR> --d----- c:\windows\A Fairy Tale
    2009-06-14 23:48 <DIR> --d----- c:\program files\A Fairy Tale
    2009-06-14 13:17 <DIR> --d----- C:\1cdb1188b57f6d636c9f704925
    2009-06-14 11:05 <DIR> --d----- c:\program files\WOT
    2009-06-13 21:07 <DIR> --d----- c:\docume~1\dell\applic~1\Purple Patch Games
    2009-06-13 13:18 <DIR> --d----- c:\documents and settings\dell\.SunDownloadManager
    2009-06-13 12:51 <DIR> --ds---- C:\ComboFix
    2009-06-11 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2009-06-11 23:15 <DIR> --d----- c:\program files\SUPERAntiSpyware
    2009-06-11 23:15 <DIR> --d----- c:\docume~1\dell\applic~1\SUPERAntiSpyware.com
    2009-06-11 11:56 <DIR> --d----- c:\program files\MyPlayCity
    2009-06-10 15:08 <DIR> --d----- C:\My Download Files
    2009-06-10 14:43 <DIR> --d----- C:\My Games
    2009-06-08 17:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Enkord
    2009-06-08 12:02 <DIR> --d----- c:\docume~1\dell\applic~1\ERS G-Studio
    2009-06-07 22:32 <DIR> --d----- c:\windows\Hidden Wonders of the Depths 2
    2009-06-07 22:32 <DIR> --d----- c:\program files\Hidden Wonders of the Depths 2
    2009-06-07 15:10 <DIR> --d----- c:\program files\MyPlayCity.com
    2009-06-07 01:32 <DIR> --d----- c:\program files\RealArcade
    2009-06-06 21:48 <DIR> --d----- c:\docume~1\dell\applic~1\Hidden Island Data
    2009-06-05 15:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RealArcade

    ==================== Find3M ====================

    2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-06-13 03:45 218,124,320 a--sh--- c:\windows\system32\drivers\fidbox.dat
    2009-06-13 03:45 2,557,220 a--sh--- c:\windows\system32\drivers\fidbox.idx
    2009-06-10 13:45 103,720 a------- c:\documents and settings\dell\GoToAssistDownloadHelper.exe
    2009-05-12 15:46 803 a------- c:\program files\Internet Explorer (2).lnk
    2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
    2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
    2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
    2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
    2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
    2008-09-07 10:31 0 a------- c:\program files\temp01
    2008-07-22 14:44 110 a------- c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
    2008-07-07 15:56 774,144 a------- c:\program files\RngInterstitial.dll
    2002-07-01 10:13 224 a--sh--- c:\docume~1\dell\applic~1\maildriver32.dat

    ============= FINISH: 12:24:32.73 ===============
     
  2. 2009/06/22
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Only ran short scan of Malwarebytes, saw more than I wanted to.

    Malwarebytes' Anti-Malware 1.38
    Database version: 2322
    Windows 5.1.2600 Service Pack 3

    6/22/2009 12:03:49 PM
    mbam-log-2009-06-22 (12-03-49).txt

    Scan type: Quick Scan
    Objects scanned: 122773
    Time elapsed: 6 minute(s), 10 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 4
    Registry Keys Infected: 141
    Registry Values Infected: 10
    Registry Data Items Infected: 0
    Folders Infected: 17
    Files Infected: 85

    Memory Processes Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\OpinionSquare (Spyware.Marketscore) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
    c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWeb) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\documents and settings\Dell\Desktop\MyFunCardsSetup2.3.50.45.ZUfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4B75A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BC4C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BD07.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BDC3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BEBD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BF59.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\0FC4BFD6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\100B1CD6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\100B1DC0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\100B1E6C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\100B1F18.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\100B2002 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
     

  3. to hide this advert.

  4. 2009/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yeah, we'll need a full scan, so let's start from the beginning.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.

    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.

    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. 2009/06/22
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/22/2009 at 10:52 PM

    Application Version : 4.26.1004

    Core Rules Database Version : 3950
    Trace Rules Database Version: 1892

    Scan type : Complete Scan
    Total Scan Time : 02:45:14

    Memory items scanned : 575
    Memory threats detected : 0
    Registry items scanned : 5302
    Registry threats detected : 10
    File items scanned : 162202
    File threats detected : 0

    Adware.MyWebSearch/FunWebProducts
    HKU\S-1-5-21-861567501-1532298954-682003330-1011\SOFTWARE\FunWebProducts
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE\0000#DeviceDesc
     
  6. 2009/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Cool beans :)
     
  7. 2009/06/22
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.38
    Database version: 2323
    Windows 5.1.2600 Service Pack 3

    6/23/2009 12:33:32 AM
    mbam-log-2009-06-23 (00-33-32).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 293860
    Time elapsed: 1 hour(s), 24 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. 2009/06/23
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Cannot get GMER to scan, downloaded from 2 different links, Softpedia link is no longer a valid link.
    Did the Hijack This , let me know if I have to do anything differently. Goodnight Irene.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:06:38 AM, on 6/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Ocucom\PreCast\tmon.exe
    C:\Program Files\MostFun\Bin\MostFun.exe
    C:\Program Files\AOL 9.1a\waol.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\iAVEmailScanner.exe
    C:\Program Files\AOL 9.1a\shellmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe "
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe "
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe "
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
    O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
    O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
    O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1221952782890
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9e6fc72c9d62) (gupdate1c9e6fc72c9d62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10703 bytes
     
  9. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It doesn't look bad, but let's make sure...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
  10. 2009/06/23
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    ComboFix 09-06-22.07 - Dell 06/23/2009 2:13.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -4:00]
    Running from: c:\documents and settings\Dell\Desktop\ComboFix.exe
    AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {7DD6A279-63AD-4EB9-9A3F-421342D795CE}
    AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: iolo Personal Firewall® *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
    .

    2009-06-22 15:34 . 2009-06-22 15:35 -------- d-----w- c:\program files\Digital Support
    2009-06-20 04:38 . 2009-06-20 04:38 -------- d-----w- c:\documents and settings\Dell\Application Data\YoudaGames
    2009-06-18 23:18 . 2009-06-18 23:18 -------- d-----w- c:\documents and settings\Dell\Application Data\Dream Farm Games
    2009-06-18 23:14 . 2009-06-18 23:14 -------- d-----w- c:\program files\Dreams
    2009-06-17 17:51 . 2009-06-18 23:50 -------- d-----w- c:\documents and settings\Dell\Application Data\Playrix Entertainment
    2009-06-17 01:59 . 2009-06-17 01:59 -------- d-----w- c:\documents and settings\Dell\Application Data\Enlightenus1Beta
    2009-06-17 01:39 . 2009-06-17 01:39 -------- d-----w- c:\documents and settings\Dell\Application Data\SunRay Games
    2009-06-17 01:32 . 2009-06-17 01:32 -------- d-----w- c:\program files\Runtime Software
    2009-06-16 15:09 . 2009-06-16 15:09 -------- d-----w- c:\documents and settings\Dell\Application Data\Big Fish
    2009-06-15 12:18 . 2009-06-15 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Becky Brogan
    2009-06-15 06:33 . 2009-06-15 06:33 720896 ----a-w- c:\windows\iun6002ev.exe
    2009-06-15 06:33 . 2009-06-15 06:44 -------- d-----w- c:\program files\Bejeweled 2 Deluxe
    2009-06-15 04:09 . 2009-06-15 04:09 -------- d-----w- c:\documents and settings\Dell\Application Data\FairyTale
    2009-06-15 03:48 . 2009-06-15 04:37 -------- d-----w- c:\program files\A Fairy Tale
    2009-06-15 03:48 . 2009-06-15 03:48 -------- d-----w- c:\windows\A Fairy Tale
    2009-06-14 17:17 . 2009-06-14 17:17 -------- d-----w- C:\1cdb1188b57f6d636c9f704925
    2009-06-14 15:05 . 2009-06-14 15:05 -------- d-----w- c:\program files\WOT
    2009-06-14 01:07 . 2009-06-14 01:07 -------- d-----w- c:\documents and settings\Dell\Application Data\Purple Patch Games
    2009-06-13 17:18 . 2009-06-13 17:23 -------- d-----w- c:\documents and settings\Dell\.SunDownloadManager
    2009-06-12 03:15 . 2009-06-23 02:58 117760 ----a-w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-12 03:15 . 2009-06-12 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-12 03:15 . 2009-06-12 03:15 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-06-12 03:15 . 2009-06-12 03:15 -------- d-----w- c:\documents and settings\Dell\Application Data\SUPERAntiSpyware.com
    2009-06-11 15:57 . 2009-06-14 15:38 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\MyPlayCity
    2009-06-11 15:56 . 2009-06-14 15:38 -------- d-----w- c:\program files\MyPlayCity
    2009-06-10 19:08 . 2009-06-10 19:11 -------- d-----w- C:\My Download Files
    2009-06-10 18:43 . 2009-06-14 18:05 -------- d-----w- C:\My Games
    2009-06-10 17:55 . 2008-09-03 17:39 114688 ----a-w- c:\documents and settings\Dell\Application Data\Mozilla\Firefox\Profiles\5af4a9ci.default\extensions\npmozax@real.com\plugins\npmozax.dll
    2009-06-08 21:11 . 2009-06-08 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Enkord
    2009-06-08 16:02 . 2009-06-08 16:02 -------- d-----w- c:\documents and settings\Dell\Application Data\ERS G-Studio
    2009-06-08 02:32 . 2009-06-08 02:32 -------- d-----w- c:\program files\Hidden Wonders of the Depths 2
    2009-06-08 02:32 . 2009-06-08 02:32 -------- d-----w- c:\windows\Hidden Wonders of the Depths 2
    2009-06-07 19:10 . 2009-06-11 15:56 -------- d-----w- c:\program files\MyPlayCity.com
    2009-06-07 05:32 . 2009-06-20 10:16 -------- d-----w- c:\program files\RealArcade
    2009-06-07 03:40 . 2009-06-07 03:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2009-06-07 01:48 . 2009-06-07 01:58 -------- d-----w- c:\documents and settings\Dell\Application Data\Hidden Island Data
    2009-06-06 23:10 . 2009-06-06 23:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2009-06-06 23:10 . 2009-06-10 17:41 -------- d-----w- c:\documents and settings\Dell\Local Settings\Application Data\Google
    2009-06-06 23:10 . 2009-06-11 21:42 -------- d-----w- c:\program files\Google
    2009-06-05 19:42 . 2009-06-05 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RealArcade
    2009-06-05 19:42 . 2009-03-30 21:13 98304 ----a-w- c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
    2009-06-05 19:10 . 2009-06-05 19:29 152576 ----a-w- c:\documents and settings\Dell\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-23 06:12 . 2008-09-17 19:34 -------- d-----w- c:\documents and settings\Dell\Application Data\PreCast
    2009-06-23 02:51 . 2008-05-26 21:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-22 15:55 . 2008-08-15 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-22 15:55 . 2008-12-16 20:11 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-06-22 15:35 . 2008-10-25 22:36 -------- d-----w- c:\documents and settings\Dell\Application Data\Digital Support
    2009-06-21 19:15 . 2008-07-31 00:16 -------- d-----w- c:\documents and settings\Dell\Application Data\PlayFirst
    2009-06-21 19:15 . 2008-05-26 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
    2009-06-21 18:51 . 2008-09-06 01:21 -------- d-----w- c:\program files\LeeGTs Games
    2009-06-21 09:23 . 2008-08-26 15:52 -------- d-----w- c:\program files\Common Files\Adobe
    2009-06-19 19:23 . 2008-07-17 14:02 -------- d-----w- c:\program files\MostFun
    2009-06-19 19:16 . 2009-02-26 04:06 -------- d-----w- c:\program files\Panda Security
    2009-06-18 23:15 . 2008-11-30 00:16 -------- d-----w- c:\program files\Games
    2009-06-17 15:27 . 2008-08-15 14:15 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 15:27 . 2008-08-15 14:15 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-15 07:52 . 2008-12-05 05:40 26 ----a-w- c:\windows\popcinfo.dat
    2009-06-15 04:05 . 2008-09-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
    2009-06-14 16:48 . 2008-07-07 19:56 -------- d-----w- c:\program files\Real
    2009-06-13 17:09 . 2008-06-11 23:04 -------- d-----w- c:\program files\Java
    2009-06-13 16:56 . 2008-09-12 01:58 -------- d-----w- c:\documents and settings\Dell\Application Data\AVGTOOLBAR
    2009-06-13 07:45 . 2009-01-05 10:38 2557220 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-06-13 07:45 . 2009-01-05 10:38 218124320 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-06-12 03:14 . 2008-11-17 20:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-11 21:42 . 2008-09-21 19:52 -------- d-----w- c:\program files\PermissionResearch
    2009-06-10 23:45 . 2009-01-05 21:58 -------- d-----w- c:\documents and settings\Savannah\Application Data\PreCast
    2009-06-10 20:37 . 2008-08-08 01:49 -------- d-----w- c:\documents and settings\Dell\Application Data\iWin
    2009-06-10 17:45 . 2008-07-24 14:17 103720 ----a-w- c:\documents and settings\Dell\GoToAssistDownloadHelper.exe
    2009-06-06 23:11 . 2008-07-19 01:42 -------- d-----w- c:\program files\Zylom Games
    2009-06-06 02:19 . 2008-12-10 23:14 -------- d-----w- c:\documents and settings\Dell\Application Data\JewelMatch2
    2009-05-23 22:54 . 2008-09-18 20:21 -------- d-----w- c:\documents and settings\Dee\Application Data\PreCast
    2009-05-21 02:06 . 2008-11-11 20:18 -------- d-----w- c:\documents and settings\Ted\Application Data\PreCast
    2009-05-13 12:14 . 2008-05-26 05:52 32984 ----a-w- c:\documents and settings\Dee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-12 19:46 . 2009-05-12 19:46 803 ----a-w- c:\program files\Internet Explorer (2).lnk
    2009-05-07 15:32 . 2008-08-19 10:21 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-05-07 12:25 . 2009-05-07 12:19 -------- d-----w- c:\documents and settings\Ted\Application Data\Smart-Shopper
    2009-05-07 05:33 . 2009-05-07 04:21 -------- d-----w- c:\documents and settings\Dee\Application Data\Smart-Shopper
    2009-05-07 04:03 . 2009-05-07 04:03 -------- d-----w- c:\documents and settings\Dee\Application Data\iolo
    2009-05-06 14:45 . 2009-05-06 14:45 -------- d-----w- c:\documents and settings\TEST\Application Data\AOL
    2009-05-06 14:39 . 2008-11-26 21:24 -------- d-----w- c:\documents and settings\TEST\Application Data\PreCast
    2009-05-06 14:38 . 2009-05-06 14:38 -------- d-----w- c:\documents and settings\TEST\Application Data\iolo
    2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2009-05-12 19:01 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-22 00:51 . 2008-06-17 09:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-04-17 12:26 . 2008-08-19 10:21 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-04 13:41 . 2009-04-04 13:25 38208 ----a-w- c:\documents and settings\Dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2008-09-07 14:31 . 2008-09-07 14:31 0 ----a-w- c:\program files\temp01
    2008-07-07 19:56 . 2008-07-07 19:56 774144 ----a-w- c:\program files\RngInterstitial.dll
    2008-06-27 18:59 . 2008-09-17 19:33 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff30_meter1.dll
    .

    ------- Sigcheck -------

    [7] 2004-08-04 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
    [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
    [7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

    [-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    [-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    [-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
    [7] 2004-08-04 10:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
    [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
    [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
    [7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

    [7] 2004-08-04 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
    [7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

    [-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
    [-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
    [7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
    [7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
    [7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
    [7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    [7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
    [7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
    [7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
    [7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
    [7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
    [7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
    [7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
    [7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
    [7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
    [7] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\$NtServicePackUninstall$\wininet.dll
    [-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB947864$\wininet.dll
    [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB950759$\wininet.dll
    [-] 2008-02-16 08:59 659456 0C690E77C0E924C45B4D7045B182FFF1 c:\windows\$NtUninstallKB950759_0$\wininet.dll
    [7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$NtUninstallKB953838$\wininet.dll
    [7] 2008-04-21 07:04 659456 1EFB8A3EA8454AEC1BB8A240A2845598 c:\windows\$NtUninstallKB953838_0$\wininet.dll
    [7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$NtUninstallKB958215$\wininet.dll
    [7] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\$NtUninstallKB958215_0$\wininet.dll
    [7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$NtUninstallKB963027$\wininet.dll
    [7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$NtUninstallKB969897$\wininet.dll
    [7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\ie7\wininet.dll
    [7] 2007-08-13 22:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
    [7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
    [7] 2007-08-13 22:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB969897-IE7\wininet.dll
    [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2GDR\wininet.dll
    [-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\SoftwareDistribution\Download\1aada90d3aca2362b0231ac90aa9a9fd\SP2QFE\wininet.dll
    [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\SoftwareDistribution\Download\803badc49670f68514bc104c4297fe82\SP3GDR\wininet.dll
    [7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\SoftwareDistribution\Download\803badc49670f68514bc104c4297fe82\SP3QFE\wininet.dll
    [7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2GDR\wininet.dll
    [7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\SoftwareDistribution\Download\b3bf74f55136e7636e609c29522f7318\SP2QFE\wininet.dll
    [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\wininet.dll
    [7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\system32\dllcache\wininet.dll

    [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2004-08-04 10:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys
    [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
    [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

    [7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
    [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
    [7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

    [7] 2004-08-04 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
    [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
    [7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

    [7] 2004-08-04 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    [7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

    [-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    [7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
    [7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
    [7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    [7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
    [-] 2005-03-30 01:01 2056832 9A06915A29434202E8D39456822B3A12 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
    [7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
    [7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
    [-] 2007-02-28 05:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
    [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
    [7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
    [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
    [7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

    [-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    [7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
    [7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
    [7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    [7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
    [-] 2005-03-30 01:23 2179584 255449E7F00E23D9B10AE8CDD5F73E56 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
    [7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
    [7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
    [-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
    [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
    [7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
    [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
    [7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

    [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
    [-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
    [7] 2004-08-04 10:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
    [7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

    [7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [7] 2004-08-04 10:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
    [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
    [7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
    [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
    [7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

    [7] 2004-08-04 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
    [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
    [7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

    [7] 2004-08-04 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
    [7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

    [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
    [7] 2004-08-04 10:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
    [7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

    [7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
    [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
    [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

    [7] 2004-08-04 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
    [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
    [7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

    [7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
    [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
    [7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

    [-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [7] 2009-03-21 23:29 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
    [7] 2004-08-04 10:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB935839$\kernel32.dll
    [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
    [7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
    [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
    [7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

    [7] 2004-08-04 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
    [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
    [7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

    [7] 2004-08-04 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
    [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
    [7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

    [7] 2004-08-04 10:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
    [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
    [7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll


    [7] 2004-08-04 10:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
    [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
    [7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
    2009-05-12 18:01 2094104 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-06-17 160592]
    "AOL Fast Start "= "c:\program files\AOL 9.1a\AOL.EXE" [2007-10-27 50528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
    "SystemGuardAlerter "= "c:\program files\iolo\System Shield 3\SystemGuardAlerter.exe" [2007-11-08 473952]
    "iolo AntiVirus "= "c:\program files\iolo\System Shield 3\AntiVirus\ioloAV.exe" [2008-03-05 1095520]
    "HostManager "= "c:\program files\Common Files\AOL\1211762669\ee\AOLSoftware.exe" [2008-06-24 41824]
    "iolo Personal Firewall "= "c:\program files\iolo\System Shield 3\Personal Firewall\ioloFW.exe" [2008-03-05 1305440]

    c:\documents and settings\Dell\Start Menu\Programs\Startup\
    AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2007-5-25 42032]
    MostFun.lnk - c:\program files\MostFun\Bin\MostFun.exe [2007-8-28 147456]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe [2003-6-8 16432]
    PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-05-28 20:48 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dee^Start Menu^Programs^Startup^AOL Desktop.lnk]
    path=c:\documents and settings\Dee\Start Menu\Programs\Startup\AOL Desktop.lnk
    backup=c:\windows\pss\AOL Desktop.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1211762669\\ee\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1211762669\\ee\\AOLDesktop.exe "=
    "c:\\Program Files\\FlashGet\\flashget.exe "=
    "c:\\Program Files\\MostFun\\Bin\\MostFun.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\iolo\\System Shield 3\\Personal Firewall\\ioloFW.exe "=
    "c:\\Program Files\\iolo\\System Shield 3\\AntiVirus\\ioloAV.exe "=
    "c:\\Program Files\\iolo\\System Shield 3\\AntiVirus\\iAVEmailScanner.exe "=
    "c:\\program files\\permissionresearch\\prmrsr.exe "=

    R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [3/30/2009 6:29 PM 39424]
    R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [9/17/2008 10:42 AM 14336]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
    R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/30/2009 6:37 PM 628584]
    R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/30/2009 6:37 PM 628584]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/30/2009 6:37 PM 628584]
    R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [9/17/2008 10:42 AM 8832]
    S2 gupdate1c9e6fc72c9d62;Google Update Service (gupdate1c9e6fc72c9d62);c:\program files\Google\Update\GoogleUpdate.exe [6/6/2009 7:10 PM 133104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - aujasnkj
    *Deregistered* - mchInjDrv
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-06 23:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YYUS&fl=0&ptb=l4HxehpLgiRGwAO_03CWBA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Search
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    LSP: c:\windows\system32\iavlsp.dll
    LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
    Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    FF - ProfilePath -

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149 ", "AllAccess ");
    c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE ", "AllAccess ");
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-23 02:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1044)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\program files\iolo\Common\Lib\sguard.dll
    c:\windows\System32\BCMLogon.dll

    - - - - - - - > 'lsass.exe'(1160)
    c:\windows\system32\iavlsp.dll
    c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
    c:\program files\iolo\Common\Lib\sguard.dll

    - - - - - - - > 'explorer.exe'(2992)
    c:\program files\iolo\Common\Lib\sguard.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll

    - - - - - - - > 'csrss.exe'(1012)
    c:\program files\iolo\Common\Lib\sguard.dll
    .
    Completion time: 2009-06-23 2:23
    ComboFix-quarantined-files.txt 2009-06-23 06:23

    Pre-Run: 210,656,022,528 bytes free
    Post-Run: 210,674,884,608 bytes free

    442 --- E O F --- 2009-06-15 07:06
     
  11. 2009/06/23
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:29:12 AM, on 6/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Ocucom\PreCast\tmon.exe
    C:\Program Files\MostFun\Bin\MostFun.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\iAVEmailScanner.exe
    C:\Program Files\AOL 9.1a\waol.exe
    C:\Program Files\AOL 9.1a\shellmon.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe "
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe "
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe "
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
    O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
    O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
    O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1221952782890
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9e6fc72c9d62) (gupdate1c9e6fc72c9d62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10354 bytes
     
  12. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:

    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u "
    Restart computer.

    =================================================================

    Please download [color= "#FF8C00"]JavaRa[/color] to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ===============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    none

    4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1211762669\ee\AOLSoftware.exe "
    - O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
    - O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\runner.exe
    - O4 - Global Startup: PreCast Monitor.lnk = C:\Program Files\Ocucom\PreCast\tmon.exe


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
  13. 2009/06/23
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Here it is and I hope it's clean.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:11:49 PM, on 6/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe
    C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\AOLDesktop.exe
    C:\Program Files\Common Files\AOL\1211762669\ee\aolsoftware.exe
    C:\Program Files\iolo\System Shield 3\AntiVirus\iAVEmailScanner.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Shield 3\SystemGuardAlerter.exe "
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Shield 3\AntiVirus\ioloAV.exe "
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Shield 3\Personal Firewall\ioloFW.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/stg_drm.ocx
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1221952782890
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Lost%20Tomb/Images/armhelper.ocx
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9e6fc72c9d62) (gupdate1c9e6fc72c9d62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Shield 3\IoloSGCtrl.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10094 bytes
     
  14. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How many more (computers)? :D .....just kidding....


    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Let me know, how is your computer doing.
     
  15. 2009/06/23
    deester

    deester Inactive Alumni Thread Starter

    Joined:
    2008/07/08
    Messages:
    633
    Likes Received:
    0
    Mission accomplished. I think I am being so careful, will spray with Lysol in addition to the mask and won't let them sleep in the same room.
    Thanks for help again,

    Deel
     
  16. 2009/06/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome, and funny too :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.