Solved My (friends) machine is suspect.

Shorerider · 2010/09/10

Broni,

I ran the repair CD and followed your instructions. However I got a message after clicking Repair your computer which said:

"Windows found problems with your computer's startup options.
Do you want to apply repairs and restart your computer?

"Repair and Restart" "No "

I clicked No.

In "view details" it says:

"The following startup option will be repaired:
Name: Microsoft Windows Vista
Identifier: {A9D4D022-D441-11DC-8A35-E9A1536067D6}
Windows Device: Partition=Not found "

Also, After clicking "No" I got this, but the partition size was 0MB.

Other than that, it all went according to your instructions BUT the Laptop is the same unfortunately.

-Shorerider.

broni · 2010/09/10

OK, I want you to re-run the process, but this time select "Startup repair ".

Shorerider · 2010/09/10

Broni,

Vista has all booted up fine now

-Shorerider.

broni · 2010/09/10

Excellent!

Please, give me fresh MBRCheck log.

Shorerider · 2010/09/10

New MBRChecklog:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5536
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 168):
0x82A36000 \SystemRoot\system32\ntkrnlpa.exe
0x82A03000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\PSHED.dll
0x80419000 \SystemRoot\system32\BOOTVID.dll
0x80421000 \SystemRoot\system32\CLFS.SYS
0x80462000 \SystemRoot\system32\CI.dll
0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\System32\drivers\partmgr.sys
0x8068D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80690000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\System32\drivers\mountmgr.sys
0x80703000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8070B000 \SystemRoot\system32\drivers\atapi.sys
0x80713000 \SystemRoot\system32\drivers\ataport.SYS
0x80731000 \SystemRoot\system32\drivers\msahci.sys
0x8073B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80749000 \SystemRoot\system32\drivers\fltmgr.sys
0x8077B000 \SystemRoot\system32\drivers\fileinfo.sys
0x8078B000 \SystemRoot\system32\drivers\N360\0308000.029\SYMEFA.SYS
0x8A407000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A478000 \SystemRoot\system32\drivers\ndis.sys
0x8A583000 \SystemRoot\system32\drivers\msrpc.sys
0x8A5AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A60A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A71A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A753000 \SystemRoot\System32\Drivers\spldr.sys
0x8A75B000 \SystemRoot\System32\Drivers\mup.sys
0x8A76A000 \SystemRoot\System32\drivers\ecache.sys
0x8A791000 \SystemRoot\system32\drivers\disk.sys
0x8A7A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C3000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8A7CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A805000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x8A848000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A8E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A8EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A8F7000 \SystemRoot\system32\DRIVERS\processr.sys
0x8A906000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E80C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EC8E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ED2F000 \SystemRoot\System32\drivers\watchdog.sys
0x8ED3B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A90F000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x8F009000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F0F9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F111000 \SystemRoot\system32\Drivers\NTIDrvr.sys
0x8F119000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F11F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F129000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F167000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8F170000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F172000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F181000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F185000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F198000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F1A2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F1AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F1B8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F1E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDC8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F1F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A949000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A96C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A980000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EDEE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F1FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A995000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A9BF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A9CC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A7D4000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8F204000 \SystemRoot\system32\drivers\portcls.sys
0x8F231000 \SystemRoot\system32\drivers\drmk.sys
0x8F408000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F642000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F67F000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F256000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F781000 \SystemRoot\system32\drivers\modem.sys
0x8F78E000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x8F797000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F7A0000 \SystemRoot\System32\Drivers\Null.SYS
0x8F7A7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F7AE000 \SystemRoot\System32\drivers\vga.sys
0x8F7BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F7DB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F7E3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F7EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F30B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F7F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FA0C000 \SystemRoot\System32\drivers\tcpip.sys
0x8FAF6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8FB11000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FB27000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0x8FB5B000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8FB80000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDISV.SYS
0x8FB8E000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0x8FBA3000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FBB7000 \SystemRoot\system32\drivers\afd.sys
0x8F319000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F330000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F362000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F372000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F388000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F390000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8F399000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F3A7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F3BA000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0x8F3C4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F3E6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90004000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90040000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9004A000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x9005C000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x90065000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100906.001\IDSvix86.sys
0x900BD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9011B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9013C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x90159000 \SystemRoot\System32\Drivers\dfsc.sys
0x90170000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0x90602000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0x90644000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9066C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90679000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x90683000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x98E10000 \SystemRoot\System32\win32k.sys
0x906C6000 \SystemRoot\System32\drivers\Dxapi.sys
0x906D0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99030000 \SystemRoot\System32\TSDDD.dll
0x99050000 \SystemRoot\System32\cdd.dll
0x906DF000 \SystemRoot\system32\drivers\luafv.sys
0x906FA000 \SystemRoot\system32\drivers\spsys.sys
0x907AA000 \SystemRoot\system32\DRIVERS\irda.sys
0x907C8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8A889000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x907D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x907E2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B00F000 \SystemRoot\system32\drivers\HTTP.sys
0x9B07C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B099000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B0B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B0C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B0E8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B107000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B140000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B158000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B17F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B1E5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C60B000 \SystemRoot\system32\drivers\peauth.sys
0x9C6E9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C6F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C6FF000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0x9C707000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0x9F207000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.024\NAVEX15.SYS
0x9F353000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100906.024\NAVENG.SYS
0x9F367000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B70000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
580 csrss.exe
644 C:\Windows\System32\wininit.exe
652 csrss.exe
692 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\Ati2evxx.exe
1140 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1824 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\Ati2evxx.exe
2012 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
268 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
844 C:\Windows\System32\svchost.exe
636 C:\PROGRA~1\IWONGIE\bar\1.bin\vrbarsvc.exe
1092 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
1608 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
1996 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2096 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2172 C:\Windows\System32\svchost.exe
2188 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2284 C:\Windows\System32\svchost.exe
2372 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2440 C:\Windows\System32\SearchIndexer.exe
2480 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2848 dllhost.exe
2936 WmiPrvSE.exe
3296 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3320 C:\Windows\System32\taskeng.exe
3396 C:\Windows\System32\taskeng.exe
3560 C:\Windows\System32\dwm.exe
3604 C:\Windows\explorer.exe
2308 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2528 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2752 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2860 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
772 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2952 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1512 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1588 C:\Windows\System32\wbem\unsecapp.exe
852 C:\Program Files\Windows Media Player\wmpnscfg.exe
2000 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3552 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1980 WmiPrvSE.exe
2548 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
2336 C:\Users\Tess\AppData\Local\Temp\RtkBtMnt.exe
1528 C:\Program Files\Internet Explorer\iexplore.exe
4844 C:\Windows\System32\SearchProtocolHost.exe
4868 C:\Windows\System32\SearchFilterHost.exe
5492 C:\Program Files\Internet Explorer\iexplore.exe
5544 C:\Windows\System32\SearchProtocolHost.exe
5572 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5892 C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
4216 C:\Program Files\Internet Explorer\ielowutil.exe
1480 C:\Program Files\Windows Live\Contacts\wlcomm.exe
2540 C:\Virus protection programs\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 11.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

-Shorerider

broni · 2010/09/10

Perfect!

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Shorerider · 2010/09/11

Combofix log:

ComboFix 10-09-09.04 - Tess 11/09/2010 14:50:39.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.2941.2049 [GMT 10:00]
Running from: c:\virus protection programs\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tess\AppData\Roaming\.#
c:\users\Tess\AppData\Roaming\.#\MBX@1160@1892990.###
c:\users\Tess\AppData\Roaming\.#\MBX@1160@18929C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@1160@18929F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@117C@B02990.###
c:\users\Tess\AppData\Roaming\.#\MBX@117C@B029C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@117C@B029F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@1224@1D72990.###
c:\users\Tess\AppData\Roaming\.#\MBX@1224@1D729C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@1224@1D729F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@177C@1DB2990.###
c:\users\Tess\AppData\Roaming\.#\MBX@177C@1DB29C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@177C@1DB29F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@3BC@1CF2990.###
c:\users\Tess\AppData\Roaming\.#\MBX@3BC@1CF29C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@3BC@1CF29F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@490@1C02990.###
c:\users\Tess\AppData\Roaming\.#\MBX@490@1C029C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@490@1C029F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@67C@172990.###
c:\users\Tess\AppData\Roaming\.#\MBX@67C@1729C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@67C@1729F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@818@262990.###
c:\users\Tess\AppData\Roaming\.#\MBX@818@2629C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@818@2629F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@8E4@392990.###
c:\users\Tess\AppData\Roaming\.#\MBX@8E4@3929C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@8E4@3929F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@A94@742990.###
c:\users\Tess\AppData\Roaming\.#\MBX@A94@7429C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@A94@7429F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@C50@232990.###
c:\users\Tess\AppData\Roaming\.#\MBX@C50@2329C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@C50@2329F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@DA8@1D92990.###
c:\users\Tess\AppData\Roaming\.#\MBX@DA8@1D929C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@DA8@1D929F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@E60@3D2990.###
c:\users\Tess\AppData\Roaming\.#\MBX@E60@3D29C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@E60@3D29F0.###
c:\users\Tess\AppData\Roaming\.#\MBX@EE4@162990.###
c:\users\Tess\AppData\Roaming\.#\MBX@EE4@1629C0.###
c:\users\Tess\AppData\Roaming\.#\MBX@EE4@1629F0.###
c:\users\Tess\AppData\Roaming\alot
c:\users\Tess\FAVORI~1\image.jpeg
c:\users\Tess\Favorites\image.jpeg
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.4.inf
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 04:58 . 2010-09-11 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\users\Tess\AppData\Roaming\Malwarebytes
2010-09-03 23:50 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\programdata\Malwarebytes
2010-09-03 23:50 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 23:20 . 2006-09-18 21:43 10 ----a-w- c:\users\Tess\AppData\Roaming\WinPatrol\Config.sys
2010-09-03 23:20 . 2006-09-18 21:43 24 ----a-w- c:\users\Tess\AppData\Roaming\WinPatrol\Autoexec.bat
2010-09-03 23:20 . 2010-09-03 23:20 -------- d-----w- c:\users\Tess\AppData\Roaming\WinPatrol
2010-09-03 23:20 . 2010-09-03 23:20 -------- d-----w- c:\program files\BillP Studios
2010-09-03 22:19 . 2010-09-03 22:19 63488 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 22:19 . 2010-09-03 22:19 52224 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 22:19 . 2010-09-03 22:19 117760 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-03 22:13 . 2010-09-11 04:44 -------- d-----w- C:\Virus protection programs
2010-09-02 21:39 . 2010-09-02 21:40 2592904 ----a-w- c:\users\Tess\Hotmail.zip
2010-08-25 22:21 . 2010-08-25 22:21 -------- d-----w- c:\program files\IWONGIE
2010-08-25 22:21 . 2010-08-25 22:21 -------- d-----w- c:\program files\IWONGEI
2010-08-12 21:41 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 21:41 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 21:41 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 21:41 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 21:41 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 21:41 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 21:41 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 04:08 . 2009-03-05 07:24 -------- d-----w- c:\program files\Microsoft Works
2010-09-03 07:39 . 2009-11-09 07:30 7052 ----a-w- c:\users\Tess\AppData\Local\d3d9caps.dat
2010-09-03 07:35 . 2010-07-09 01:53 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-24 01:07 . 2009-11-03 02:45 -------- d-----w- c:\users\Tess\AppData\Roaming\eSobi
2010-08-24 01:06 . 2010-07-17 08:15 -------- d-----w- c:\users\Tess\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-15 07:40 . 2010-08-08 21:41 27386648 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_au.exe
2010-08-13 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-04 21:20 . 2010-08-04 21:20 5125664 ----a-w- c:\users\Tess\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe
2010-07-19 23:02 . 2010-07-15 03:28 -------- d-----w- c:\program files\PCFix
2010-07-19 22:49 . 2010-07-15 03:31 -------- d-----w- c:\users\Tess\AppData\Roaming\PCFix
2010-07-17 08:18 . 2010-07-17 08:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-17 08:17 . 2010-07-07 08:14 38784 ----a-w- c:\users\Tess\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-16 23:07 . 2010-07-16 23:07 -------- d-----w- c:\programdata\RegSERVO
2010-07-15 09:44 . 2009-03-05 07:42 -------- d-----w- c:\program files\Windows Live
2010-07-15 03:37 . 2009-03-05 07:12 -------- d-----w- c:\program files\Acer GameZone
2010-07-14 22:37 . 2010-07-14 22:37 5124992 ----a-w- c:\users\Tess\registrybooster.exe
2010-07-13 07:10 . 2010-07-13 07:10 -------- d-----w- c:\users\Tess\AppData\Roaming\Apple Computer
2010-07-13 05:06 . 2010-01-07 10:04 -------- d-----w- c:\program files\iWin.com
2010-07-13 00:04 . 2010-07-13 00:04 1833296 ----a-w- c:\users\Tess\iWin.exe
2010-07-12 04:48 . 2010-07-12 04:48 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC902.tmp.exe
2010-07-11 23:03 . 2009-11-02 22:44 69912 ----a-w- c:\users\Tess\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-12 21:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 21:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 21:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 21:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 21:42 2037760 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
"{2ad11eb6-a327-4dfe-88bf-c6071e09f05b} "= "c:\program files\IWONGIE\bar\1.bin\vrSrcAs.dll" [2010-08-25 49152]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{2ad11eb6-a327-4dfe-88bf-c6071e09f05b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6995d07-cd9b-4cc0-a22a-9e14684d6d64}]
2010-08-25 22:21 643072 ----a-w- c:\progra~1\IWONGIE\bar\1.bin\vrbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 06:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{43a3055a-6ff3-4aa5-90e6-18a10297cb53} "= "c:\program files\IWONGIE\bar\1.bin\vrbar.dll" [2010-08-25 643072]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{43a3055a-6ff3-4aa5-90e6-18a10297cb53}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
"{43A3055A-6FF3-4AA5-90E6-18A10297CB53} "= "c:\program files\IWONGIE\bar\1.bin\vrbar.dll" [2010-08-25 643072]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{43a3055a-6ff3-4aa5-90e6-18a10297cb53}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update "= "c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-02 135664]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 68856]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-04 698912]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-21 202024]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-30 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-05-28 344112]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-05 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-05 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-05 59952]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-04 723488]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 IWONGIEService;IWON Service;c:\progra~1\IWONGIE\bar\1.bin\vrbarsvc.exe [2010-08-25 28766]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-15 305448]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-12 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:44]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:44]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000Core.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 20:58]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000UA.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 20:58]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{B5DA8A41-A071-403C-8B34-0F22F1E79121}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://au.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://au.search.yahoo.com
mStart Page = hxxp://home.sweetim.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 14:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-09-11 15:02:30
ComboFix-quarantined-files.txt 2010-09-11 05:02

Pre-Run: 230,997,544,960 bytes free
Post-Run: 230,928,412,672 bytes free

- - End Of File - - 5B48830C565780AE7C9ECC45DEF1CAB2

- Shorerider

broni · 2010/09/11

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\users\Tess\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe
c:\users\Tess\registrybooster.exe


Folder::
c:\program files\IWONGIE

Driver::
IWONGIEService


Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
 "{2ad11eb6-a327-4dfe-88bf-c6071e09f05b} "=-
[-HKEY_CLASSES_ROOT\clsid\{2ad11eb6-a327-4dfe-88bf-c6071e09f05b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6995d07-cd9b-4cc0-a22a-9e14684d6d64}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{43a3055a-6ff3-4aa5-90e6-18a10297cb53} "=-
[-HKEY_CLASSES_ROOT\clsid\{43a3055a-6ff3-4aa5-90e6-18a10297cb53}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
 "{43A3055A-6FF3-4AA5-90E6-18A10297CB53} "=-
[-HKEY_CLASSES_ROOT\clsid\{43a3055a-6ff3-4aa5-90e6-18a10297cb53}]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Shorerider · 2010/09/11

Combofix log #2:

ComboFix 10-09-09.04 - Tess 11/09/2010 15:48:28.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.61.1033.18.2941.1906 [GMT 10:00]
Running from: c:\virus protection programs\ComboFix.exe
Command switches used :: c:\virus protection programs\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Tess\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe "
"c:\users\Tess\registrybooster.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IWONGIE
c:\program files\IWONGIE\bar\1.bin\LOGO.BMP
c:\program files\IWONGIE\bar\1.bin\vrbar.dll
c:\program files\IWONGIE\bar\1.bin\vrbarsvc.exe
c:\program files\IWONGIE\bar\1.bin\vrbrmon.exe
c:\program files\IWONGIE\bar\1.bin\vrbrstub.dll
c:\program files\IWONGIE\bar\1.bin\vrdatact.dll
c:\program files\IWONGIE\bar\1.bin\vrdyn.dll
c:\program files\IWONGIE\bar\1.bin\vrhighin.exe
c:\program files\IWONGIE\bar\1.bin\vrhtml.dll
c:\program files\IWONGIE\bar\1.bin\vrhtmlmu.dll
c:\program files\IWONGIE\bar\1.bin\vrhttpct.dll
c:\program files\IWONGIE\bar\1.bin\vrimpipe.exe
c:\program files\IWONGIE\bar\1.bin\vrmedint.exe
c:\program files\IWONGIE\bar\1.bin\vrmsg.dll
c:\program files\IWONGIE\bar\1.bin\vrregiet.dll
c:\program files\IWONGIE\bar\1.bin\vrSrcAs.dll
c:\program files\IWONGIE\bar\Settings\s_pid.dat
c:\users\Tess\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe
c:\users\Tess\registrybooster.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IWONGIEService

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 05:57 . 2010-09-11 05:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-09-11 05:57 . 2010-09-11 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\users\Tess\AppData\Roaming\Malwarebytes
2010-09-03 23:50 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-03 23:50 . 2010-09-03 23:50 -------- d-----w- c:\programdata\Malwarebytes
2010-09-03 23:50 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-03 23:20 . 2006-09-18 21:43 10 ----a-w- c:\users\Tess\AppData\Roaming\WinPatrol\Config.sys
2010-09-03 23:20 . 2006-09-18 21:43 24 ----a-w- c:\users\Tess\AppData\Roaming\WinPatrol\Autoexec.bat
2010-09-03 23:20 . 2010-09-03 23:20 -------- d-----w- c:\users\Tess\AppData\Roaming\WinPatrol
2010-09-03 23:20 . 2010-09-03 23:20 -------- d-----w- c:\program files\BillP Studios
2010-09-03 22:19 . 2010-09-03 22:19 63488 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 22:19 . 2010-09-03 22:19 52224 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 22:19 . 2010-09-03 22:19 117760 ----a-w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\users\Tess\AppData\Roaming\SUPERAntiSpyware.com
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-03 22:18 . 2010-09-03 22:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-03 22:13 . 2010-09-11 05:48 -------- d-----w- C:\Virus protection programs
2010-09-02 21:39 . 2010-09-02 21:40 2592904 ----a-w- c:\users\Tess\Hotmail.zip
2010-08-25 22:21 . 2010-08-25 22:21 -------- d-----w- c:\program files\IWONGEI
2010-08-12 21:41 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 21:41 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 21:41 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 21:41 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 21:41 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 21:41 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 21:41 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 04:08 . 2009-03-05 07:24 -------- d-----w- c:\program files\Microsoft Works
2010-09-03 07:39 . 2009-11-09 07:30 7052 ----a-w- c:\users\Tess\AppData\Local\d3d9caps.dat
2010-09-03 07:35 . 2010-07-09 01:53 -------- d-----w- c:\programdata\McAfee Security Scan
2010-08-24 01:07 . 2009-11-03 02:45 -------- d-----w- c:\users\Tess\AppData\Roaming\eSobi
2010-08-24 01:06 . 2010-07-17 08:15 -------- d-----w- c:\users\Tess\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-08-15 07:40 . 2010-08-08 21:41 27386648 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_au.exe
2010-08-13 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-19 23:02 . 2010-07-15 03:28 -------- d-----w- c:\program files\PCFix
2010-07-19 22:49 . 2010-07-15 03:31 -------- d-----w- c:\users\Tess\AppData\Roaming\PCFix
2010-07-17 08:18 . 2010-07-17 08:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-17 08:17 . 2010-07-07 08:14 38784 ----a-w- c:\users\Tess\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-16 23:07 . 2010-07-16 23:07 -------- d-----w- c:\programdata\RegSERVO
2010-07-15 09:44 . 2009-03-05 07:42 -------- d-----w- c:\program files\Windows Live
2010-07-15 03:37 . 2009-03-05 07:12 -------- d-----w- c:\program files\Acer GameZone
2010-07-13 07:10 . 2010-07-13 07:10 -------- d-----w- c:\users\Tess\AppData\Roaming\Apple Computer
2010-07-13 00:04 . 2010-07-13 00:04 1833296 ----a-w- c:\users\Tess\iWin.exe
2010-07-12 04:48 . 2010-07-12 04:48 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC902.tmp.exe
2010-07-11 23:03 . 2009-11-02 22:44 69912 ----a-w- c:\users\Tess\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-12 21:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 21:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 21:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 21:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 21:42 2037760 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 06:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update "= "c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-02 135664]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 68856]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-04 698912]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-21 202024]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@= "FSFilter Activity Monitor "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-30 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100909.001\IDSvix86.sys [2010-05-28 344112]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-05 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-05 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-05 59952]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-04 723488]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-15 305448]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-12 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-08-22 48688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:44]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:44]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000Core.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 20:58]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000UA.job
- c:\users\Tess\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-02 20:58]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{B5DA8A41-A071-403C-8B34-0F22F1E79121}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.sweetim.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 16:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath "= "\ "c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \ "N360\" /m \ "c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3936)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Norton 360\Engine\3.8.0.41\ccGEvt.dll
c:\windows\system32\ntshrui.dll
c:\windows\System32\webcheck.dll
c:\windows\system32\wscntfy.dll
c:\windows\System32\QAgent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2010-09-11 16:11:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 06:11
ComboFix2.txt 2010-09-11 05:02

Pre-Run: 230,798,667,776 bytes free
Post-Run: 230,606,802,944 bytes free

- - End Of File - - DB623501EE9E308178E630FD7478814B

-Shorerider.

broni · 2010/09/11

Looks good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Shorerider · 2010/09/11

Broni,

The computer is fine. Although after clicking the Left mouse button on something once, it remains clicked/held until the button is clicked again. This gets quite annoying.

Also, cursor is quite big for some reason. The owner of the Laptop hasn't changed it. Although, I can't say for certain if any settings may have been accidentally changed.

Both these issues were present from the start.

OTL Extras logfile created on: 12/09/2010 10:45:12 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Virus protection programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 214.86 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TESS-PC
Current User Name: Tess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Tess\AppData\Local\Google\Chrome\Application\chrome.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A787738-DACC-4550-B7F8-4EAC80DAAFE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B940141-F0A2-4F96-9C32-8A429FFE5FBE}" = rport=138 | protocol=17 | dir=out | app=system |
"{5434305B-3E61-4EBE-B91E-DB17AA7C648E}" = rport=445 | protocol=6 | dir=out | app=system |
"{66EE8685-4E8F-4266-AAA2-FA751DB1DB98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86C447EC-507E-4888-BDC8-31DA0EC852F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{9065F620-FDF6-414E-BD71-4223F70090A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C1C33684-09CE-4A59-8CA7-B76F810B4256}" = lport=137 | protocol=17 | dir=in | app=system |
"{D687D69E-4DE9-4C10-871E-98D1C37987AB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E47BDCD6-1864-4879-8553-079FA22F3FE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EAF658C1-909D-4DB0-A8A2-821E446E27A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{EEC0EAF6-3C5E-4C6C-B55B-3F954558B83C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F4AEA64B-5C15-49AE-A579-C9A6740B166B}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DDD531-5685-4861-850C-574B78072836}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{129D95CC-6AC2-431E-9C2E-24154261C10A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{255AF8E0-622B-4234-9296-5E7E58A0088F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{28973CCF-70FC-461C-8D6A-7AA4EEBCAD80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{28E587C2-64EC-4CEF-9731-597F13EAE8AE}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2B5578D5-1107-4F08-992A-F1325FB564A9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{46985DB9-006B-4D68-B232-F87BAB2AC45D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{49EFB0A6-F7F3-4E1C-BB91-6850E40F95C7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5856FE6A-2B25-4AE5-BE41-2DF90426A2ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8C04D73D-50F2-45AF-B551-86EE4ABBE970}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{935CDA80-9DC7-4C86-9958-1CF339A314FF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A180140C-3B93-42DB-B703-7CDF47DCB68F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B7DE40CE-0A79-4E80-B507-180E04358565}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C461978B-57E3-4B65-A31E-9C7E8BC74714}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{CA0BD18A-503C-40A2-82BF-F75FD1CC4C9F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EA97AE9A-B29F-47AE-8933-C95243588F1F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"TCP Query User{903337AC-2795-4532-83B9-4F3DAFB95258}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B9511F31-855E-4E90-8D3A-D431487B5011}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E299D2F-A7BA-457A-BECF-35AC55E4BD74}" = SweetIM Toolbar for Internet Explorer 3.6
"{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
"{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
"{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
"{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
"{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
"{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
"{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
"{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
"{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
"{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
"{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
"{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
"{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F81415D2-CEC9-4F96-9ABA-B2CC5382A930}" = SweetIM for Messenger 3.0
"{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"alotToolbar" = ALOT Toolbar
"Bejeweled 2" = Bejeweled 2
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled Blitz" = Bejeweled Blitz
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Error Expert_is1" = Error Expert 1.5
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IWONGIEbar Uninstall" = IWON
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"PC Fix 2010_is1" = PCFix
"WebSTAR DPC2100 Uninstall" = Scientific-Atlanta WebSTAR 2000 series Cable Modem
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"Yahoo! Companion" = Yahoo!7 Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/09/2010 1:49:31 AM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/09/2010 2:34:25 AM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/09/2010 4:52:40 PM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/09/2010 5:02:27 PM | Computer Name = Tess-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/09/2010 5:02:27 PM | Computer Name = Tess-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/09/2010 5:02:27 PM | Computer Name = Tess-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/09/2010 7:35:50 PM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/09/2010 7:52:31 PM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/09/2010 7:58:26 PM | Computer Name = Tess-PC | Source = System Restore | ID = 8209
Description =

Error - 2/09/2010 1:17:24 AM | Computer Name = Tess-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/09/2010 1:30:14 AM | Computer Name = Tess-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:12:39 PM on 11/09/2010 was unexpected.

Error - 11/09/2010 1:31:07 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/09/2010 1:32:59 AM | Computer Name = Tess-PC | Source = DCOM | ID = 10010
Description =

Error - 11/09/2010 1:47:02 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/09/2010 1:57:30 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/09/2010 1:57:39 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/09/2010 2:00:20 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/09/2010 3:15:59 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/09/2010 10:59:41 AM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/09/2010 8:34:09 PM | Computer Name = Tess-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Shorerider · 2010/09/11

OTL logfile created on: 12/09/2010 10:45:12 AM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Virus protection programs
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.32 Gb Total Space | 214.86 Gb Free Space | 74.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TESS-PC
Current User Name: Tess
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/12 10:42:51 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Virus protection programs\OTL.exe
PRC - [2010/09/12 00:52:07 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tess\AppData\Local\temp\RtkBtMnt.exe
PRC - [2010/07/30 18:11:42 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/07/13 11:29:37 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/05/31 21:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/01/15 22:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/22 18:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/15 16:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/04/12 12:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/04 12:54:42 | 000,698,912 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/04/04 12:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/04/04 12:54:40 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/03/11 10:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/03/08 21:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2009/01/21 17:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/19 06:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/24 08:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/09/12 10:42:51 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Virus protection programs\OTL.exe
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009/04/04 12:54:52 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\SysHook.dll
MOD - [2008/01/21 12:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/07/30 18:11:42 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 18:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/15 16:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/12 12:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/04/04 12:54:40 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/01/17 04:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/12/19 06:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/24 08:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/24 08:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbstor.sys -- (USBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/13 18:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100911.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 18:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100911.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 05:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100909.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/26 18:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 18:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/26 06:22:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 18:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 18:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 18:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 18:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 18:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 18:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 18:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 18:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 18:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/05 21:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/03/26 09:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/03/19 14:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/03/11 10:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/21 12:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/01/17 04:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/30 08:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/05 11:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/05 11:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/05 11:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/10/16 10:32:08 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/10/16 10:30:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/10/16 10:29:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/10/04 03:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/09/04 14:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/05/29 10:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/29 00:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/01/31 11:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 12:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 12:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/21 12:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 12:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 12:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 12:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 12:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 12:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/03 15:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/06/10 23:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sacm2A.sys -- (USBCM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://au.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://au.search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 01 9A 33 03 24 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 07:35:36 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/09/11 16:07:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/11 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Local\temp
[2010/09/11 16:07:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/09/11 15:45:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/11 14:49:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/11 14:49:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/11 14:49:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/11 14:48:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/11 14:44:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/04 09:50:18 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\Malwarebytes
[2010/09/04 09:50:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/04 09:50:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/04 09:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 09:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/04 09:20:10 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\WinPatrol
[2010/09/04 09:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/09/04 08:18:15 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/04 08:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/04 08:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/04 08:13:47 | 000,000,000 | ---D | C] -- C:\Virus protection programs
[2010/08/26 08:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\IWONGEI
[2010/07/27 17:11:38 | 000,000,000 | ---D | C] -- C:\Users\Tess\Documents\Eva!!![1]
[2010/07/17 18:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/17 18:15:59 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/17 09:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RegSERVO
[2010/07/15 13:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\PCFix
[2010/07/15 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix
[2010/07/13 17:10:04 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\Apple Computer
[2010/07/12 16:13:07 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\ErrorExpert
[2010/07/12 16:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Error Expert
[2010/07/12 15:18:43 | 000,000,000 | R-SD | C] -- C:\Users\Tess\Documents\My Stationery
[2010/07/12 10:11:23 | 000,000,000 | ---D | C] -- C:\Users\Tess\Documents\My Weblog Posts
[2010/07/12 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Roaming\Windows Live Writer
[2010/07/12 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Tess\AppData\Local\Windows Live Writer
[2010/07/09 11:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/07/09 11:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/07/05 11:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2009/12/12 19:45:43 | 000,015,429 | ---- | C] ( ) -- C:\Windows\System32\drivers\Sacm2A.sys
[2009/07/23 20:28:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

Shorerider · 2010/09/11

========== Files - Modified Within 90 Days ==========

[2010/09/12 10:45:41 | 002,097,152 | -HS- | M] () -- C:\Users\Tess\ntuser.dat
[2010/09/12 10:41:57 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5DA8A41-A071-403C-8B34-0F22F1E79121}.job
[2010/09/12 10:39:28 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 10:32:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/12 10:32:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 10:32:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 10:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/12 10:32:34 | 3083,227,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 01:07:18 | 000,524,288 | -HS- | M] () -- C:\Users\Tess\ntuser.dat{b9b6d7e5-4085-11df-9f72-001e6be28516}.TMContainer00000000000000000001.regtrans-ms
[2010/09/12 01:07:18 | 000,065,536 | -HS- | M] () -- C:\Users\Tess\ntuser.dat{b9b6d7e5-4085-11df-9f72-001e6be28516}.TM.blf
[2010/09/12 01:07:14 | 003,147,563 | -H-- | M] () -- C:\Users\Tess\AppData\Local\IconCache.db
[2010/09/12 00:52:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 00:51:51 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000UA.job
[2010/09/11 16:12:27 | 000,000,244 | ---- | M] () -- C:\Users\Tess\Desktop\[Active] My (friends) machine is suspect. - Page 2.url
[2010/09/11 16:07:19 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/11 16:07:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/06 17:20:44 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3625721293-835909472-1396800209-1000Core.job
[2010/09/05 15:09:46 | 000,000,205 | ---- | M] () -- C:\Users\Tess\Desktop\Facebook.url
[2010/09/04 09:50:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 08:18:09 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/03 17:39:21 | 000,007,052 | ---- | M] () -- C:\Users\Tess\AppData\Local\d3d9caps.dat
[2010/09/03 07:40:05 | 002,592,904 | ---- | M] () -- C:\Users\Tess\Hotmail.zip
[2010/09/02 17:54:03 | 000,002,041 | ---- | M] () -- C:\Users\Tess\Desktop\Google Chrome.lnk
[2010/09/02 17:54:03 | 000,002,003 | ---- | M] () -- C:\Users\Tess\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/02 10:30:32 | 000,023,552 | ---- | M] () -- C:\Users\Tess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/01 12:15:01 | 000,201,736 | ---- | M] () -- C:\Users\Tess\IMG_3756.JPG
[2010/08/31 14:25:04 | 002,480,851 | ---- | M] () -- C:\Users\Tess\IMG_2351.MOV
[2010/08/30 13:34:11 | 003,576,088 | ---- | M] () -- C:\Users\Tess\IMG_2349.MOV
[2010/08/14 08:34:09 | 000,293,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/21 17:11:16 | 000,000,953 | ---- | M] () -- C:\Users\Tess\Internet Explorer (2).lnk
[2010/07/21 16:17:33 | 000,000,968 | ---- | M] () -- C:\Users\Tess\Desktop\Yahoo!7 Messenger.lnk
[2010/07/21 16:15:22 | 000,001,172 | ---- | M] () -- C:\Users\Tess\Desktop\Acer Crystal Eye webcam - Shortcut.lnk
[2010/07/21 16:13:20 | 000,001,117 | ---- | M] () -- C:\Users\Tess\Desktop\Google Earth - Shortcut.lnk
[2010/07/19 14:44:25 | 000,000,258 | ---- | M] () -- C:\Users\Tess\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/17 14:05:36 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/07/17 09:16:06 | 000,000,947 | ---- | M] () -- C:\Users\Tess\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 13:28:06 | 000,000,742 | ---- | M] () -- C:\Users\Tess\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Fix 2010.lnk
[2010/07/13 17:28:46 | 000,027,829 | ---- | M] () -- C:\Users\Tess\page_zoom_buttons-1.1.4-fx.xpi
[2010/07/13 10:04:17 | 001,833,296 | ---- | M] () -- C:\Users\Tess\iWin.exe
[2010/07/13 06:23:54 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/12 09:03:39 | 000,069,912 | ---- | M] () -- C:\Users\Tess\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/11 15:44:33 | 000,001,673 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/28 04:42:40 | 000,707,330 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/28 04:42:40 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/28 04:42:40 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/11 14:49:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/11 14:49:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/11 14:49:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/11 14:49:15 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/11 14:49:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/11 14:28:26 | 000,000,244 | ---- | C] () -- C:\Users\Tess\Desktop\[Active] My (friends) machine is suspect. - Page 2.url
[2010/09/05 15:09:46 | 000,000,205 | ---- | C] () -- C:\Users\Tess\Desktop\Facebook.url
[2010/09/04 09:50:12 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/04 08:18:09 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/03 07:39:50 | 002,592,904 | ---- | C] () -- C:\Users\Tess\Hotmail.zip
[2010/09/01 12:14:59 | 000,201,736 | ---- | C] () -- C:\Users\Tess\IMG_3756.JPG
[2010/08/31 14:24:50 | 002,480,851 | ---- | C] () -- C:\Users\Tess\IMG_2351.MOV
[2010/08/30 13:34:11 | 003,576,088 | ---- | C] () -- C:\Users\Tess\IMG_2349.MOV
[2010/07/28 16:46:46 | 000,000,953 | ---- | C] () -- C:\Users\Tess\Internet Explorer (2).lnk
[2010/07/21 16:17:33 | 000,000,968 | ---- | C] () -- C:\Users\Tess\Desktop\Yahoo!7 Messenger.lnk
[2010/07/21 16:15:22 | 000,001,172 | ---- | C] () -- C:\Users\Tess\Desktop\Acer Crystal Eye webcam - Shortcut.lnk
[2010/07/21 16:13:20 | 000,001,117 | ---- | C] () -- C:\Users\Tess\Desktop\Google Earth - Shortcut.lnk
[2010/07/21 16:11:07 | 000,002,041 | ---- | C] () -- C:\Users\Tess\Desktop\Google Chrome.lnk
[2010/07/15 13:28:06 | 000,000,742 | ---- | C] () -- C:\Users\Tess\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Fix 2010.lnk
[2010/07/13 17:28:46 | 000,027,829 | ---- | C] () -- C:\Users\Tess\page_zoom_buttons-1.1.4-fx.xpi
[2010/07/13 10:04:13 | 001,833,296 | ---- | C] () -- C:\Users\Tess\iWin.exe
[2010/07/13 06:23:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/09 11:53:43 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/03/19 17:57:46 | 000,024,064 | ---- | C] () -- C:\Users\Tess\AppData\Roaming\UserTile.png
[2009/12/12 19:45:43 | 000,053,693 | ---- | C] () -- C:\Windows\UNDPX2A.sys
[2009/11/09 17:30:49 | 000,007,052 | ---- | C] () -- C:\Users\Tess\AppData\Local\d3d9caps.dat
[2009/11/09 11:10:38 | 000,023,552 | ---- | C] () -- C:\Users\Tess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 06:35:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 20:58:45 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/07/23 20:52:56 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2009/07/23 20:45:29 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/23 20:08:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/05 17:55:07 | 000,006,712 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009/02/21 10:26:15 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/21 10:26:15 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/21 10:26:14 | 000,000,058 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/02/21 10:26:14 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/03/05 17:19:08 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\Acer GameZone Console
[2010/08/24 11:06:55 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/12 16:13:07 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\ErrorExpert
[2010/08/24 11:07:18 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\eSobi
[2009/12/22 16:49:23 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\iWin
[2010/07/20 08:49:49 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\PCFix
[2009/12/02 15:13:48 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\PlayFirst
[2009/11/04 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\PowerCinema
[2009/11/04 17:13:02 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\SoftDMA
[2009/12/27 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\SpinTop
[2010/04/22 09:19:56 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\Uniblue
[2010/07/12 10:11:22 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\Windows Live Writer
[2010/09/04 09:20:13 | 000,000,000 | ---D | M] -- C:\Users\Tess\AppData\Roaming\WinPatrol
[2010/09/12 01:07:20 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/12 10:41:57 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5DA8A41-A071-403C-8B34-0F22F1E79121}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/06 09:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/11 16:11:10 | 000,017,652 | ---- | M] () -- C:\ComboFix.txt
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/12 10:32:34 | 3083,227,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 10:32:33 | 3398,881,280 | -HS- | M] () -- C:\pagefile.sys
[2009/07/09 07:38:42 | 000,003,200 | -HS- | M] () -- C:\Patch.rev
[2009/03/05 18:16:27 | 000,000,148 | RHS- | M] () -- C:\Preload.rev
[2009/07/23 20:45:10 | 000,002,851 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 22:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 22:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 22:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/03 14:24:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 13:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 12:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/17 09:16:06 | 000,000,286 | -HS- | M] () -- C:\Users\Tess\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/07/13 10:04:17 | 001,833,296 | ---- | M] () -- C:\Users\Tess\iWin.exe
[2009/12/11 19:58:13 | 000,916,370 | ---- | M] (IGG) -- C:\Users\Tess\wl_setup_5.0.0_20091124_downloader_2.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/12/03 16:30:11 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/12/03 16:29:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/12/03 16:29:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/12/03 16:29:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/12/03 16:29:41 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2009/12/03 16:29:41 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/11 15:38:35 | 000,082,079 | ---- | M] () -- C:\Users\Tess\Favorites\36387_1497544725082_1428041411_1280504_7993048_n.jpg
[2009/11/03 08:44:08 | 000,000,402 | -HS- | M] () -- C:\Users\Tess\Favorites\desktop.ini
[2010/09/11 15:38:35 | 003,752,642 | ---- | M] () -- C:\Users\Tess\Favorites\Eva eating ur biscuits!!.zip
[2010/09/11 15:38:35 | 001,132,961 | ---- | M] () -- C:\Users\Tess\Favorites\Eva!!!.zip
[2010/09/11 15:38:35 | 005,167,572 | ---- | M] () -- C:\Users\Tess\Favorites\Eva.zip
[2010/09/11 15:38:35 | 002,519,099 | ---- | M] () -- C:\Users\Tess\Favorites\Hotmail.zip
[2010/09/11 15:38:35 | 008,218,655 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_1086.MOV
[2010/09/11 15:38:35 | 005,437,828 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_1087.MOV
[2010/09/11 15:38:35 | 001,073,446 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_1104.3gp
[2010/09/11 15:38:36 | 005,493,028 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_1106.MOV
[2010/09/11 15:38:36 | 002,994,373 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2343.MOV
[2010/09/11 15:38:36 | 002,795,449 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2347.MOV
[2010/09/11 15:38:36 | 003,576,088 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2349.MOV
[2010/09/11 15:38:37 | 002,528,870 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2350.MOV
[2010/09/11 15:38:37 | 002,480,851 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2351.MOV
[2010/09/11 15:38:37 | 000,093,114 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_2562.jpg
[2010/09/11 15:38:37 | 004,347,236 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_3720.MOV
[2010/09/11 15:38:37 | 000,356,304 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_3751.3gp
[2010/09/11 15:38:37 | 000,485,556 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_3752.3gp
[2010/09/11 15:38:38 | 000,201,736 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_3756.JPG
[2010/09/11 15:38:38 | 000,090,686 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_3975.jpg
[2010/09/11 15:38:38 | 000,079,111 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_4141.jpg
[2010/09/11 15:38:38 | 000,092,948 | ---- | M] () -- C:\Users\Tess\Favorites\IMG_4762.jpg
[2010/09/11 15:38:38 | 004,988,757 | ---- | M] () -- C:\Users\Tess\Favorites\More Eva!!!.zip
[2010/09/11 15:38:38 | 001,165,550 | ---- | M] () -- C:\Users\Tess\Favorites\photo.JPG
[2010/09/11 15:38:38 | 006,307,077 | ---- | M] () -- C:\Users\Tess\Favorites\Pony tail!!!.zip

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/07/23 20:58:27 | 000,006,712 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
[2010/07/13 06:23:54 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/23 20:53:35 | 000,000,091 | ---- | M] () -- C:\ProgramData\PS.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:57DC3B52
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TempCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TempA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:211ED887
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:41099CE9
< End of report >

-Shorerider

broni · 2010/09/11

Although after clicking the Left mouse button on something once, it remains clicked/held until the button is clicked again
Click to expand...

The mouse may be just malfunctioning. Did you try different mouse?

Also, cursor is quite big for some reason
Click to expand...

That can be changed in mouse properties (Control Panel).

==============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/08/26 08:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\IWONGEI
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:290A724C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:57DC3B52
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:DA18FD1D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:211ED887
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:41099CE9

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Shorerider · 2010/09/13

Broni,

I will look into the Mouse/Cursor settings once the clean-up is done. Also, (I'm not sure if this is relevant) the screen/font size has shrunk for some reason? The Laptop has been with me for the last few days, so no settings could have been changed.

- Java was updated

OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files\IWONGEI\Installr\setups folder moved successfully.
C:\Program Files\IWONGEI\Installr\1.bin\chrome folder moved successfully.
C:\Program Files\IWONGEI\Installr\1.bin folder moved successfully.
C:\Program Files\IWONGEI\Installr folder moved successfully.
C:\Program Files\IWONGEI folder moved successfully.
ADS C:\ProgramData\Temp:290A724C deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:F7862839 deleted successfully.
ADS C:\ProgramData\Temp:57DC3B52 deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\TempCAF903C deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\TempA18FD1D deleted successfully.
ADS C:\ProgramData\Temp:211ED887 deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tess
->Temp folder emptied: 1880944 bytes
->Temporary Internet Files folder emptied: 54107285 bytes
->Java cache emptied: 2027 bytes
->Google Chrome cache emptied: 142457199 bytes
->Flash cache emptied: 159895 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 180 bytes
RecycleBin emptied: 14159 bytes

Total Files Cleaned = 189.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tess
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09132010_155537

Files\Folders moved on Reboot...
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF811E.tmp not found!
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF8131.tmp not found!
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF8184.tmp not found!
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF8193.tmp not found!
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF81DE.tmp not found!
File\Folder C:\Users\Tess\AppData\Local\Temp\~DF81ED.tmp not found!
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YT1WVKJ8\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFU2CE9Q\ads[4].htm moved successfully.
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0M0EW4AC\94955-active-my-friends-machine-suspect-3[1].html moved successfully.
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0M0EW4AC\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Tess\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File\Folder C:\Windows\temp\JETA591.tmp not found!

Registry entries deleted on Reboot...

SecurityCheck:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton 360
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
WinPatrol winpatrol.exe
SecurityCheck.exe
Windows Defender MSASCui.exe
BillP Studios WinPatrol WinPatrol.exe
````````````````````````````````
DNS Vulnerability Check:

``````````End of Log````````````

Kaspersky results to follow

-Shorerider.

Shorerider · 2010/09/13

Broni,

Just to let you know, the scan took a long time because I set it to scan, closed the laptop, and went to bed without realising this would pause the scan.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 14, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 13, 2010 02:42:01
Records in database: 4212944
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 119578
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 11:46:19

File name / Threat / Threats count
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe Infected: Trojan.Win32.Agent.czkv 1
C:\_OTL\MovedFiles\09132010_155537\C_Program Files\IWONGEI\Installr\1.bin\9uEZSETP.dll Infected: not-a-virus:AdWare.Win32.FunWeb.fa 1

Selected area has been scanned.

broni · 2010/09/13

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

Shorerider · 2010/09/14

Broni,

I ran OTL, and set a new restore point. Unfortunately, the logs were lost due to the OTL clean up, as I had forgotten to reply, before the clean.

I am having trouble downloading WOT, as all it does is downloads a link, then open a new IE window when double clicked.

Please advise.

I have downloaded your other recommendations.

Thanks,

-Shorerider.

broni · 2010/09/14

How is computer doing?

Regarding WOT, is this the name of the file, you downloaded: WOT-latest-all.msi ?

Shorerider · 2010/09/15

Broni,

Yes it is.

BUT, when I initiate the download, and it asks for a location to save to, the "File name " is missing the ".msi " but it says "Save as type: MSI File "

Also, in the Download dialogue box it shows a IE shortcut icon, not an application icon.

I am also getting an "Internet Explorer has stopped working" message after exiting the download page sometimes.

I downloaded it using the same link from my PC without any issues.

Other than that, the Laptop is fine.

-Shorerider.

Log in or Sign up

Solved My (friends) machine is suspect.

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Share This Page

Log in or Sign up

Solved My (friends) machine is suspect.

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

broni Moderator Malware Analyst

Shorerider Inactive Thread Starter

Share This Page

Useful Searches