Solved redirect virus in vista

[Resolved] redirect virus in vista

Hi, I followed the recommended steps:
Step 1
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7035

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/3/2011 10:36:13 AM
mbam-log-2011-09-03 (10-36-13).txt

Scan type: Quick scan
Objects scanned: 175846
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 110
Registry Values Infected: 137
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 74

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5230 (Adware.MyWebSearch) -> Value: SpybotDeletingB5230 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8966 (Adware.MyWebSearch) -> Value: SpybotDeletingD8966 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6706 (Adware.MyWebSearch) -> Value: SpybotDeletingB6706 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9621 (Adware.MyWebSearch) -> Value: SpybotDeletingD9621 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2413 (Adware.MyWebSearch) -> Value: SpybotDeletingB2413 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD319 (Adware.MyWebSearch) -> Value: SpybotDeletingD319 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2372 (Adware.MyWebSearch) -> Value: SpybotDeletingB2372 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9993 (Adware.MyWebSearch) -> Value: SpybotDeletingD9993 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3163 (Adware.MyWebSearch) -> Value: SpybotDeletingB3163 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7975 (Adware.MyWebSearch) -> Value: SpybotDeletingD7975 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1450 (PUP.FunWebProducts) -> Value: SpybotDeletingB1450 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9966 (PUP.FunWebProducts) -> Value: SpybotDeletingD9966 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB628 (Adware.MyWebSearch) -> Value: SpybotDeletingB628 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9402 (Adware.MyWebSearch) -> Value: SpybotDeletingD9402 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB307 (Adware.MyWebSearch) -> Value: SpybotDeletingB307 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1200 (Adware.MyWebSearch) -> Value: SpybotDeletingD1200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB9974 (Adware.MyWebSearch) -> Value: SpybotDeletingB9974 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8825 (Adware.MyWebSearch) -> Value: SpybotDeletingD8825 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB267 (Adware.MyWebSearch) -> Value: SpybotDeletingB267 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD103 (Adware.MyWebSearch) -> Value: SpybotDeletingD103 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2075 (PUP.FunWebProducts) -> Value: SpybotDeletingB2075 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1794 (PUP.FunWebProducts) -> Value: SpybotDeletingD1794 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5246 (Adware.MyWebSearch) -> Value: SpybotDeletingB5246 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD4289 (Adware.MyWebSearch) -> Value: SpybotDeletingD4289 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4669 (Adware.MyWebSearch) -> Value: SpybotDeletingB4669 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3265 (Adware.MyWebSearch) -> Value: SpybotDeletingD3265 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5411 (Adware.MyWebSearch) -> Value: SpybotDeletingB5411 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7513 (Adware.MyWebSearch) -> Value: SpybotDeletingD7513 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3056 (Adware.MyWebSearch) -> Value: SpybotDeletingB3056 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD6541 (Adware.MyWebSearch) -> Value: SpybotDeletingD6541 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5636 (Adware.MyWebSearch) -> Value: SpybotDeletingB5636 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3674 (Adware.MyWebSearch) -> Value: SpybotDeletingD3674 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1816 (Adware.MyWebSearch) -> Value: SpybotDeletingB1816 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD2411 (Adware.MyWebSearch) -> Value: SpybotDeletingD2411 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1800 (Adware.MyWebSearch) -> Value: SpybotDeletingB1800 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1373 (Adware.MyWebSearch) -> Value: SpybotDeletingD1373 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1445 (Adware.MyWebSearch) -> Value: SpybotDeletingB1445 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8708 (Adware.MyWebSearch) -> Value: SpybotDeletingD8708 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8892 (Adware.MyWebSearch) -> Value: SpybotDeletingB8892 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3508 (Adware.MyWebSearch) -> Value: SpybotDeletingD3508 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8883 (Adware.MyWebSearch) -> Value: SpybotDeletingB8883 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD6376 (Adware.MyWebSearch) -> Value: SpybotDeletingD6376 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB821 (Adware.MyWebSearch) -> Value: SpybotDeletingB821 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD2796 (Adware.MyWebSearch) -> Value: SpybotDeletingD2796 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1163 (Adware.MyWebSearch) -> Value: SpybotDeletingB1163 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD2825 (Adware.MyWebSearch) -> Value: SpybotDeletingD2825 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4560 (Adware.MyWebSearch) -> Value: SpybotDeletingB4560 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD6487 (Adware.MyWebSearch) -> Value: SpybotDeletingD6487 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8777 (Adware.MyWebSearch) -> Value: SpybotDeletingB8777 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9085 (Adware.MyWebSearch) -> Value: SpybotDeletingD9085 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4001 (Adware.MyWebSearch) -> Value: SpybotDeletingB4001 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8121 (Adware.MyWebSearch) -> Value: SpybotDeletingD8121 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2870 (Adware.MyWebSearch) -> Value: SpybotDeletingB2870 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8108 (Adware.MyWebSearch) -> Value: SpybotDeletingD8108 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2246 (Adware.MyWebSearch) -> Value: SpybotDeletingB2246 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD5806 (Adware.MyWebSearch) -> Value: SpybotDeletingD5806 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3175 (Adware.MyWebSearch) -> Value: SpybotDeletingB3175 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD6227 (Adware.MyWebSearch) -> Value: SpybotDeletingD6227 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6570 (Adware.MyWebSearch) -> Value: SpybotDeletingB6570 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD5741 (Adware.MyWebSearch) -> Value: SpybotDeletingD5741 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB7852 (Adware.MyWebSearch) -> Value: SpybotDeletingB7852 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD2506 (Adware.MyWebSearch) -> Value: SpybotDeletingD2506 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4435 (PUP.FunWebProducts) -> Value: SpybotDeletingB4435 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7568 (PUP.FunWebProducts) -> Value: SpybotDeletingD7568 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1371 (PUP.FunWebProducts) -> Value: SpybotDeletingB1371 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD809 (PUP.FunWebProducts) -> Value: SpybotDeletingD809 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3656 (PUP.FunWebProducts) -> Value: SpybotDeletingB3656 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD503 (PUP.FunWebProducts) -> Value: SpybotDeletingD503 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2907 (PUP.FunWebProducts) -> Value: SpybotDeletingB2907 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8542 (PUP.FunWebProducts) -> Value: SpybotDeletingD8542 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB9810 (PUP.FunWebProducts) -> Value: SpybotDeletingB9810 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD4749 (PUP.FunWebProducts) -> Value: SpybotDeletingD4749 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6054 (PUP.FunWebProducts) -> Value: SpybotDeletingB6054 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD5534 (PUP.FunWebProducts) -> Value: SpybotDeletingD5534 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8797 (PUP.FunWebProducts) -> Value: SpybotDeletingB8797 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8745 (PUP.FunWebProducts) -> Value: SpybotDeletingD8745 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5231 (PUP.FunWebProducts) -> Value: SpybotDeletingB5231 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD173 (PUP.FunWebProducts) -> Value: SpybotDeletingD173 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8849 (PUP.FunWebProducts) -> Value: SpybotDeletingB8849 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD490 (PUP.FunWebProducts) -> Value: SpybotDeletingD490 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4898 (PUP.FunWebProducts) -> Value: SpybotDeletingB4898 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8044 (PUP.FunWebProducts) -> Value: SpybotDeletingD8044 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6379 (Adware.MyWebSearch) -> Value: SpybotDeletingB6379 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1564 (Adware.MyWebSearch) -> Value: SpybotDeletingD1564 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3229 (Adware.MyWebSearch) -> Value: SpybotDeletingD3229 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8434 (Adware.MyWebSearch) -> Value: SpybotDeletingB8434 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7130 (Adware.MyWebSearch) -> Value: SpybotDeletingD7130 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1537 (Adware.MyWebSearch) -> Value: SpybotDeletingB1537 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9563 (Adware.MyWebSearch) -> Value: SpybotDeletingD9563 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2391 (Adware.MyWebSearch) -> Value: SpybotDeletingB2391 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1920 (Adware.MyWebSearch) -> Value: SpybotDeletingD1920 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5148 (Adware.MyWebSearch) -> Value: SpybotDeletingB5148 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3730 (Adware.MyWebSearch) -> Value: SpybotDeletingD3730 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB7986 (Adware.MyWebSearch) -> Value: SpybotDeletingB7986 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD1836 (Adware.MyWebSearch) -> Value: SpybotDeletingD1836 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2105 (Adware.MyWebSearch) -> Value: SpybotDeletingB2105 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9694 (Adware.MyWebSearch) -> Value: SpybotDeletingD9694 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4539 (Adware.MyWebSearch) -> Value: SpybotDeletingB4539 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9765 (Adware.MyWebSearch) -> Value: SpybotDeletingD9765 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6301 (Adware.MyWebSearch) -> Value: SpybotDeletingB6301 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9764 (Adware.MyWebSearch) -> Value: SpybotDeletingD9764 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1976 (Adware.MyWebSearch) -> Value: SpybotDeletingB1976 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD3748 (Adware.MyWebSearch) -> Value: SpybotDeletingD3748 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5110 (Adware.MyWebSearch) -> Value: SpybotDeletingB5110 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD197 (Adware.MyWebSearch) -> Value: SpybotDeletingD197 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB1124 (Adware.MyWebSearch) -> Value: SpybotDeletingB1124 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD4455 (Adware.MyWebSearch) -> Value: SpybotDeletingD4455 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3129 (Adware.MyWebSearch) -> Value: SpybotDeletingB3129 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9332 (Adware.MyWebSearch) -> Value: SpybotDeletingD9332 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6315 (Adware.MyWebSearch) -> Value: SpybotDeletingB6315 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7850 (Adware.MyWebSearch) -> Value: SpybotDeletingD7850 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4295 (Adware.MyWebSearch) -> Value: SpybotDeletingB4295 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD8393 (Adware.MyWebSearch) -> Value: SpybotDeletingD8393 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB3126 (Adware.MyWebSearch) -> Value: SpybotDeletingB3126 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD2569 (Adware.MyWebSearch) -> Value: SpybotDeletingD2569 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB5841 (Adware.MyWebSearch) -> Value: SpybotDeletingB5841 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD21 (Adware.MyWebSearch) -> Value: SpybotDeletingD21 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6051 (Adware.MyWebSearch) -> Value: SpybotDeletingB6051 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9025 (Adware.MyWebSearch) -> Value: SpybotDeletingD9025 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB9308 (Adware.MyWebSearch) -> Value: SpybotDeletingB9308 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD7967 (Adware.MyWebSearch) -> Value: SpybotDeletingD7967 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2851 (Adware.MyWebSearch) -> Value: SpybotDeletingB2851 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD5808 (Adware.MyWebSearch) -> Value: SpybotDeletingD5808 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB6178 (Adware.MyWebSearch) -> Value: SpybotDeletingB6178 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD223 (Adware.MyWebSearch) -> Value: SpybotDeletingD223 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB2658 (Adware.MyWebSearch) -> Value: SpybotDeletingB2658 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9042 (Adware.MyWebSearch) -> Value: SpybotDeletingD9042 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB8877 (Adware.MyWebSearch) -> Value: SpybotDeletingB8877 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD9126 (Adware.MyWebSearch) -> Value: SpybotDeletingD9126 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingB4532 (Adware.MyWebSearch) -> Value: SpybotDeletingB4532 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SpybotDeletingD5622 (Adware.MyWebSearch) -> Value: SpybotDeletingD5622 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCRCTR.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\jerry\downloads\IWON.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\jerry\local settings\application data\mwsautSp.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Step 2
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-03 15:16:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005d WDC_WD16 rev.1.10
Running: e24zv7ny.exe; Driver: C:\Users\jerry\AppData\Local\Temp\fwdoypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9BFE27A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9BFE2848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9BFE28E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9BFE2980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 81EB3B74 4 Bytes [A0, 27, FE, 9B]
.text ntkrnlpa.exe!KeSetEvent + 621 81EB3DA4 8 Bytes [48, 28, FE, 9B, E4, 28, FE, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 81EB3E04 4 Bytes [80, 29, FE, 9B] {SUB BYTE [ECX], 0xfe; WAIT }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D802000, 0x20BE32, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2336] ntdll.dll!LdrLoadDll 77DB93A8 5 Bytes JMP 00F61410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5032] USER32.dll!SetWindowLongA 76F4E7CD 5 Bytes JMP 6663A047 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5032] USER32.dll!SetWindowLongW 76F513B4 5 Bytes JMP 66639FD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5032] USER32.dll!GetWindowInfo 76F5428E 5 Bytes JMP 66441B87 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5032] USER32.dll!TrackPopupMenu 76F614F3 5 Bytes JMP 66442155 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7450A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7453CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

 

Step 3
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-03 15:27:12
-----------------------------
15:27:12.929 OS Version: Windows 6.0.6002 Service Pack 2
15:27:12.930 Number of processors: 1 586 0x7F02
15:27:12.932 ComputerName: JERRY-PC UserName: jerry
15:27:14.224 Initialize success
15:27:20.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
15:27:20.255 Disk 0 Vendor: WDC_WD16 1.10 Size: 152627MB BusType: 6
15:27:22.999 Disk 0 MBR read successfully
15:27:23.005 Disk 0 MBR scan
15:27:23.009 Disk 0 unknown MBR code
15:27:23.409 Disk 0 scanning sectors +312578048
15:27:24.174 Disk 0 scanning C:\Windows\system32\drivers
15:28:53.118 Service scanning
15:28:54.841 Modules scanning
15:31:21.097 Disk 0 trace - called modules:
15:31:21.316 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
15:31:21.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c12ac8]
15:31:21.317 3 CLASSPNP.SYS[89baa8b3] -> nt!IofCallDriver -> [0x850ed258]
15:31:21.317 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\0000005d[0x84fb83f8]
15:31:21.320 Scan finished successfully
15:33:16.602 Disk 0 MBR has been saved successfully to "C:\Users\jerry\Desktop\MBR.dat "
15:33:16.610 The log file has been saved successfully to "C:\Users\jerry\Desktop\aswMBR.txt "

 

Step 4, part 1
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by jerry at 15:34:07 on 2011-09-03
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1105 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.pch.com/search?
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80227
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80227
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [eRecoveryService]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?

lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg "& "inst=NzctNjE3Mzg2NzE3LUtWMys3LUJBKzEtWEwrMS1UMS1CQVI4RysxLVVDQUxMKzEtVUNBTEwyKzItVEI4KzItRkwrOC1GMTBNKz

UtUUlYMSszLUYxME0xMEQrMS1MSUMrMjItRkwxMCsxLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLVRVRyszLUREVCsw "& "prod=90 "& "ver=10.0.1382
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Arctic%20Quest%202/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{1E6644C9-C18A-4664-A766-F3140C986261} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{4936F3D3-BDF4-442B-B0A1-A396ACE2AEE6} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{B57DE832-10A4-4AB6-A41E-080FD9154FD3} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jerry\appdata\roaming\mozilla\firefox\profiles\jljmyqw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d147f3d&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\3\NP_wtapp.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.brc,
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-15 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-28 1153368]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2010-8-2 56352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bdaad8d5ad70;Google Update Service (gupdate1c9bdaad8d5ad70);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-26 41272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== Created Last 30 ================
.
2011-08-24 10:56:40 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-09 21:07:31 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 21:07:28 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 21:07:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-09 21:05:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 21:05:53 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 21:05:51 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-08-27 09:57:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 15:35:14.91 ===============

 

Step 4. part 2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vistaâ„¢ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 12/15/2008 1:48:52 PM
System Uptime: 9/3/2011 10:47:20 AM (5 hours ago)
.
Motherboard: Acer | | Nile
Processor: AMD Athlon(tm) Processor 2650e | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 22.454 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 67.079 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP928: 8/13/2011 5:55:36 PM - Scheduled Checkpoint
RP929: 8/15/2011 11:52:00 AM - Scheduled Checkpoint
RP930: 8/17/2011 7:35:33 AM - Scheduled Checkpoint
RP931: 8/18/2011 7:41:34 AM - Scheduled Checkpoint
RP932: 8/19/2011 10:18:28 AM - Scheduled Checkpoint
RP933: 8/21/2011 12:30:48 AM - Scheduled Checkpoint
RP934: 8/25/2011 3:00:12 AM - Windows Update
RP935: 9/3/2011 3:14:03 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acer Assist
Acer Empowering Technology
Acer eRecovery Management
Acer Mobility Center Plug-In
Acer Registration
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.6
Aloha Solitaire
Aloha Solitaire (remove only)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 2
Ask Toolbar
ATI Catalyst Install Manager
ATT-PRT22
AVG 2011
BellSouth FastAccess DSL Help Center
Big Fish Games Client
Bonjour
BurgerTime Deluxe
C:\Program Files\Acer GameZone\GameConsole
Cake Mania
Cake Mania - Lights Camera Action
Cake Mania - Lights, Camera, Action!(TM)
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Collapse! Crunch
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cradle of Persia
Cradle of Persia (remove only)
Diamond Detective
Diamond Detective (remove only)
Diner Dash 5 - Boom! The Collector's Edition
Free Ride Games Player
FrostWire 5.0.8
GameHouse
Google Chrome
Google Update Helper
Gwen The Magic Nanny
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Driver Diagnostics
HP Games
HP Photo Creations
HP Update
Ice Cream Craze: Natural Hero
InterVideo WinDVD 8
Intuit SiteBuilder
IWON Games - Cake Mania (remove only)
Jane's Hotel Mania
Java Auto Updater
Java(TM) 6 Update 26
Launch Manager
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe 1.4.142.1
Magic Sweets
Malwarebytes' Anti-Malware version 1.51.1.1800
Margrave: The Curse of the Severed Heart
Micro Innovations Optical Scroll Mouse
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Small Business
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Mozilla Firefox 6.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyDSC2
Nightfall Mysteries: Curse of the Opera
NLOP
Ocean Express
Orion
Pizza Chef 2
PMB
Primo
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Runtime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shape Solitaire
Skins
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Street Atlas USA 8.0
swMSM
Synaptics Pointing Device Driver
Tile Quest
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Installer for WildTangent Games App
Web Games Player Plugin
WildTangent Games
WildTangent Games App
WildTangent Games App (HP Games)
WorldWinner Games
Yahoo! Toolbar
.
==== End Of File ===========================

 

thanks, this is my wifes computer but i will delete the frostwire, i assume this is what your taking about, its the only think i know of that has file sharing in this computer, thanks again, jerry

 

I think its the google redirect virus i have. Here is the next log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/04/2011 at 00:14 AM

Application Version : 5.0.1118

Core Rules Database Version : 7644
Trace Rules Database Version: 5456

Scan type : Complete Scan
Total Scan Time : 01:46:57

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 270
Memory threats detected : 0
Registry items scanned : 36978
Registry threats detected : 175
File items scanned : 230237
File threats detected : 68

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS1.ZIP )/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS1.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS164.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS164.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS165.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS165.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS4.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS4.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS5.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS5.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS85.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS85.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS86.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS86.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH154.ZIP )/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH154.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH159.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH159.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH177.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH177.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH289.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH289.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH346.ZIP )/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH346.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH351.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH351.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH369.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH369.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH481.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH481.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH540.ZIP )/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH540.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH545.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH545.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH563.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH563.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH96.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/F3PSSAVR.SCR
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH96.ZIP

Trojan.Agent/Gen-Kazy[Ico]
C:\PROGRAM FILES\WILDGAMES\SPONGEBOB DINER DASH\GDF.DLL

Adware.MyWebSearch
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS164.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS165.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS4.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS5.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS85.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\FUNWEBPRODUCTS86.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH142.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH142.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH159.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH177.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH2.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH2.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH203.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH203.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH289.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH334.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH334.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH351.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH369.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH395.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH395.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH481.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH528.ZIP )/MWSOEMON.EXE
C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH528.ZIP
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH545.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH563.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
ZIP ARCHIVE( C:\PROGRAMDATA\SPYBOT - SEARCH & DESTROY\RECOVERY\MYWAYMYWEBSEARCH96.ZIP )/PROGRAM FILES/MYWEBSEARCH/BAR/1.BIN/MWSOEMON.EXE
C:\USERS\JERRY\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\13D8D0CE.EXE

Adware.CouponBar
C:\USERS\JERRY\APPDATA\LOCAL\TEMP\CPNPRT2.CID

 

ComboFix 11-09-03.01 - jerry 09/04/2011 7:37.1.1 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1883 [GMT -4:00]
Running from: c:\users\jerry\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jerry\AppData\Local\.#
c:\users\jerry\AppData\Roaming\.#
c:\users\jerry\AppData\Roaming\TMInc
c:\users\jerry\AppData\Roaming\TMInc\game.cfg
c:\users\jerry\AppData\Roaming\TMInc\user1.sav
c:\windows\system32\BSTIEPrintCtl1.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-04 to 2011-09-04 )))))))))))))))))))))))))))))))
.
.
2011-09-04 11:46 . 2011-09-04 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 02:16 . 2011-09-04 02:16 -------- d-----w- c:\users\jerry\AppData\Roaming\SUPERAntiSpyware.com
2011-09-04 02:15 . 2011-09-04 02:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-04 02:15 . 2011-09-04 02:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-24 10:56 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-09 21:07 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 21:07 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 21:07 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 21:05 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 21:05 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-09 21:05 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 09:57 . 2011-05-16 08:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-06 23:52 . 2010-12-26 16:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-12-26 16:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-20 12:57 . 2011-06-24 11:13 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B206A83-DD7E-4123-8E42-CE90BD21451B}\mpengine.dll
2011-09-01 00:53 . 2011-04-30 08:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"PMBVolumeWatcher "= "c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender "= "c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-11-19 22:17 1261568 ----a-w- c:\program files\Acer\Acer Assist\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 17:29 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender]
2010-07-18 15:54 1774080 ----a-w- c:\program files\Free Ride Games\GPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2009-07-20 22:09 356352 ----a-w- c:\program files\Micro Innovations\Optical Scroll\mouse32a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-23 03:05 846344 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-07-06 23:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MotiveReportAgent]
2004-06-25 18:14 204800 ----a-w- c:\program files\Common Files\Motive\McciBootStrapper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 03:50 1037608 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2005-06-11 04:41 1277952 ----a-w- c:\program files\Support.com\BellSouth\hcenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9bdaad8d5ad70;Google Update Service (gupdate1c9bdaad8d5ad70);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 133104]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.Sys [2010-03-11 56352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 09:15]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 09:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.pch.com/search?
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jljmyqw9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d147f3d&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.brc,
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Aloha Solitaire - c:\program files\Yahoo! Games\AlohaSolitaire\Uninstall.exe
AddRemove-Cradle of Persia - c:\program files\Yahoo! Games\CradleofPersia\Uninstall.exe
AddRemove-Diamond Detective - c:\program files\Yahoo! Games\DiamondDetective\Uninstall.exe
AddRemove-Tile Quest_is1 - c:\program files\Tile Quest\ReflexiveArcade\unins000.exe
AddRemove-Web Games Player Plugin - c:\program files\Zylom Games\UninstallPlugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-04 07:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-04 07:55:16
ComboFix-quarantined-files.txt 2011-09-04 11:55
.
Pre-Run: 23,663,501,312 bytes free
Post-Run: 23,812,714,496 bytes free
.
- - End Of File - - D5E3253D3203EA05F9B34B1053CB17AC

 

ok, got rid of ask toolbar. i havent been using the computer while doing these scans but i'll give it a try after this one. It wont let me put both so i have to do two or three post, says its to big.
OTL logfile created on: 9/4/2011 12:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\jerry\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 46.19% Memory free
5.72 Gb Paging File | 4.38 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 22.38 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.08 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive E: | 640.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JERRY-PC | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/04 12:22:42 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\jerry\Downloads\OTL.exe
PRC - [2011/08/31 20:53:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/19 06:24:00 | 002,387,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/08/19 06:23:54 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/08/19 06:23:54 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 17:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/07/18 11:54:40 | 001,774,080 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/11/28 14:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/04 07:28:17 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/09/03 22:16:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/03 22:16:16 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/09/03 22:16:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/31 20:53:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/27 05:57:17 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/10 03:54:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1cc11918d8dd561391bba05c61de7573\System.ServiceProcess.ni.dll
MOD - [2011/08/10 03:53:50 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/10 03:53:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll
MOD - [2011/08/10 03:51:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/10 03:50:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/10 03:34:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/10 03:09:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx
MOD - [2008/12/15 14:53:13 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008/12/15 14:53:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/12/15 14:53:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/12/15 14:53:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/07/03 23:37:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/16 06:27:28 | 005,264,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/28 14:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/06 20:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/04/11 00:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2009/01/26 18:17:09 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/01/26 18:17:08 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/10/01 14:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/06 22:40:40 | 000,129,552 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/07/28 03:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/10 06:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/05/03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/04/18 00:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1208&m=aspire_5515


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.pch.com/search?
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d147f3d&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= "


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/04 08:18:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 20:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/04 17:58:43 | 000,000,000 | ---D | M]

[2009/12/29 21:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jerry\AppData\Roaming\Mozilla\Extensions
[2011/09/04 12:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jljmyqw9.default\extensions
[2011/08/01 20:27:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jljmyqw9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jljmyqw9.default\searchplugins\askcom.xml
[2011/06/21 09:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 17:36:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 10:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/21 09:21:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/08/30 10:59:27 | 000,000,000 | ---D | M] (Free Ride Games Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2011/09/04 08:18:51 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/08/31 20:53:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/25 13:45:18 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2011/03/18 13:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2009/03/03 10:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/04 07:50:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Arctic%20Quest%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E6644C9-C18A-4664-A766-F3140C986261}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4936F3D3-BDF4-442B-B0A1-A396ACE2AEE6}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B57DE832-10A4-4AB6-A41E-080FD9154FD3}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/07/28 04:50:14 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 08:21:45 | 000,000,000 | ---D | C] -- C:\Users\jerry\AppData\Roaming\AVG2012
[2011/09/04 08:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/09/04 08:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/04 08:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/04 08:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/04 07:55:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/04 07:55:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/04 07:33:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/03 22:16:03 | 000,000,000 | ---D | C] -- C:\Users\jerry\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/03 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/03 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/03 22:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/03 18:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/03 15:57:22 | 000,000,000 | ---D | C] -- C:\Users\jerry\Desktop\bbs info
[2011/08/08 06:08:58 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2008/12/04 07:08:06 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/09/04 12:16:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/04 12:16:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 11:25:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 11:25:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 08:37:07 | 067,456,305 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/09/04 08:18:51 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/04 07:50:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/04 07:25:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/04 07:25:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/09/03 22:49:50 | 000,001,356 | ---- | M] () -- C:\Users\jerry\AppData\Local\d3d9caps.dat
[2011/09/03 22:15:35 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/03 10:13:18 | 000,000,894 | ---- | M] () -- C:\Users\jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/03 10:13:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/03 07:23:33 | 000,072,561 | ---- | M] () -- C:\Windows\wininit.ini
[2011/08/15 11:00:45 | 000,003,005 | ---- | M] () -- C:\Windows\SA8.ini
[2011/08/15 11:00:44 | 000,000,421 | ---- | M] () -- C:\Windows\SA4_WKSP.INI
[2011/08/15 11:00:43 | 000,000,592 | ---- | M] () -- C:\Users\jerry\Desktop\startup.sa8
[2011/08/10 03:04:35 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/10 03:04:35 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2011/09/04 08:18:51 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/09/03 22:15:35 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/03 10:13:18 | 000,000,894 | ---- | C] () -- C:\Users\jerry\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/23 08:41:36 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/06/23 08:41:36 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/03/22 22:51:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/23 20:51:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/23 20:51:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/23 20:51:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/23 20:51:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/23 20:51:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/25 13:45:06 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2010/02/15 16:27:21 | 000,001,356 | ---- | C] () -- C:\Users\jerry\AppData\Local\d3d9caps.dat
[2010/02/03 12:22:37 | 000,000,148 | ---- | C] () -- C:\Windows\System32\acmeinc.ini
[2010/02/03 12:22:37 | 000,000,116 | ---- | C] () -- C:\Windows\System32\vxdtgm.ini
[2009/09/04 08:45:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 08:45:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/30 10:59:19 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009/07/05 23:45:45 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/06/07 14:52:25 | 000,003,840 | ---- | C] () -- C:\Users\jerry\AppData\Local\slot1.mm1
[2009/04/13 19:33:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/04/11 20:53:07 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/03/21 13:50:47 | 000,072,561 | ---- | C] () -- C:\Windows\wininit.ini
[2009/02/18 17:52:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/04 19:19:51 | 000,003,005 | ---- | C] () -- C:\Windows\SA8.ini
[2009/02/04 19:19:51 | 000,000,421 | ---- | C] () -- C:\Windows\SA4_WKSP.INI
[2009/02/04 19:19:51 | 000,000,045 | ---- | C] () -- C:\Windows\SA4_DRAW.INI
[2009/02/04 19:19:51 | 000,000,000 | ---- | C] () -- C:\Windows\DeLGPS.ini
[2009/02/03 23:44:41 | 000,008,192 | ---- | C] () -- C:\Users\jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/01 07:31:08 | 000,006,048 | ---- | C] () -- C:\Windows\System32\MCC16.dll
[2008/12/15 14:53:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/12/04 09:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/12/04 09:11:27 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/12/04 08:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/12/04 08:31:15 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/12/04 08:31:15 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/12/04 08:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/12/04 07:50:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/04 07:05:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/04 07:05:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/12/04 07:05:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/04 07:05:08 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/12/04 07:05:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,302,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 20:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 03:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 20:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 02:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

 

i only posted part of the otl.txt file, when i try to post the other part, it say there are too many images or html but i dont see any???

 

here is the extras.txt
OTL Extras logfile created on: 9/4/2011 12:24:35 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\jerry\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 46.19% Memory free
5.72 Gb Paging File | 4.38 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 22.38 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 67.08 Gb Free Space | 96.49% Space Free | Partition Type: NTFS
Drive E: | 640.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JERRY-PC | User Name: jerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iCall\iCall.exe" = C:\Program Files\iCall\iCall.exe:*:Enabled:iCall -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E7BEEE-0930-4EDA-92FF-7A53372FE768}" = lport=138 | protocol=17 | dir=in | app=system |
"{079559B6-96E7-45B8-85B4-A9EA598106D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{168C0753-BE8D-4BB5-B50A-E9A8C60E6854}" = rport=138 | protocol=17 | dir=out | app=system |
"{4586A78A-DE95-4A97-9879-33AAA85C4A78}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3501365-5B0B-4663-A179-645CF2B1DB01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA95475E-5360-4FAE-B7F1-5EC8C371AAC9}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC6D501B-1278-43F2-8D03-82AD3552086B}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE7F8E64-8C09-4E33-8AB7-351E6A97669B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5ADFEA3-95F6-40DC-ABF0-EB54FBEEA435}" = rport=137 | protocol=17 | dir=out | app=system |
"{F739E9CA-C0A4-4398-B4EB-DEA42EEBF35A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A9F9A5-C369-454B-867F-4674F30CBD19}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1324C949-695C-4A4E-A2E0-794952F81286}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{23E7F79B-F4CF-436E-A7E9-5FA03947EA74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{259F1611-C159-42C3-AFAF-5539853B7035}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{26D426E3-4FD3-43EB-9555-5E1C7EFF99F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{28CF5804-BA5A-4630-A175-D9F134B408A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31691C67-C249-4944-9749-E199D6A09AAD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3218DD35-C217-4D83-9F32-7DAF49EC1116}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{36A0ACC2-D465-4E22-96E1-5F2BD04495C7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{36C5CE16-0AC2-421C-87D6-4BBBF256C6F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3A9532CB-20E9-4979-9ED5-4461FABDBE6E}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{48229CB0-1BBF-433F-9D39-13AF2BDAF9B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{5A6A4999-D213-474E-9218-2C40DB4A4009}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5B1F9AD5-A0D1-4746-B20C-8CA6C8004ACC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{5E9C0728-D6C5-4B59-9039-A009A522EE5D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5F5E6067-EC42-4CF3-8A31-2D153A4B80E5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{647FF4E5-F2A2-49EC-9F24-D7AD84121AE8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{65AC377D-8FF3-4B54-8D06-7A94E86F76B9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{774E8923-D61D-442F-BB0E-6606AF178723}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{79990FA7-FA6B-479D-BE97-ED01AB2F6A07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E7EB2ED-F60A-495E-9DB4-E08462B29F85}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{850B8F96-E640-4E7C-A843-0A1EB6405FE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{93986BAE-5214-46DC-B318-141D2814B512}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E78B245-67B5-4B57-ABFC-96E4609C68A6}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{ACCC6B07-C214-40AE-962A-4A4F3AD9A638}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B6DB0D7A-49CE-48E7-9D5D-68237490FFDB}" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
"{C0FAFFB3-BE19-4AF0-952A-E727973FC954}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C2626ABA-95B6-49F8-992E-A29C59779A68}" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
"{C373109E-7A6B-4FE8-A947-9BDE5C0AFC83}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{C4F4EA31-03FC-4ACE-9352-339964DA3D1B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{D423C993-4840-4D38-B126-3DC13B9BB5C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D64DAAC3-3615-46D7-9676-E10679B9500C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E4E43E10-B1FF-49BF-BF38-30F1168D719B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F072A1FC-D89D-4CD2-951D-CF35B1654B84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F48181DF-AA09-4879-9915-6262CBA112CD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FBE6A731-1567-4D2C-B029-80B9F3224A29}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{0FF12097-A7DA-4432-BEAF-31850987EA0E}C:\users\jerry\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\jerry\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{1530E307-72A7-4AF4-BD92-C25D31AE3BBC}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{50B27F52-DD16-4EF0-8F59-F10AB764DB60}C:\program files\icall\icall.exe" = protocol=6 | dir=in | app=c:\program files\icall\icall.exe |
"TCP Query User{62E98722-D175-4A9B-9CC0-AE379AB9A812}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{B8571E69-D7F6-4828-81ED-83F6483A7946}C:\program files\gamehouse\collapsecrunch\collapse3.exe" = protocol=6 | dir=in | app=c:\program files\gamehouse\collapsecrunch\collapse3.exe |
"UDP Query User{44CD86CB-D7E9-4788-AB60-1545451A2488}C:\users\jerry\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\jerry\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{644B29EE-0C47-4305-BBFC-3F919CCC7C92}C:\program files\icall\icall.exe" = protocol=17 | dir=in | app=c:\program files\icall\icall.exe |
"UDP Query User{7510399A-DC94-4B3E-BD02-586E49B30FAE}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{8087F95C-46B3-4B2D-B6CA-92ACA8DCBF22}C:\program files\gamehouse\collapsecrunch\collapse3.exe" = protocol=17 | dir=in | app=c:\program files\gamehouse\collapsecrunch\collapse3.exe |
"UDP Query User{B8656789-3B98-42C8-89B8-08972F20B3B1}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{071EA6A1-4189-3D9C-6B3F-0BE15495CE80}" = Catalyst Control Center Core Implementation
"{08137BF5-9879-EBDA-6462-79D3C6D113B2}" = Catalyst Control Center Localization Portuguese
"{09621381-D4B0-2D6A-AB14-E8CE4CD424D9}" = Catalyst Control Center Graphics Previews Vista
"{09D3675D-E1BB-1B3D-3F35-0338F7AAB0FD}" = Catalyst Control Center Localization Czech
"{0AD63C23-3DE8-82FF-4DF2-BDD0784F3348}" = Diamond Detective
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DE63D16-8A5E-74AB-1A5F-6E1834234229}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20646A89-D59E-499D-A54A-4B543BD066A8}" = Cake Mania
"{254C0471-5FDF-D591-1219-112ABECED882}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{285432CE-2033-7317-27FC-DFB027E24F33}" = Catalyst Control Center Localization French
"{29E1DB75-A926-D7A5-6773-E24477526D49}" = CCC Help Chinese Traditional
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2B82EEF1-A86E-CE6A-E7E6-ED114131E383}" = Catalyst Control Center Graphics Full New
"{2F3FC1A5-37B4-7685-7295-37FD1B3FE806}" = CCC Help Danish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32EBA2B9-23F8-82A8-E229-0F283EE902B0}" = CCC Help Portuguese
"{3A2536D9-53FF-CD79-F46C-9E3902D2EEBA}" = CCC Help English
"{3A6CE5E6-7416-37A1-1DA2-2BCB0A9CF444}" = Catalyst Control Center Localization Japanese
"{3A7D9B34-E8A9-A352-20C1-0607B1D5F8B6}" = Catalyst Control Center Localization Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9544A3-63B0-E523-D212-5C010368E492}" = Catalyst Control Center Localization Spanish
"{41802C9A-1BF6-9A4E-D903-C6587560D758}" = Catalyst Control Center Localization Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5339885F-4597-4343-BD3B-74280CC79424}" = ArcSoft VideoImpression 2
"{58D9BD9C-C96F-F308-5D72-371A9D3CC939}" = CCC Help Dutch
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6165BE73-8AC5-A2B6-8910-963387FE5B9B}" = Catalyst Control Center Localization Russian
"{6190B8CA-366D-A8E1-9976-7EE50B7DC39E}" = Aloha Solitaire
"{67A8747E-0517-75EF-244F-9E219C440107}" = ATI Catalyst Install Manager
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A25BA91-82D1-0841-FC65-57CE27540922}" = Catalyst Control Center Localization Danish
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6A41CE62-8379-2A4D-E690-AA5D4DA8A279}" = ccc-core-static
"{6BB99DE2-D79C-B223-8D4F-E3D80A478D0F}" = CCC Help Polish
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E52D2FB-5FB5-334E-86F9-4316EEDC2926}" = ccc-utility
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72BBB36F-D323-0746-4F92-083E4C5EAC52}" = CCC Help Czech
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DDF474C-2AF9-4A3B-57E0-FBF31ED2C913}" = Catalyst Control Center Localization Polish
"{7E992D2F-5D9F-0A2A-302E-E4AC8FB79F47}" = Catalyst Control Center Graphics Full Existing
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{822B325F-9CDD-4E78-87A2-35E6F0DDEEA2}" = HP Deskjet 1000 J110 series Product Improvement Study
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119049160}" = Cake Mania - Lights Camera Action
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{84DB8DAE-531B-FDA4-E683-8C82F0F81F26}" = Catalyst Control Center Localization Turkish
"{865A7423-1322-E68E-4604-BEB0EEBFB624}" = Catalyst Control Center Localization Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9B35344F-7FA4-B6BA-E64B-930A5BDB9585}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FFC6670-6711-387B-3566-7D0DA1808531}" = CCC Help Swedish
"{A8176277-4272-EA16-CDAE-1E37C62E14B2}" = CCC Help Italian
"{A819907C-5912-4471-91D7-D94885A2C40B}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E38025-D8D8-FB5E-0DDB-12691243EF1F}" = CCC Help Norwegian
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFE52E73-FADF-7AEC-9F2E-9C490C77AB61}" = Catalyst Control Center Localization German
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B16469A5-D2FA-A0C8-D371-2F4C8D5707D4}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B463846D-85B8-5B31-59BD-AA68307ECC69}" = CCC Help Spanish
"{B483D67F-8223-F1C5-1CBD-59B13676019E}" = CCC Help Greek
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7BA5747-159E-B1E7-B73D-E3B7575D783A}" = CCC Help Thai
"{BC4FBC02-B2B7-ACCA-C983-FFF31FC3C1C9}" = CCC Help Japanese
"{C08B098D-E9A6-649F-120D-9263C0527C2E}" = Catalyst Control Center Localization Swedish
"{C22EDAB3-B9C3-3189-6FE5-8DC4CFADED81}" = CCC Help Hungarian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4FA4F86-63E8-9CD5-8CD3-25E4AC0E8861}" = Catalyst Control Center Localization Finnish
"{C63225DD-4956-D968-E563-30371AA23FD8}" = Skins
"{C7D5F833-4603-B3A3-4DB7-178022D73CC6}" = Catalyst Control Center Localization Dutch
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC4AD2ED-C8C8-6548-BAB0-59058B3FA658}" = Catalyst Control Center Localization Greek
"{CCF98260-1FE9-4CEC-ACE7-88EE3158F23C}" = AVG 2012
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D04DA284-0680-277B-832E-B795D9302F8D}" = CCC Help Turkish
"{D5B90069-DC5F-E482-D86A-B0CBBBD0E50E}" = CCC Help Russian
"{D9029DA7-CFA1-AC76-018D-AE0E596374D5}" = Cradle of Persia
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DF7A3C71-08FD-9154-BF1C-81BC491F4C2C}" = CCC Help French
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA78289C-35D1-10D4-CA0D-7C653B2E212A}" = Catalyst Control Center Localization Hungarian
"{EAE06CC6-8838-CA77-347C-BD3E9DEC6C93}" = Catalyst Control Center Localization Italian
"{EB18E9CE-A633-1192-BDF6-4EA15DA97785}" = Catalyst Control Center Graphics Light
"{ECA47E2A-51B0-2F2F-67D3-A2A0639092B1}" = Catalyst Control Center Localization Korean
"{ED5085E1-BA8E-1464-2E3D-400086526EDE}" = Catalyst Control Center Localization Thai
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFA58E6D-8053-18D7-C9BB-C76312C1E12C}" = CCC Help Korean
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATT-PRT22" = ATT-PRT22
"AVG" = AVG 2012
"BellSouth" = BellSouth FastAccess DSL Help Center
"BFGC" = Big Fish Games Client
"Collapse! Crunch" = Collapse! Crunch
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"GameHouse" = GameHouse
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Intuit SiteBuilder" = Intuit SiteBuilder
"IWON Games - Cake Mania" = IWON Games - Cake Mania (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Micro Innovations Optical Scroll Mouse" = Micro Innovations Optical Scroll Mouse
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"NLOP" = NLOP
"Ocean Express_is1" = Ocean Express
"Street Atlas USA 8.0" = Street Atlas USA 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-09a4f03f-0b8b-46f1-a665-0d2cdf1c8f42" = Pizza Chef 2
"WTA-15c1b31d-e770-4c8d-bfd6-5ebcc4fd41ab" = Magic Sweets
"WTA-1a04abd5-4955-4d5f-ba52-541c1b8a4fb2" = BurgerTime Deluxe
"WTA-1a38561d-1afa-4036-a95d-ee2c81cf5e31" = Jane's Hotel Mania
"WTA-1d8adc7f-6a65-4e0f-a0bc-96e365be802b" = Margrave: The Curse of the Severed Heart
"WTA-4c4c2674-96e8-4785-a481-ed125081f67a" = Cake Mania - Lights, Camera, Action!(TM)
"WTA-78d9cc3b-11f6-42ad-80d1-6695f61d1576" = Diner Dash 5 - Boom! The Collector's Edition
"WTA-ace97637-b56e-4aa5-9bf6-fd5ef4456a1f" = Ice Cream Craze: Natural Hero
"WTA-ad1ed752-6af1-4ded-86e7-0a623662a82f" = Gwen The Magic Nanny
"WTA-b26a14df-81ea-4228-8fcd-f647ee94e3f9" = Nightfall Mysteries: Curse of the Opera
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1182583647-3259410284-1344731716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

ok, just tried a search in google and when i clicked on one it says:
Firefox can't find the server at f750.r.google.com. so it didn't go to the page it should of, i tried another link, says the same sort of thing?

 

Jerry,

Carry on with Broni's instructions regarding your missing part log...

[noparse]enter...

Code:

insert the missing part of the log, and end with

[/noparse]

Code:

It will appear in a box like this it is normal

 

Code:

i think this is the rest
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2008/12/04 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008/12/04 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/09/20 21:54:38 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Abra Academy2
[2009/02/01 06:49:37 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Acer
[2008/12/04 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Acer GameZone Console
[2009/09/13 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Aisle 5 Games, Inc
[2009/10/08 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Alawar
[2009/09/01 21:21:33 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Alterlab
[2009/08/21 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Amaranth Games
[2009/09/27 23:26:18 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Artogon
[2011/09/04 08:21:45 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\AVG2012
[2009/11/11 00:21:34 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\BeachPartyCraze
[2009/09/13 14:53:29 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Big Fish Games
[2009/07/17 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\BlamGames
[2009/07/27 13:06:26 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\blg
[2009/11/18 21:07:20 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Blitware
[2009/09/20 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\BloodTies
[2009/07/20 21:12:42 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Boolat Games
[2009/06/18 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\BrandX Games
[2009/07/17 16:31:30 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Camel101
[2009/06/11 20:52:44 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\cerasus.media
[2009/08/11 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Chicken Chase
[2009/02/22 14:46:10 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Coyotes Tale
[2011/05/24 15:50:57 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\CupcakeCafe
[2009/08/08 23:25:22 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\EleFun Games
[2009/08/02 22:50:10 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Enchanted Katya
[2009/09/10 14:06:28 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Enlightenus
[2009/09/06 15:05:16 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Exent Technologies
[2009/06/25 15:55:31 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Fabulous Finds
[2009/07/30 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Fever Frenzy
[2009/06/07 13:39:14 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Flood Light Games
[2009/03/23 22:20:23 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\FloodLightGames
[2009/04/01 12:11:30 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ForgottenRiddles2
[2009/04/01 12:42:00 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Friday's games
[2009/07/24 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\FrimaStudio
[2011/06/02 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\FrostWire
[2009/08/12 23:49:32 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Gaijin Ent
[2010/05/14 07:14:16 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\GameHouse
[2009/09/22 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\GameInvest
[2009/08/04 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Gamelab
[2009/09/15 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Games
[2009/04/13 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\GamesCafe
[2009/09/02 20:01:10 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/07/05 14:36:25 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Gogii Games
[2009/06/25 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Gold Casual Games
[2009/08/15 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\GraveyardShift
[2009/09/27 13:48:15 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\HSA
[2009/07/18 22:07:19 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\HuruBeachParty
[2009/12/16 21:14:34 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\InterVideo
[2009/06/25 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ITTNord
[2009/10/15 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\iWin
[2009/08/05 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Jane s Hotel
[2009/10/06 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Jane s Hotel  Family Hero
[2011/02/10 21:00:39 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Jane s Hotel 3
[2009/03/25 12:01:32 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Jetsetter
[2010/06/20 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\KewlBoxPrefs
[2009/02/01 06:49:35 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Leadertech
[2009/07/17 23:08:47 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Ludia
[2009/09/10 15:22:08 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\MA
[2009/03/25 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Magic Academy
[2011/07/08 01:38:46 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\margrave3_full
[2009/07/19 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Mean Hamster
[2009/07/26 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/07/18 19:46:04 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Meridian93
[2009/10/02 20:55:00 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Merscom
[2011/06/01 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\mjusbsp
[2009/08/06 23:40:58 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\My Games
[2010/07/24 09:50:30 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\MysteryStudio
[2010/03/14 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Mysteryville2
[2010/06/20 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Namco
[2010/07/14 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\NLOP
[2009/09/01 23:38:48 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Oberon
[2009/08/19 12:29:49 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Oberon Games
[2009/03/22 14:31:59 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Oberonv1001
[2009/06/08 15:44:42 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Oberonv1002
[2009/06/24 23:21:34 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Oberonv1005
[2009/10/19 13:06:07 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Ohana Games
[2011/06/01 04:43:26 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\OpenCandy
[2011/06/30 06:52:00 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Paige Harper and the Tome of Mystery
[2009/07/02 22:42:07 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\panoramik
[2010/10/18 19:14:22 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\PetsFunHouse
[2009/08/06 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\PetShowCraze
[2009/08/17 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Pi Eye Games
[2011/07/08 21:45:48 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\PlayFirst
[2009/06/17 15:52:57 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Playrix Entertainment
[2009/09/09 12:42:49 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\PoBros
[2009/08/10 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Pogo Games
[2009/11/11 14:12:04 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\PokerCreations
[2009/09/10 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Princess Isabella
[2009/04/04 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Reflexivev1001
[2009/03/21 13:29:32 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\RobinsonCrusoe
[2009/06/06 23:52:37 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\RobinsonCrusoeOM
[2009/07/26 19:34:56 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Sandlot Games
[2009/03/30 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\SecretIslandEng
[2009/08/15 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Shape games
[2010/07/17 10:20:17 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ShinyTales
[2009/10/07 19:08:51 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Shockwave_DressUpRush
[2009/09/23 10:45:58 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Skunk Studios
[2009/02/21 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\SpinTop
[2009/03/19 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\SpinTop Games
[2009/09/12 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\SulusGames
[2009/03/30 06:38:49 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\TheScruffs
[2009/04/15 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Total Eclipse
[2009/07/23 09:04:33 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\UClick
[2009/03/29 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\URSE Games
[2009/07/29 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Valusoft
[2011/07/03 02:36:41 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\VampireSaga
[2011/05/19 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Vasilek Games
[2009/07/31 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ViquaSoft
[2009/06/09 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\VisualShape
[2009/11/09 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Wild Tangent
[2009/07/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\World-LooM
[2011/07/08 16:06:50 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Worldwinner
[2009/06/18 07:42:52 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\Yatec Games
[2009/07/24 15:58:40 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\YoudaGames
[2011/01/12 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ZEN
[2011/07/03 19:19:15 | 000,000,000 | ---D | M] -- C:\Users\jerry\AppData\Roaming\ZEN Entertainment
[2011/09/04 07:23:45 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/12 18:07:38 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/09/04 07:55:16 | 000,014,138 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/09/04 07:24:36 | 3264,483,328 | -HS- | M] () -- C:\pagefile.sys
[2008/11/12 18:07:38 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
 
[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2006/11/02 08:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/05 13:37:55 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]
 
[color=#A23BEC]< %systemroot%\Fonts\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]
[2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2008/01/20 22:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
 
[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]
 
[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]
 
[color=#A23BEC]< %systemroot%\*.jpg >[/color]
 
[color=#A23BEC]< %systemroot%\*.png >[/color]
 
[color=#A23BEC]< %systemroot%\*.scr >[/color]
 
[color=#A23BEC]< %systemroot%\*._sy >[/color]
 
[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]
 
[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2008/01/20 22:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/10/31 09:53:33 | 000,014,896 | ---- | M] () -- C:\Program Files\hs_err_pid2644.log
 
[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
[color=#A23BEC]< %PROGRAMFILES%\bak. /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\bak. /s >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[/color]
 
[color=#A23BEC]< %systemroot%\system32\config\systemprofile\*.dat /x >[/color]
 
[color=#A23BEC]< %systemroot%\*.config >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.db >[/color]
 
[color=#A23BEC]< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[/color]
[2011/07/08 21:37:19 | 000,000,465 | -HS- | M] () -- C:\Users\jerry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
[color=#A23BEC]< %USERPROFILE%\Desktop\*.exe >[/color]
[2010/12/23 20:33:29 | 003,997,850 | R--- | M] () -- C:\Users\jerry\Desktop\ComboFix.exe
 
[color=#A23BEC]< %PROGRAMFILES%\Common Files\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\*.src >[/color]
 
[color=#A23BEC]< %systemroot%\install\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\DLL\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\HelpFiles\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\rundll\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\winn32\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\Java\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\test\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\Rundll32\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\AppPatch\Custom\*.* >[/color]
 
[color=#A23BEC]< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.tmp >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Internet Explorer\*.dat >[/color]
 
[color=#A23BEC]< %USERPROFILE%\My Documents\*.exe >[/color]
 
[color=#A23BEC]< %USERPROFILE%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\ADDINS\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\assembly\*.bak2 >[/color]
 
[color=#A23BEC]< %systemroot%\Config\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\REPAIR\*.bak2 >[/color]
 
[color=#A23BEC]< %systemroot%\SECURITY\Database\*.sdb /x >[/color]
 
[color=#A23BEC]< %systemroot%\SYSTEM\*.bak2 >[/color]
 
[color=#A23BEC]< %systemroot%\Web\*.bak2 >[/color]
 
[color=#A23BEC]< %systemroot%\Driver Cache\*.* >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\0*.exe >[/color]
 
[color=#A23BEC]< %ProgramFiles%\Microsoft Common\*.* >[/color]
 
[color=#A23BEC]< %ProgramFiles%\TinyProxy. >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Favorites\*.url /x >[/color]
[2009/02/01 06:48:58 | 000,000,402 | -HS- | M] () -- C:\Users\jerry\Favorites\desktop.ini
[2011/05/20 19:45:49 | 000,001,158 | ---- | M] () -- C:\Users\jerry\Favorites\WildTangent Games.lnk
 
[color=#A23BEC]< %systemroot%\system32\*.bk >[/color]
 
[color=#A23BEC]< %systemroot%\*.te >[/color]
 
[color=#A23BEC]< %systemroot%\system32\system32\*.* >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\*.dat /x >[/color]
[2009/09/15 14:41:52 | 000,000,356 | ---- | M] () -- C:\ProgramData\aygda_save.log
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.rmv >[/color]
 
[color=#A23BEC]< dir /b  "%systemroot%\system32\*.exe" | find /i " " /c >[/color]
 
[color=#A23BEC]< dir /b  "%systemroot%\*.exe" | find /i " " /c >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Microsoft\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\System32\Wbem\proquota.exe >[/color]
 
[color=#A23BEC]< %PROGRAMFILES%\Mozilla Firefox\*.dat >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Cookies\*.txt /x >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\fonts\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\winlog\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\Language\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\Settings\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.quo >[/color]
 
[color=#A23BEC]< %SYSTEMROOT%\AppPatch\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMROOT%\inf\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMROOT%\Installer\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\system32\config\*.bak2 >[/color]
 
[color=#A23BEC]< %systemroot%\system32\Computers\*.* >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\Sound\*.* >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\SpecialImg\*.* >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\code\*.* >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\draft\*.* >[/color]
 
[color=#A23BEC]< %SystemRoot%\system32\MSSSys\*.* >[/color]
 
[color=#A23BEC]< %ProgramFiles%\Javascript\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\pchealth\helpctr\System\*.exe /s >[/color]
 
[color=#A23BEC]< %systemroot%\Web\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\system32\msn\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.tro >[/color]
 
[color=#A23BEC]< %AppData%\Microsoft\Installer\msupdates\*.* >[/color]
 
[color=#A23BEC]< %ProgramFiles%\Messenger\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system32\systhem32\*.* >[/color]
 
[color=#A23BEC]< %systemroot%\system\*.exe >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >[/color]
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7920E530
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:3C282BEA
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:104EF12D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D16E7091
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:3118E26B
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6C13E971
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:2032CC2B
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:435657D8
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:0725B4DA
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:30AE1033
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:182D85B1
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:24E173A4
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:3D857D30
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:CF2C9E8E
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:7A71BB9C
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:A88A6EE9
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:2117D4B2
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:ED45A20F
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:7F66BF58
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:52562F72
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:2C321309
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:BB48E5A3
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:62197B73
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3C75E5BE
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:20DB61D6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DAE3AC8D
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:9A2521F1
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:6E5C36BA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E54FA796
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:13B137AF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F69BB936
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C8EAE2CC
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C69F9A67
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:437B9941
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DCBD9585
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:ABA71843
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6AB7FCDF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:5856B2C0
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4CA7FA57
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E33D6212
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A644A4BC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:4C491A66
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3EA7510F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:30C46519
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9B0F9E15
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:88D7DDBC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3214A283
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:2E964D2D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8135A716
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B61DB9F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C7504B28
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8FEE4959
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0E660858
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FE4E15B1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E2DEF21B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C90E8309
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:74B502CB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:703CE963
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5C07C19F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3F22DA14
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FDD78BE5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E6B1AD87
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CE0A077E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:8DC4F556
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:8D4852A2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5E3B85EF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:20451762
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:FB384C06
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7091055F
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:01B0E73F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FE78C5D0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EF89A86D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E6427C0F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:CC832A16
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:BF5EAC0C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:BC9021B2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A2F5F542
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9F36615A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9BFAA502
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C6798065
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:864A52B8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:680DD2F1
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4D1D6B2D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:096BF2EE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D37AE80B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3BC8CA00
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:077CC761
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C213B3C4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:9FE30AB2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:86FA1A34
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F8BECB9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0DA384B0
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0D74540D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:F7862839
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:33384BC0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:148EE14E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0651F96C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ED873558
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DEF96BC8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3B92717
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B1FBA7E1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ADE16379
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:741CA49D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:615435BE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5E22637F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3BAD65EA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0A63D33A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:994AEA06
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7E26B7DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6A7B7A50
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68DA8CC0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:54F1BE9B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:24AB14E7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0EE601C7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F1FF5647
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EB5BDBB0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E8F2B426
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B6285236
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B419A171
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:82E1D3A4
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1C5692E6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:AD2BA8A6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:AD171C9E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:857692EC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:80A452DD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C7AA745
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:481DAC2B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2FAFBD6A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2B9724CF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:19C3BC3A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:11201333
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:02B823FE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F22A9E77
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E7700065
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:70258565
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6B042939
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6713E91B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:54997B77
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373DF935
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:34FC1C45
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:ECE19DD1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DCAF903C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BD47E4EB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B0CB9B77
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:814B9485
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:52B3B2D1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4FFA5B5C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:494C4968
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3BD6F4E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F25B38E8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EA983230
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:93226FE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:74699137
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6FCD73D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:471AD3D0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2430E4FC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E89DB431
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0A2E219
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B3B7A337
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8EDA76B4
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8BCF4DE2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:87BDF1F7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:59C113EC
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4FE6D59F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4220A65C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1C9C5D1E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0DFE2AE1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:05113FB9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:EF794BCD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:829CB778
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:78CC8F21
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:554C6431
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4CD2D817
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:46545F5C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:22741C1F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:00E4A1FE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:E2B84483
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53C0A7FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:275E3148
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:06465DC4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E412AAF2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DC2110AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DA9A5EA8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5DCA26D5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:57648A0A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:3FC4A10A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16C16B18
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A97FF73C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6A18D1F5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:63F8EC77
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5A8F8A0C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:29BCDA07
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A3D0CDFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:949E3D1B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:73933431
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:59D05D9A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:490BCC52
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:33A0D119
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:1A5CC80A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0860D6D6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D2032EBB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C24B973A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B093E177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:97AB2056
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:971DCCE2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8EEDCEA2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8CCDAB14
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:269AA4B2
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:162D3733
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:12EA4DC9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D8237BF1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:ABE1143A
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:483AC68A
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:C3B5FCD5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8DA9DB01
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6FD26134
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4F96D8E6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F0762150
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D708EEF9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:969C0C96
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:445352A1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E69E337
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:10B7A752
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FECEF728
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93877B62
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:896E1EFF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:723E56EC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:641C3888
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4C49306C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:32DC97B5
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2CDB9CA3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:10D98D98
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:EDDEC855
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D7DA89B1
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B3A6CA11
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:9D5BB34A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:730BC923
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:52E1DB1D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:450ABF8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:385E2CFD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1740DC47
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C7B98566
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C17FCA88
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A4BF246C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9BFB769D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:084B0270
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E6C58E14
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E22211E1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C36B1175
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BBF60A29
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B5B501E5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A0C7D68A
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:55E3C0E0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:426796C0
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0BFCB272
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F880DE59
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CE6885F1
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C74009E5
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9E1C306C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37F44C44
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1B9D528D
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:126591AF
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:FEEEFFAD
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3EFA8A8
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:D02FBAEC
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B4FDEF97
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:966CEAE7
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:279FF250
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:18897B1D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:10F6E97E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00811B66
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:EC5EFA15
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E55CE2D1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E0718E77
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:883EDFB5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8247A199
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4AD2C54D
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:3AE23B30
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:CC7738DB
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A916C041
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:77E2CEE9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:6FDE1666
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:33611CFB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F78CC2A2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8B51CAAE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:73828A71
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:49EB0FDC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:38D53DB8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9E50C1C9
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9AA05701
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:17C48B08
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F79DAA38
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BAD540F2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2B4E9D93
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DE6EED8B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:96FAC731
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:89C2A42C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1DEE6B65
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1AFC2166
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:538B96B5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4AC9B4B7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:11FC043F

< End of report >

 

i've also tried google search some more, its like it was before, i click a link, it takes me to some random site, i close that and click it again and it goes where it should?