Solved Google Redirect and unwanted New Tab Popups in Firefox

quasarn01 · 2009/12/14

[Resolved] Google Redirect and unwanted New Tab Popups in Firefox

I continuously get Google Redirects and unwanted New Tab Popups in Firefox. It seems IE 8 is clean, however. I've tried MalwareBytes, Adaware, Spybot, Regcure, and other programs, and I've scanned with AVG to try and removed the problem. Nothing seems to stop either problem, which may be one and the same

I am Using Windows 7 Ultimate and Firefox if that matters?

I have downloaded DDS.scr and have the log... Here it is...:

DDS (Ver_09-12-01.01) - NTFSx86
Run by quasarn01 at 15:25:22.07 on Mon 12/14/2009
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1189 [GMT -5:00]

AV: F-Secure Client Security 7.10 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-

AF3A-382D3F313F15}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: F-Secure Client Security 7.10 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Atomic Alarm\timeserv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1226462707\ee\aolsoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Music Alarm Clock\mac.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\quasarn01\dwhelper\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.msn.com
uStart Page = hxxp://www.foxnews.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program

files\aol email toolbar\aolmailtb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files

\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay

toolbar2\eBayTB.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe

Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot -

search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java

\jre1.6.0_03\bin\ssv.dll
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar

\3.0.1203.0\msneshellx.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - Google Gears Helper
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol

email toolbar\aolmailtb.dll
TB: NuSphere ToolBar: {0f62d223-9206-4ea3-9ea8-d0f3c7c82aca} - c:\program files\nusphere\phped

\NuSphereIEBar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar

\3.0.1203.0\msneshellx.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai

roboform\roboform.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay

toolbar2\eBayTB.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email

toolbar\aolmailtb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe "
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [SkinClock] c:\program files\atomic alarm\AtomicAlarmClock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba

\traybar.exe" /start
mRun: [HostManager] c:\program files\common files\aol\1226462707\ee\AOLSoftware.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Music Alarm Clock] c:\progra~1\musica~1\mac.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe"

/starttray
StartupFolder: c:\users\quasar~1\appdata\roaming\micros~1\windows\startm~1\programs\startup

\camera~1.lnk - c:\program files\camera assistant software for toshiba\traybar.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Email Toolbar Search
IE: Customize Menu - file://c:\program files\siber systems\ai roboform

\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\nusphere\phped\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform

\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform

\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform

\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform

\RoboFormComCustomizeIEMenu.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform

\RoboFormComShowToolbar.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program

files\spybot - search & destroy\SDHelper.dll
Trusted Zone: weatherbug.com\deskwx
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-

rtm/resources/fslauncher.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1255270777018
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1255271290635
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03

-windows-i586.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} -

hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: {8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype

\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%

\System32\DreamScene.dll
Hosts: 0.0.0.0 166.82.
Hosts: 0.0.0.0 193.69.
Hosts: 0.0.0.0 200.89.
Hosts: 0.0.0.0 212.113
Hosts: 0.0.0.0 213.219

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\quasar~1\appdata\roaming\mozilla\firefox\profiles\4dtf7eme.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?

invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - www.foxnews.com
FF - prefs.js: keyword.URL -
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\quasarn01\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\quasarn01\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\windows\microsoft.net\framework\v3.5\windows presentation foundation

\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla

firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref

( "capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6 ", "AllAccess ");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2009-10-19 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-3 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-10 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-3 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys

[2009-9-3 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-3 360584]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-6-29 146264]
R2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\atomic alarm\timeserv.exe [2008-10-3

415744]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-13 285392]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin

\AVGIDSAgent.exe [2009-12-13 5832712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12

-25 40960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-4

276816]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy

\SDWinSec.exe [2009-12-13 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe

[2009-8-27 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice

\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common

\ViewpointService.exe [2009-3-14 24652]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver

\platform_win7\AVGIDSDriver.sys [2009-10-19 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver

\platform_win7\AVGIDSFilter.sys [2009-10-19 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver

\platform_win7\AVGIDSShim.sys [2009-10-19 21208]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-16 19160]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-16 38224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:

\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-20 189440]
S2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-7-8

62776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers

\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-12 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe

[2009-2-6 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware

\AAWService.exe [2009-1-18 1028432]
S4 gupdate1c9868994777d0;Google Update Service (gupdate1c9868994777d0);c:\program files\google

\update\GoogleUpdate.exe [2009-2-4 133104]

=============== Created Last 30 ================

2009-12-14 18:39:54 0 d-----w- c:\program files\TrendMicro
2009-12-14 13:34:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-14 13:32:13 0 d-----w- c:\program files\Panicware
2009-12-14 05:42:41 0 d-----w- C:\544100646fa7a6b6b1445c7633
2009-12-14 05:21:26 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-14 05:00:08 0 d-----w- c:\program files\BHODemon 2
2009-12-14 03:59:56 0 d-----w- c:\users\quasar~1\appdata\roaming\OpenDNS Updater
2009-12-14 03:59:54 0 d-----w- c:\program files\OpenDNS Updater
2009-12-13 22:00:04 0 d-----w- c:\program files\ConvertHelper
2009-12-13 11:57:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-13 11:57:35 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 11:49:48 0 d-----w- c:\program files\Trend Micro
2009-12-07 18:22:49 0 d-----w- C:\cart
2009-12-05 15:20:17 0 d-----w- c:\windows\PCHEALTH
2009-12-04 22:38:41 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 22:33:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-04 11:21:15 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-04 09:30:02 30568 ----a-w- c:\windows\system32\mdimon.dll
2009-12-04 08:25:51 0 d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-12-04 08:15:30 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-04 08:15:22 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-04 08:15:22 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-04 08:15:21 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-04 08:15:21 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-04 08:15:21 2613248 ----a-w- c:\windows\explorer.exe
2009-12-04 08:15:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-04 08:15:20 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-04 08:15:20 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-04 08:15:20 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-04 05:18:14 0 d-----w- c:\users\quasar~1\appdata\roaming\Windows Live

Writer
2009-12-04 05:06:27 0 d-----w- C:\Roboform data backup
2009-12-04 04:43:32 0 d-----w- c:\program files\common files\Windows Live
2009-12-04 04:19:29 0 d-----w- c:\programdata\RegCure
2009-12-04 03:57:39 0 d-----w- c:\program files\MSECACHE
2009-12-03 17:29:53 0 d-----w- c:\programdata\page
2009-12-03 16:21:27 0 d-----w- c:\users\quasar~1\appdata\roaming\SoftMaker
2009-12-03 16:21:23 0 d-----w- c:\program files\Ashampoo
2009-12-03 15:15:19 0 d-----w- c:\program files\Microsoft Officexx
2009-12-03 14:26:09 0 d-----w- C:\office 7
2009-12-03 13:37:45 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-03 12:32:26 20 --sh--w- c:\users\quasarn01\ntuser.ini
2009-12-03 11:51:24 0 d-----w- c:\windows\Panther
2009-12-03 10:29:13 0 d-----w- c:\windows\system32\wbem\Performance
2009-12-03 09:01:21 0 d-----w- c:\users\quasarn01\dwhelper
2009-12-03 08:57:40 0 ---ha-w- c:\windows\system32\drivers

\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-03 08:57:18 0 d-----w- c:\windows\system32\RTCOM
2009-12-03 08:57:14 0 ---ha-w- c:\windows\system32\drivers

\Msft_Kernel_SynTP_01007.Wdf
2009-12-03 08:57:12 0 d-----w- c:\program files\Synaptics
2009-12-03 08:57:00 0 ---ha-w- c:\windows\system32\drivers

\Msft_User_WpdFs_01_09_00.Wdf
2009-12-03 02:14:11 0 d-sh--w- c:\windows\Installer
2009-12-03 02:09:19 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2009-12-03 01:08:39 0 d-----w- C:\inetpub
2009-12-02 19:41:08 0 d-----w- C:\kaqoo2_client
2009-12-02 19:36:15 0 d-sh--w- c:\users\quasarn01\.COMMgr
2009-12-02 18:20:55 0 d-----w- c:\program files\PTAutoRun
2009-12-02 18:20:45 249856 ----a-w- c:\windows\Setup1.exe
2009-12-02 18:20:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-30 00:09:39 0 d-----w- c:\program files\Digiarty
2009-11-29 23:58:07 0 d-----w- c:\program files\Ultra DVD Audio Ripper
2009-11-25 08:01:08 0 d-----w- c:\program files\MSXML 4.0
2009-11-23 02:18:37 262 ----a-w- C:\WirelessDiagLog.csv
2009-11-22 23:51:05 0 d-----w- c:\programdata\AIM
2009-11-22 23:50:53 0 d-----w- c:\program files\AIM
2009-11-22 23:50:47 0 d-----w- c:\program files\common files\Software Update

Utility
2009-11-17 20:17:17 0 d-----w- c:\programdata\eBay
2009-11-17 20:17:17 0 d-----w- c:\program files\eBay
2009-11-17 00:29:57 0 d-----w- c:\program files\MarketBrowser
2009-11-16 20:28:55 0 d-----w- c:\program files\Free Desktop Tools
2009-11-14 20:50:00 0 d-----w- c:\users\quasar~1\appdata\roaming\LEAPS

==================== Find3M ====================

2009-12-13 21:05:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-13 21:05:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-13 21:05:01 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2009-12-13 21:04:04 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 10:09:46 21412 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-23 13:50:36 122 ----a-w- c:\users\quasar~1\appdata\roaming\wklnhst.dat
2009-11-14 18:18:04 59240 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-11-14 18:18:04 38944 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-11-14 18:18:04 139264 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-11-13 19:31:40 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-11-13 19:31:40 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-11-04 07:59:00 17408 ----a-w- c:\windows\system32\drivers\dc3d.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 12:27:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-11 01:27:14 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2008-09-21 21:10:48 13 --sha-r- c:\windows\system32\drivers\fbd.sys
2008-09-21 21:10:45 4 --sha-r- c:\windows\system32\drivers\taishop.sys
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-

app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:26:37.54 ===============

Any help will be thoroughly appreciated...

PeteC · 2009/12/14

Welcome to WindowsBBS

Please post the contents of Attach.txt too.

quasarn01 · 2009/12/14

Sorry... Here is the attach.txt
***************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/3/2009 05:37:41
System Uptime: 12/14/2009 08:35:42 (7 hours ago)

Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | CPU | 2000/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 185 GiB total, 64.355 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP37: 12/4/2009 03:45:11 - Installed Microsoft Office Professional Plus 2007
RP39: 12/4/2009 04:10:25 - Installed Microsoft Office Professional Plus 2007
RP41: 12/4/2009 04:21:56 - Installed Microsoft Office Professional Plus 2007
RP43: 12/4/2009 04:36:18 - Removed Microsoft Office Professional Plus 2007
RP45: 12/4/2009 06:18:17 - Installed Microsoft Office Professional Plus 2007
RP46: 12/4/2009 17:32:48 - Windows Update
RP47: 12/4/2009 19:05:41 - Windows Update
RP48: 12/5/2009 03:00:24 - Windows Update
RP49: 12/5/2009 10:16:58 - Windows Update
RP50: 12/7/2009 12:13:30 - Installed Jasc Paint Shop Pro 8
RP51: 12/7/2009 12:16:45 - Windows Update
RP52: 12/9/2009 17:45:10 - Windows Update
RP53: 12/10/2009 11:24:18 - Windows Update
RP55: 12/13/2009 15:55:56 - Avg8 Update
RP57: 12/13/2009 16:05:22 - Avg8 Update
RP58: 12/13/2009 19:53:04 - Removed AnswerWorks 5.0 English Runtime
RP59: 12/14/2009 13:39:30 - Installed HiJackThis

==== Hosts File Hijack ======================

Hosts: 0.0.0.0 166.82.
Hosts: 0.0.0.0 193.69.
Hosts: 0.0.0.0 200.89.
Hosts: 0.0.0.0 212.113
Hosts: 0.0.0.0 213.219
Hosts: 0.0.0.0 213.248
Hosts: 0.0.0.0 216.200
Hosts: 0.0.0.0 221.82.
Hosts: 0.0.0.0 24.77.2
Hosts: 0.0.0.0 62.146.
Hosts: 0.0.0.0 63.210.
Hosts: 0.0.0.0 64.184.
Hosts: 0.0.0.0 68.116.
Hosts: 0.0.0.0 69.31.4
Hosts: 0.0.0.0 70.242.
Hosts: 0.0.0.0 71.206.
Hosts: 0.0.0.0 76.187.
Hosts: 0.0.0.0 76.217.
Hosts: 0.0.0.0 76.30.2
Hosts: 0.0.0.0 82.238.
Hosts: 0.0.0.0 82.77.4
Hosts: 0.0.0.0 84.53.1
Hosts: 0.0.0.0 84.53.1
Hosts: 0.0.0.0 86.15.1
Hosts: 0.0.0.0 86.21.5
Hosts: 0.0.0.0 96.53.1
Hosts: 0.0.0.0 98.192.
Hosts: 0.0.0.0 99.145.
Hosts: 0.0.0.0 aavar.o
Hosts: 0.0.0.0 acs.pan
Hosts: 0.0.0.0 adinf.c
Hosts: 0.0.0.0 ads.du-
Hosts: 0.0.0.0 advert-
Hosts: 0.0.0.0 adwarer
Hosts: 0.0.0.0 agnitum
Hosts: 0.0.0.0 agnitum
Hosts: 0.0.0.0 agnitum
Hosts: 0.0.0.0 aks.com
Hosts: 0.0.0.0 allnod.
Hosts: 0.0.0.0 allnod.
Hosts: 0.0.0.0 alwil.a
Hosts: 0.0.0.0 alwil.c
Hosts: 0.0.0.0 amtso.o
Hosts: 0.0.0.0 analysi
Hosts: 0.0.0.0 anet.cz
Hosts: 0.0.0.0 anti-ma
Hosts: 0.0.0.0 anti-ma
Hosts: 0.0.0.0 anti-vi
Hosts: 0.0.0.0 anti-vi
Hosts: 0.0.0.0 anti-vi
Hosts: 0.0.0.0 antiroo
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 antivir
Hosts: 0.0.0.0 anubis.
Hosts: 0.0.0.0 ar.atwo
Hosts: 0.0.0.0 asw.cz
Hosts: 0.0.0.0 atdmt.c
Hosts: 0.0.0.0 authent
Hosts: 0.0.0.0 av-comp
Hosts: 0.0.0.0 av-desk
Hosts: 0.0.0.0 av-test
Hosts: 0.0.0.0 av-test
Hosts: 0.0.0.0 av.ibm.
Hosts: 0.0.0.0 avast.c
Hosts: 0.0.0.0 avast.r
Hosts: 0.0.0.0 avertla
Hosts: 0.0.0.0 avg.com
Hosts: 0.0.0.0 avgfran
Hosts: 0.0.0.0 avira-a
Hosts: 0.0.0.0 avira.c
Hosts: 0.0.0.0 avira.d
Hosts: 0.0.0.0 avirt.c
Hosts: 0.0.0.0 avirus.
Hosts: 0.0.0.0 avirus.
Hosts: 0.0.0.0 avsoft.
Hosts: 0.0.0.0 avu.zon
Hosts: 0.0.0.0 avx.com
Hosts: 0.0.0.0 avxstor
Hosts: 0.0.0.0 awaps.n
Hosts: 0.0.0.0 benchma
Hosts: 0.0.0.0 bitdefe
Hosts: 0.0.0.0 bitdefe
Hosts: 0.0.0.0 bitdefe
Hosts: 0.0.0.0 bitdefe
Hosts: 0.0.0.0 bluesky
Hosts: 0.0.0.0 bobbear
Hosts: 0.0.0.0 br.tren
Hosts: 0.0.0.0 ca.mcaf
Hosts: 0.0.0.0 cai.com
Hosts: 0.0.0.0 calluna
Hosts: 0.0.0.0 candc1.
Hosts: 0.0.0.0 carboso
Hosts: 0.0.0.0 caworld
Hosts: 0.0.0.0 cc-soft
Hosts: 0.0.0.0 central
Hosts: 0.0.0.0 central
Hosts: 0.0.0.0 check-m
Hosts: 0.0.0.0 checkfl
Hosts: 0.0.0.0 checkvi
Hosts: 0.0.0.0 chekwar
Hosts: 0.0.0.0 cheyenn
Hosts: 0.0.0.0 citadel
Hosts: 0.0.0.0 clamav.
Hosts: 0.0.0.0 clamav.
Hosts: 0.0.0.0 clamsup
Hosts: 0.0.0.0 clamwin
Hosts: 0.0.0.0 clearic
Hosts: 0.0.0.0 click.a
Hosts: 0.0.0.0 clicks.
Hosts: 0.0.0.0 clinic.
Hosts: 0.0.0.0 command
Hosts: 0.0.0.0 comodo.
Hosts: 0.0.0.0 comodog
Hosts: 0.0.0.0 complex
Hosts: 0.0.0.0 conseal
Hosts: 0.0.0.0 csm-usa
Hosts: 0.0.0.0 custome
Hosts: 0.0.0.0 cybec.c
Hosts: 0.0.0.0 cyber.c
Hosts: 0.0.0.0 cybercr
Hosts: 0.0.0.0 cyberso
Hosts: 0.0.0.0 danu.ie
Hosts: 0.0.0.0 data.ka
Hosts: 0.0.0.0 databas
Hosts: 0.0.0.0 datafel
Hosts: 0.0.0.0 datapro
Hosts: 0.0.0.0 db.loca
Hosts: 0.0.0.0 de.mcaf
Hosts: 0.0.0.0 de.tren
Hosts: 0.0.0.0 deerfie
Hosts: 0.0.0.0 deltade
Hosts: 0.0.0.0 dialogn
Hosts: 0.0.0.0 dials.r
Hosts: 0.0.0.0 diamond
Hosts: 0.0.0.0 diamond
Hosts: 0.0.0.0 digi-fa
Hosts: 0.0.0.0 dispatc
Hosts: 0.0.0.0 disquic
Hosts: 0.0.0.0 dl1.agn
Hosts: 0.0.0.0 dl1.ant
Hosts: 0.0.0.0 dl2.agn
Hosts: 0.0.0.0 dl2.ant
Hosts: 0.0.0.0 dl3.ant
Hosts: 0.0.0.0 dl4.ant
Hosts: 0.0.0.0 dlpro.a
Hosts: 0.0.0.0 dnsstuf
Hosts: 0.0.0.0 domaint
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 downloa
Hosts: 0.0.0.0 dr-web.
Hosts: 0.0.0.0 drsolom
Hosts: 0.0.0.0 drweb.c
Hosts: 0.0.0.0 drweb.c
Hosts: 0.0.0.0 drweb.i
Hosts: 0.0.0.0 drweb.n
Hosts: 0.0.0.0 drweb.r
Hosts: 0.0.0.0 dw.com.
Hosts: 0.0.0.0 ealaddi
Hosts: 0.0.0.0 emdent.
Hosts: 0.0.0.0 engine.
Hosts: 0.0.0.0 enisa.e
Hosts: 0.0.0.0 enterpr
Hosts: 0.0.0.0 es.mcaf
Hosts: 0.0.0.0 es.tren
Hosts: 0.0.0.0 esafe.c
Hosts: 0.0.0.0 eset.co
Hosts: 0.0.0.0 eset.co
Hosts: 0.0.0.0 eset.eu
Hosts: 0.0.0.0 eset.sk
Hosts: 0.0.0.0 esetnod
Hosts: 0.0.0.0 esetsof
Hosts: 0.0.0.0 estore.
Hosts: 0.0.0.0 eu.shop
Hosts: 0.0.0.0 europe.
Hosts: 0.0.0.0 europe.
Hosts: 0.0.0.0 exectec
Hosts: 0.0.0.0 f-prot.
Hosts: 0.0.0.0 f-secur
Hosts: 0.0.0.0 f-secur
Hosts: 0.0.0.0 f-secur
Hosts: 0.0.0.0 f-secur
Hosts: 0.0.0.0 fastcli
Hosts: 0.0.0.0 ffg.com
Hosts: 0.0.0.0 files.f
Hosts: 0.0.0.0 files.r
Hosts: 0.0.0.0 files.t
Hosts: 0.0.0.0 finjan.
Hosts: 0.0.0.0 firetek
Hosts: 0.0.0.0 flowpro
Hosts: 0.0.0.0 forum.a
Hosts: 0.0.0.0 forum.b
Hosts: 0.0.0.0 forum.k
Hosts: 0.0.0.0 forum.k
Hosts: 0.0.0.0 forum.m
Hosts: 0.0.0.0 forums.
Hosts: 0.0.0.0 fr.bitd
Hosts: 0.0.0.0 fr.mcaf
Hosts: 0.0.0.0 fr.tren
Hosts: 0.0.0.0 fractus
Hosts: 0.0.0.0 fraudai
Hosts: 0.0.0.0 free-av
Hosts: 0.0.0.0 free-av
Hosts: 0.0.0.0 free.av
Hosts: 0.0.0.0 free.gr
Hosts: 0.0.0.0 free.gr
Hosts: 0.0.0.0 freedrw
Hosts: 0.0.0.0 freespa
Hosts: 0.0.0.0 fsecure
Hosts: 0.0.0.0 ftp.adi
Hosts: 0.0.0.0 ftp.ads
Hosts: 0.0.0.0 ftp.agn
Hosts: 0.0.0.0 ftp.aks
Hosts: 0.0.0.0 ftp.alw
Hosts: 0.0.0.0 ftp.alw
Hosts: 0.0.0.0 ftp.ane
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.ant
Hosts: 0.0.0.0 ftp.asw
Hosts: 0.0.0.0 ftp.av.
Hosts: 0.0.0.0 ftp.avi
Hosts: 0.0.0.0 ftp.avp
Hosts: 0.0.0.0 ftp.avp
Hosts: 0.0.0.0 ftp.avx
Hosts: 0.0.0.0 ftp.avx
Hosts: 0.0.0.0 ftp.ben
Hosts: 0.0.0.0 ftp.bit
Hosts: 0.0.0.0 ftp.ca.
Hosts: 0.0.0.0 ftp.ca.
Hosts: 0.0.0.0 ftp.cai
Hosts: 0.0.0.0 ftp.cal
Hosts: 0.0.0.0 ftp.can
Hosts: 0.0.0.0 ftp.car
Hosts: 0.0.0.0 ftp.caw
Hosts: 0.0.0.0 ftp.cc-
Hosts: 0.0.0.0 ftp.cen
Hosts: 0.0.0.0 ftp.che
Hosts: 0.0.0.0 ftp.che
Hosts: 0.0.0.0 ftp.che
Hosts: 0.0.0.0 ftp.cit
Hosts: 0.0.0.0 ftp.cle
Hosts: 0.0.0.0 ftp.cli
Hosts: 0.0.0.0 ftp.com
Hosts: 0.0.0.0 ftp.com
Hosts: 0.0.0.0 ftp.con
Hosts: 0.0.0.0 ftp.csm
Hosts: 0.0.0.0 ftp.cyb
Hosts: 0.0.0.0 ftp.cyb
Hosts: 0.0.0.0 ftp.cyb
Hosts: 0.0.0.0 ftp.dan
Hosts: 0.0.0.0 ftp.dat
Hosts: 0.0.0.0 ftp.dat
Hosts: 0.0.0.0 ftp.dee
Hosts: 0.0.0.0 ftp.del
Hosts: 0.0.0.0 ftp.dia
Hosts: 0.0.0.0 ftp.dis
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.dow
Hosts: 0.0.0.0 ftp.drs
Hosts: 0.0.0.0 ftp.drw
Hosts: 0.0.0.0 ftp.eal
Hosts: 0.0.0.0 ftp.emd
Hosts: 0.0.0.0 ftp.ent
Hosts: 0.0.0.0 ftp.esa
Hosts: 0.0.0.0 ftp.ese
Hosts: 0.0.0.0 ftp.est
Hosts: 0.0.0.0 ftp.eur
Hosts: 0.0.0.0 ftp.eur
Hosts: 0.0.0.0 ftp.exe
Hosts: 0.0.0.0 ftp.f-s
Hosts: 0.0.0.0 ftp.f-s
Hosts: 0.0.0.0 ftp.ffg
Hosts: 0.0.0.0 ftp.fin
Hosts: 0.0.0.0 ftp.fir
Hosts: 0.0.0.0 ftp.flo
Hosts: 0.0.0.0 ftp.fre
Hosts: 0.0.0.0 ftp.fse
Hosts: 0.0.0.0 ftp.gec
Hosts: 0.0.0.0 ftp.gec
Hosts: 0.0.0.0 ftp.gfi
Hosts: 0.0.0.0 ftp.gri
Hosts: 0.0.0.0 ftp.hac
Hosts: 0.0.0.0 ftp.hac
Hosts: 0.0.0.0 ftp.hel
Hosts: 0.0.0.0 ftp.hiw
Hosts: 0.0.0.0 ftp.hou
Hosts: 0.0.0.0 ftp.iba
Hosts: 0.0.0.0 ftp.ika
Hosts: 0.0.0.0 ftp.ika
Hosts: 0.0.0.0 ftp.inf
Hosts: 0.0.0.0 ftp.ino
Hosts: 0.0.0.0 ftp.int
Hosts: 0.0.0.0 ftp.inv
Hosts: 0.0.0.0 ftp.iri
Hosts: 0.0.0.0 ftp.jam
Hosts: 0.0.0.0 ftp.kas
Hosts: 0.0.0.0 ftp.kas
Hosts: 0.0.0.0 ftp.kas
Hosts: 0.0.0.0 ftp.kas
Hosts: 0.0.0.0 ftp.kf6
Hosts: 0.0.0.0 ftp.kry
Hosts: 0.0.0.0 ftp.lep
Hosts: 0.0.0.0 ftp.lin
Hosts: 0.0.0.0 ftp.liv
Hosts: 0.0.0.0 ftp.mar
Hosts: 0.0.0.0 ftp.mca
Hosts: 0.0.0.0 ftp.mca
Hosts: 0.0.0.0 ftp.mca
Hosts: 0.0.0.0 ftp.mca
Hosts: 0.0.0.0 ftp.mic
Hosts: 0.0.0.0 ftp.mid
Hosts: 0.0.0.0 ftp.mid
Hosts: 0.0.0.0 ftp.mks
Hosts: 0.0.0.0 ftp.moo
Hosts: 0.0.0.0 ftp.nai
Hosts: 0.0.0.0 ftp.nem
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.net
Hosts: 0.0.0.0 ftp.nms
Hosts: 0.0.0.0 ftp.nod
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nor
Hosts: 0.0.0.0 ftp.nov
Hosts: 0.0.0.0 ftp.ntg
Hosts: 0.0.0.0 ftp.osi
Hosts: 0.0.0.0 ftp.oxi
Hosts: 0.0.0.0 ftp.pan
Hosts: 0.0.0.0 ftp.par
Hosts: 0.0.0.0 ftp.par
Hosts: 0.0.0.0 ftp.pc-
Hosts: 0.0.0.0 ftp.per
Hosts: 0.0.0.0 ftp.pla
Hosts: 0.0.0.0 ftp.pop
Hosts: 0.0.0.0 ftp.por
Hosts: 0.0.0.0 ftp.pro
Hosts: 0.0.0.0 ftp.pro
Hosts: 0.0.0.0 ftp.psp
Hosts: 0.0.0.0 ftp.qui
Hosts: 0.0.0.0 ftp.rav
Hosts: 0.0.0.0 ftp.ref
Hosts: 0.0.0.0 ftp.res
Hosts: 0.0.0.0 ftp.res
Hosts: 0.0.0.0 ftp.rg-
Hosts: 0.0.0.0 ftp.saf
Hosts: 0.0.0.0 ftp.saf
Hosts: 0.0.0.0 ftp.sar
Hosts: 0.0.0.0 ftp.sba
Hosts: 0.0.0.0 ftp.sec
Hosts: 0.0.0.0 ftp.sec
Hosts: 0.0.0.0 ftp.sec
Hosts: 0.0.0.0 ftp.sec
Hosts: 0.0.0.0 ftp.sec
Hosts: 0.0.0.0 ftp.sha
Hosts: 0.0.0.0 ftp.sig
Hosts: 0.0.0.0 ftp.sma
Hosts: 0.0.0.0 ftp.sop
Hosts: 0.0.0.0 ftp.spy
Hosts: 0.0.0.0 ftp.sta
Hosts: 0.0.0.0 ftp.sti
Hosts: 0.0.0.0 ftp.sto
Hosts: 0.0.0.0 ftp.sup
Hosts: 0.0.0.0 ftp.syb
Hosts: 0.0.0.0 ftp.syb
Hosts: 0.0.0.0 ftp.syg
Hosts: 0.0.0.0 ftp.sym
Hosts: 0.0.0.0 ftp.sym
Hosts: 0.0.0.0 ftp.sym
Hosts: 0.0.0.0 ftp.sym
Hosts: 0.0.0.0 ftp.sys
Hosts: 0.0.0.0 ftp.thu
Hosts: 0.0.0.0 ftp.tin
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.tre
Hosts: 0.0.0.0 ftp.ugl
Hosts: 0.0.0.0 ftp.upd
Hosts: 0.0.0.0 ftp.upd
Hosts: 0.0.0.0 ftp.vbu
Hosts: 0.0.0.0 ftp.vca
Hosts: 0.0.0.0 ftp.vds
Hosts: 0.0.0.0 ftp.vet
Hosts: 0.0.0.0 ftp.vhc
Hosts: 0.0.0.0 ftp.vil
Hosts: 0.0.0.0 ftp.vir
Hosts: 0.0.0.0 ftp.vps
Hosts: 0.0.0.0 ftp.web
Hosts: 0.0.0.0 ftp.win
Hosts: 0.0.0.0 ftp.win
Hosts: 0.0.0.0 ftp.win
Hosts: 0.0.0.0 ftp.win
Hosts: 0.0.0.0 ftp.win
Hosts: 0.0.0.0 ftp.wtc
Hosts: 0.0.0.0 ftp.www
Hosts: 0.0.0.0 ftp.wyv
Hosts: 0.0.0.0 ftp.y2k
Hosts: 0.0.0.0 ftp.yam
Hosts: 0.0.0.0 ftp.zon
Hosts: 0.0.0.0 ftp.zon
Hosts: 0.0.0.0 ftpav.c
Hosts: 0.0.0.0 gecad.r
Hosts: 0.0.0.0 gecadso
Hosts: 0.0.0.0 gfi.com
Hosts: 0.0.0.0 gietl.c
Hosts: 0.0.0.0 gin.ba.
Hosts: 0.0.0.0 gmer.ne
Hosts: 0.0.0.0 go.micr
Hosts: 0.0.0.0 grisoft
Hosts: 0.0.0.0 hackerg
Hosts: 0.0.0.0 hackerw
Hosts: 0.0.0.0 hacksof
Hosts: 0.0.0.0 hbedv.c
Hosts: 0.0.0.0 helpvir
Hosts: 0.0.0.0 hiwire.
Hosts: 0.0.0.0 home.mc
Hosts: 0.0.0.0 houseca
Hosts: 0.0.0.0 houseca
Hosts: 0.0.0.0 houseca
Hosts: 0.0.0.0 ibas.no
Hosts: 0.0.0.0 icsalab
Hosts: 0.0.0.0 ids.kas
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ieupdat
Hosts: 0.0.0.0 ika-rus
Hosts: 0.0.0.0 ikarus-
Hosts: 0.0.0.0 ikarus-
Hosts: 0.0.0.0 ikarus.
Hosts: 0.0.0.0 info.ba
Hosts: 0.0.0.0 infopul
Hosts: 0.0.0.0 inline-
Hosts: 0.0.0.0 inocula
Hosts: 0.0.0.0 interna
Hosts: 0.0.0.0 interne
Hosts: 0.0.0.0 invirci
Hosts: 0.0.0.0 irisav.
Hosts: 0.0.0.0 iseclab
Hosts: 0.0.0.0 it.mcaf
Hosts: 0.0.0.0 it.tren
Hosts: 0.0.0.0 jammer.
Hosts: 0.0.0.0 joebox.
Hosts: 0.0.0.0 k-otik.
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kaspers
Hosts: 0.0.0.0 kavdump
Hosts: 0.0.0.0 kerio.c
Hosts: 0.0.0.0 kf6ope.
Hosts: 0.0.0.0 kryptoc
Hosts: 0.0.0.0 lavasof
Hosts: 0.0.0.0 lavasof
Hosts: 0.0.0.0 leprech
Hosts: 0.0.0.0 linkbyt
Hosts: 0.0.0.0 lists.c
Hosts: 0.0.0.0 litler.
Hosts: 0.0.0.0 liveupd
Hosts: 0.0.0.0 liveupd
Hosts: 0.0.0.0 liveupd
Hosts: 0.0.0.0 logs.dr
Hosts: 0.0.0.0 lurker.
Hosts: 0.0.0.0 malware
Hosts: 0.0.0.0 marshal
Hosts: 0.0.0.0 mast.mc
Hosts: 0.0.0.0 mcafee-
Hosts: 0.0.0.0 mcafee-
Hosts: 0.0.0.0 mcafee-
Hosts: 0.0.0.0 mcafee.
Hosts: 0.0.0.0 mcafeeb
Hosts: 0.0.0.0 mcafees
Hosts: 0.0.0.0 mcafees
Hosts: 0.0.0.0 mcafees
Hosts: 0.0.0.0 mcafees
Hosts: 0.0.0.0 media.f
Hosts: 0.0.0.0 microfi
Hosts: 0.0.0.0 microso
Hosts: 0.0.0.0 microso
Hosts: 0.0.0.0 microso
Hosts: 0.0.0.0 microwo
Hosts: 0.0.0.0 midcore
Hosts: 0.0.0.0 midpoin
Hosts: 0.0.0.0 misec.n
Hosts: 0.0.0.0 mks.com
Hosts: 0.0.0.0 moosoft
Hosts: 0.0.0.0 msdn.mi
Hosts: 0.0.0.0 msk4.dr
Hosts: 0.0.0.0 mwcolle
Hosts: 0.0.0.0 mx.mcaf
Hosts: 0.0.0.0 my-etru
Hosts: 0.0.0.0 myaccou
Hosts: 0.0.0.0 nbi.gov
Hosts: 0.0.0.0 nemx.co
Hosts: 0.0.0.0 nepenth
Hosts: 0.0.0.0 netcplu
Hosts: 0.0.0.0 netpro.
Hosts: 0.0.0.0 netsire
Hosts: 0.0.0.0 network
Hosts: 0.0.0.0 network
Hosts: 0.0.0.0 network
Hosts: 0.0.0.0 netzcom
Hosts: 0.0.0.0 new.sna
Hosts: 0.0.0.0 niuone.
Hosts: 0.0.0.0 niutwo.
Hosts: 0.0.0.0 nms.lan
Hosts: 0.0.0.0 noadwar
Hosts: 0.0.0.0 nod-32.
Hosts: 0.0.0.0 nod32.c
Hosts: 0.0.0.0 nod32.c
Hosts: 0.0.0.0 nod32.i
Hosts: 0.0.0.0 nod32.n
Hosts: 0.0.0.0 nod32.s
Hosts: 0.0.0.0 nod32es
Hosts: 0.0.0.0 nordnet
Hosts: 0.0.0.0 norman-
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 norman.
Hosts: 0.0.0.0 normani
Hosts: 0.0.0.0 normanu
Hosts: 0.0.0.0 norton.
Hosts: 0.0.0.0 novasto
Hosts: 0.0.0.0 novirus
Hosts: 0.0.0.0 nsclean
Hosts: 0.0.0.0 nsslabs
Hosts: 0.0.0.0 ntguard
Hosts: 0.0.0.0 offensi
Hosts: 0.0.0.0 office.
Hosts: 0.0.0.0 onecare
Hosts: 0.0.0.0 onlines
Hosts: 0.0.0.0 open.by
Hosts: 0.0.0.0 openant
Hosts: 0.0.0.0 ositis.
Hosts: 0.0.0.0 outpost
Hosts: 0.0.0.0 oxi.net
Hosts: 0.0.0.0 pandase
Hosts: 0.0.0.0 pandaso
Hosts: 0.0.0.0 parentv
Hosts: 0.0.0.0 parking
Hosts: 0.0.0.0 parsons
Hosts: 0.0.0.0 pc-cill
Hosts: 0.0.0.0 pccreg.
Hosts: 0.0.0.0 persona
Hosts: 0.0.0.0 persyst
Hosts: 0.0.0.0 pestpat
Hosts: 0.0.0.0 phx.cor
Hosts: 0.0.0.0 picture
Hosts: 0.0.0.0 plasmat
Hosts: 0.0.0.0 popup.m
Hosts: 0.0.0.0 portcul
Hosts: 0.0.0.0 prevx.c
Hosts: 0.0.0.0 project
Hosts: 0.0.0.0 protect
Hosts: 0.0.0.0 proxy-p
Hosts: 0.0.0.0 proxypl
Hosts: 0.0.0.0 pspl.co
Hosts: 0.0.0.0 quickhe
Hosts: 0.0.0.0 radius.
Hosts: 0.0.0.0 rads.mc
Hosts: 0.0.0.0 rav.ro
Hosts: 0.0.0.0 ravanti
Hosts: 0.0.0.0 reflex-
Hosts: 0.0.0.0 report.
Hosts: 0.0.0.0 reselle
Hosts: 0.0.0.0 resq.co
Hosts: 0.0.0.0 retail.
Hosts: 0.0.0.0 retail0
Hosts: 0.0.0.0 retail0
Hosts: 0.0.0.0 rg-av.c
Hosts: 0.0.0.0 ripe.ne
Hosts: 0.0.0.0 rokop-s
Hosts: 0.0.0.0 rs02.av
Hosts: 0.0.0.0 rs03.av
Hosts: 0.0.0.0 rs06.av
Hosts: 0.0.0.0 rs07.av
Hosts: 0.0.0.0 rs08.av
Hosts: 0.0.0.0 rs10.av
Hosts: 0.0.0.0 rs11.av
Hosts: 0.0.0.0 rs18.av
Hosts: 0.0.0.0 rs20.av
Hosts: 0.0.0.0 rs24.av
Hosts: 0.0.0.0 ru.clam
Hosts: 0.0.0.0 ru.mcaf
Hosts: 0.0.0.0 safe.ne
Hosts: 0.0.0.0 safetyn
Hosts: 0.0.0.0 safeweb
Hosts: 0.0.0.0 sald.co
Hosts: 0.0.0.0 sandbox
Hosts: 0.0.0.0 sandbox
Hosts: 0.0.0.0 sarc.co
Hosts: 0.0.0.0 sbabr.c
Hosts: 0.0.0.0 scambus
Hosts: 0.0.0.0 scanale
Hosts: 0.0.0.0 sectool
Hosts: 0.0.0.0 secure.
Hosts: 0.0.0.0 secure.
Hosts: 0.0.0.0 securen
Hosts: 0.0.0.0 securet
Hosts: 0.0.0.0 securit
Hosts: 0.0.0.0 securit
Hosts: 0.0.0.0 securit
Hosts: 0.0.0.0 securit
Hosts: 0.0.0.0 securit
Hosts: 0.0.0.0 secuser
Hosts: 0.0.0.0 secuser
Hosts: 0.0.0.0 service
Hosts: 0.0.0.0 service
Hosts: 0.0.0.0 service
Hosts: 0.0.0.0 sextv1.
Hosts: 0.0.0.0 sharpte
Hosts: 0.0.0.0 shop.ca
Hosts: 0.0.0.0 shop.mc
Hosts: 0.0.0.0 shop.sy
Hosts: 0.0.0.0 shop.sy
Hosts: 0.0.0.0 siblog.
Hosts: 0.0.0.0 signal9
Hosts: 0.0.0.0 simplys
Hosts: 0.0.0.0 siteadv
Hosts: 0.0.0.0 sm01.av
Hosts: 0.0.0.0 sm04.av
Hosts: 0.0.0.0 sm05.av
Hosts: 0.0.0.0 sm09.av
Hosts: 0.0.0.0 sm12.av
Hosts: 0.0.0.0 sm13.av
Hosts: 0.0.0.0 sm14.av
Hosts: 0.0.0.0 sm15.av
Hosts: 0.0.0.0 sm16.av
Hosts: 0.0.0.0 sm17.av
Hosts: 0.0.0.0 sm19.av
Hosts: 0.0.0.0 sm21.av
Hosts: 0.0.0.0 sm22.av
Hosts: 0.0.0.0 sm23.av
Hosts: 0.0.0.0 sm25.av
Hosts: 0.0.0.0 smallbi
Hosts: 0.0.0.0 sophos.
Hosts: 0.0.0.0 spamcop
Hosts: 0.0.0.0 spamtra
Hosts: 0.0.0.0 spd.atd
Hosts: 0.0.0.0 speed-r
Hosts: 0.0.0.0 spybloc
Hosts: 0.0.0.0 spytech
Hosts: 0.0.0.0 spyware
Hosts: 0.0.0.0 spyware
Hosts: 0.0.0.0 sshop.a
Hosts: 0.0.0.0 starlab
Hosts: 0.0.0.0 staysaf
Hosts: 0.0.0.0 stiller
Hosts: 0.0.0.0 store.m
Hosts: 0.0.0.0 sunbelt
Hosts: 0.0.0.0 superan
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 support
Hosts: 0.0.0.0 sybari.
Hosts: 0.0.0.0 syberge
Hosts: 0.0.0.0 sygate.
Hosts: 0.0.0.0 symante
Hosts: 0.0.0.0 symante
Hosts: 0.0.0.0 symante
Hosts: 0.0.0.0 symante
Hosts: 0.0.0.0 sysinte
Hosts: 0.0.0.0 tds.dia
Hosts: 0.0.0.0 thcway.
Hosts: 0.0.0.0 threate
Hosts: 0.0.0.0 thunder
Hosts: 0.0.0.0 tinysof
Hosts: 0.0.0.0 treasur
Hosts: 0.0.0.0 trend.c
Hosts: 0.0.0.0 trend.n
Hosts: 0.0.0.0 trend.o
Hosts: 0.0.0.0 trendmi
Hosts: 0.0.0.0 trendmi
Hosts: 0.0.0.0 trendmi
Hosts: 0.0.0.0 trendmi
Hosts: 0.0.0.0 uglywar
Hosts: 0.0.0.0 uk.mcaf
Hosts: 0.0.0.0 uk.tren
Hosts: 0.0.0.0 unpck.c
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 update.
Hosts: 0.0.0.0 updater
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 updates
Hosts: 0.0.0.0 upgrade
Hosts: 0.0.0.0 us.mcaf
Hosts: 0.0.0.0 us.tren
Hosts: 0.0.0.0 v4.wind
Hosts: 0.0.0.0 v5.wind
Hosts: 0.0.0.0 vba32.d
Hosts: 0.0.0.0 vbuster
Hosts: 0.0.0.0 vcatch.
Hosts: 0.0.0.0 vdsarg.
Hosts: 0.0.0.0 vet.com
Hosts: 0.0.0.0 vhc.se
Hosts: 0.0.0.0 vil.nai
Hosts: 0.0.0.0 virusal
Hosts: 0.0.0.0 virusbl
Hosts: 0.0.0.0 virusin
Hosts: 0.0.0.0 virusla
Hosts: 0.0.0.0 virusli
Hosts: 0.0.0.0 virusli
Hosts: 0.0.0.0 virusmd
Hosts: 0.0.0.0 virussc
Hosts: 0.0.0.0 virusto
Hosts: 0.0.0.0 visuali
Hosts: 0.0.0.0 vps.co.
Hosts: 0.0.0.0 vsantiv
Hosts: 0.0.0.0 vupen.c
Hosts: 0.0.0.0 w32.cla
Hosts: 0.0.0.0 web.oxi
Hosts: 0.0.0.0 webroot
Hosts: 0.0.0.0 wepawet
Hosts: 0.0.0.0 wiki.cl
Hosts: 0.0.0.0 wilders
Hosts: 0.0.0.0 wildlis
Hosts: 0.0.0.0 winbutl
Hosts: 0.0.0.0 windows
Hosts: 0.0.0.0 wingate
Hosts: 0.0.0.0 wingate
Hosts: 0.0.0.0 winprox
Hosts: 0.0.0.0 winprox
Hosts: 0.0.0.0 wintern
Hosts: 0.0.0.0 worldad
Hosts: 0.0.0.0 wtc.tre
Hosts: 0.0.0.0 www.a-2
Hosts: 0.0.0.0 www.aav
Hosts: 0.0.0.0 www.abc
Hosts: 0.0.0.0 www.adi
Hosts: 0.0.0.0 www.ads
Hosts: 0.0.0.0 www.adw
Hosts: 0.0.0.0 www.agn
Hosts: 0.0.0.0 www.agn
Hosts: 0.0.0.0 www.agn
Hosts: 0.0.0.0 www.aks
Hosts: 0.0.0.0 www.all
Hosts: 0.0.0.0 www.all
Hosts: 0.0.0.0 www.alu
Hosts: 0.0.0.0 www.alw
Hosts: 0.0.0.0 www.alw
Hosts: 0.0.0.0 www.amt
Hosts: 0.0.0.0 www.ane
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.ant
Hosts: 0.0.0.0 www.asw
Hosts: 0.0.0.0 www.att
Hosts: 0.0.0.0 www.aut
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.av-
Hosts: 0.0.0.0 www.av.
Hosts: 0.0.0.0 www.ava
Hosts: 0.0.0.0 www.ava
Hosts: 0.0.0.0 www.ave
Hosts: 0.0.0.0 www.avg
Hosts: 0.0.0.0 www.avg
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avi
Hosts: 0.0.0.0 www.avp
Hosts: 0.0.0.0 www.avp
Hosts: 0.0.0.0 www.avp
Hosts: 0.0.0.0 www.avs
Hosts: 0.0.0.0 www.avx
Hosts: 0.0.0.0 www.avx
Hosts: 0.0.0.0 www.awa
Hosts: 0.0.0.0 www.ben
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bit
Hosts: 0.0.0.0 www.bla
Hosts: 0.0.0.0 www.bob
Hosts: 0.0.0.0 www.ca.
Hosts: 0.0.0.0 www.cai
Hosts: 0.0.0.0 www.cal
Hosts: 0.0.0.0 www.can
Hosts: 0.0.0.0 www.car
Hosts: 0.0.0.0 www.caw
Hosts: 0.0.0.0 www.cc-
Hosts: 0.0.0.0 www.ccs
Hosts: 0.0.0.0 www.cen
Hosts: 0.0.0.0 www.cen
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 www.che
Hosts: 0.0.0.0 www.cit
Hosts: 0.0.0.0 www.cla
Hosts: 0.0.0.0 www.cla
Hosts: 0.0.0.0 www.cle
Hosts: 0.0.0.0 www.cli
Hosts: 0.0.0.0 www.com
Hosts: 0.0.0.0 www.com
Hosts: 0.0.0.0 www.com
Hosts: 0.0.0.0 www.com
Hosts: 0.0.0.0 www.com
Hosts: 0.0.0.0 www.con
Hosts: 0.0.0.0 www.csm
Hosts: 0.0.0.0 www.cyb
Hosts: 0.0.0.0 www.cyb
Hosts: 0.0.0.0 www.cyb
Hosts: 0.0.0.0 www.cyb
Hosts: 0.0.0.0 www.cyb
Hosts: 0.0.0.0 www.dan
Hosts: 0.0.0.0 www.dat
Hosts: 0.0.0.0 www.dat
Hosts: 0.0.0.0 www.dee
Hosts: 0.0.0.0 www.del
Hosts: 0.0.0.0 www.dia
Hosts: 0.0.0.0 www.dia
Hosts: 0.0.0.0 www.dia
Hosts: 0.0.0.0 www.dis
Hosts: 0.0.0.0 www.dns
Hosts: 0.0.0.0 www.dom
Hosts: 0.0.0.0 www.dow
Hosts: 0.0.0.0 www.dow
Hosts: 0.0.0.0 www.dow
Hosts: 0.0.0.0 www.dow
Hosts: 0.0.0.0 www.dow
Hosts: 0.0.0.0 www.dr-
Hosts: 0.0.0.0 www.drs
Hosts: 0.0.0.0 www.drw
Hosts: 0.0.0.0 www.drw
Hosts: 0.0.0.0 www.drw
Hosts: 0.0.0.0 www.drw
Hosts: 0.0.0.0 www.eal
Hosts: 0.0.0.0 www.eic
Hosts: 0.0.0.0 www.emd
Hosts: 0.0.0.0 www.ems
Hosts: 0.0.0.0 www.eni
Hosts: 0.0.0.0 www.ent
Hosts: 0.0.0.0 www.esa
Hosts: 0.0.0.0 www.ese
Hosts: 0.0.0.0 www.ese
Hosts: 0.0.0.0 www.ese
Hosts: 0.0.0.0 www.ese
Hosts: 0.0.0.0 www.ese
Hosts: 0.0.0.0 www.est
Hosts: 0.0.0.0 www.eur
Hosts: 0.0.0.0 www.eur
Hosts: 0.0.0.0 www.exe
Hosts: 0.0.0.0 www.f-p
Hosts: 0.0.0.0 www.f-s
Hosts: 0.0.0.0 www.f-s
Hosts: 0.0.0.0 www.f-s
Hosts: 0.0.0.0 www.f-s
Hosts: 0.0.0.0 www.fas
Hosts: 0.0.0.0 www.ffg
Hosts: 0.0.0.0 www.fin
Hosts: 0.0.0.0 www.fir
Hosts: 0.0.0.0 www.flo
Hosts: 0.0.0.0 www.fms
Hosts: 0.0.0.0 www.for
Hosts: 0.0.0.0 www.fra
Hosts: 0.0.0.0 www.fre
Hosts: 0.0.0.0 www.fre
Hosts: 0.0.0.0 www.fre
Hosts: 0.0.0.0 www.fre
Hosts: 0.0.0.0 www.fsa
Hosts: 0.0.0.0 www.fse
Hosts: 0.0.0.0 www.gec
Hosts: 0.0.0.0 www.gec
Hosts: 0.0.0.0 www.gfi
Hosts: 0.0.0.0 www.gie
Hosts: 0.0.0.0 www.gme
Hosts: 0.0.0.0 www.gri
Hosts: 0.0.0.0 www.gri
Hosts: 0.0.0.0 www.gwa
Hosts: 0.0.0.0 www.hac
Hosts: 0.0.0.0 www.hac
Hosts: 0.0.0.0 www.hac
Hosts: 0.0.0.0 www.hbe
Hosts: 0.0.0.0 www.hel
Hosts: 0.0.0.0 www.hiw
Hosts: 0.0.0.0 www.hou
Hosts: 0.0.0.0 www.hou
Hosts: 0.0.0.0 www.i-n
Hosts: 0.0.0.0 www.iav
Hosts: 0.0.0.0 www.iba
Hosts: 0.0.0.0 www.ics
Hosts: 0.0.0.0 www.ika
Hosts: 0.0.0.0 www.ika
Hosts: 0.0.0.0 www.ika
Hosts: 0.0.0.0 www.ika
Hosts: 0.0.0.0 www.in-
Hosts: 0.0.0.0 www.inf
Hosts: 0.0.0.0 www.inl
Hosts: 0.0.0.0 www.ino
Hosts: 0.0.0.0 www.int
Hosts: 0.0.0.0 www.int
Hosts: 0.0.0.0 www.inv
Hosts: 0.0.0.0 www.iri
Hosts: 0.0.0.0 www.ise
Hosts: 0.0.0.0 www.jam
Hosts: 0.0.0.0 www.jav
Hosts: 0.0.0.0 www.joe
Hosts: 0.0.0.0 www.k-o
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.Kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.kas
Hosts: 0.0.0.0 www.ker
Hosts: 0.0.0.0 www.ker
Hosts: 0.0.0.0 www.kf6
Hosts: 0.0.0.0 www.kry
Hosts: 0.0.0.0 www.lav
Hosts: 0.0.0.0 www.lav
Hosts: 0.0.0.0 www.lav
Hosts: 0.0.0.0 www.lep
Hosts: 0.0.0.0 www.lin
Hosts: 0.0.0.0 www.liu
Hosts: 0.0.0.0 www.liv
Hosts: 0.0.0.0 www.loo
Hosts: 0.0.0.0 www.mal
Hosts: 0.0.0.0 www.mal
Hosts: 0.0.0.0 www.mar
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.mca
Hosts: 0.0.0.0 www.meg
Hosts: 0.0.0.0 www.met
Hosts: 0.0.0.0 www.mic
Hosts: 0.0.0.0 www.mic
Hosts: 0.0.0.0 www.mid
Hosts: 0.0.0.0 www.mid
Hosts: 0.0.0.0 www.mis
Hosts: 0.0.0.0 www.mks
Hosts: 0.0.0.0 www.mon
Hosts: 0.0.0.0 www.moo
Hosts: 0.0.0.0 www.my-
Hosts: 0.0.0.0 www.nai
Hosts: 0.0.0.0 www.nbi
Hosts: 0.0.0.0 www.nem
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.net
Hosts: 0.0.0.0 www.nms
Hosts: 0.0.0.0 www.NoA
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nod
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nor
Hosts: 0.0.0.0 www.nov
Hosts: 0.0.0.0 www.nov
Hosts: 0.0.0.0 www.nsc
Hosts: 0.0.0.0 www.nss
Hosts: 0.0.0.0 www.ntg
Hosts: 0.0.0.0 www.off
Hosts: 0.0.0.0 www.ope
Hosts: 0.0.0.0 www.ope
Hosts: 0.0.0.0 www.osi
Hosts: 0.0.0.0 www.out
Hosts: 0.0.0.0 www.oxi
Hosts: 0.0.0.0 www.pan
Hosts: 0.0.0.0 www.pan
Hosts: 0.0.0.0 www.pan
Hosts: 0.0.0.0 www.par
Hosts: 0.0.0.0 www.par
Hosts: 0.0.0.0 www.pc-
Hosts: 0.0.0.0 www.per
Hosts: 0.0.0.0 www.per
Hosts: 0.0.0.0 www.pes
Hosts: 0.0.0.0 www.pla
Hosts: 0.0.0.0 www.pol
Hosts: 0.0.0.0 www.pop
Hosts: 0.0.0.0 www.por
Hosts: 0.0.0.0 www.pre
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 www.pro
Hosts: 0.0.0.0 www.psn
Hosts: 0.0.0.0 www.psp
Hosts: 0.0.0.0 www.qui
Hosts: 0.0.0.0 www.rav
Hosts: 0.0.0.0 www.rav
Hosts: 0.0.0.0 www.ref
Hosts: 0.0.0.0 www.res
Hosts: 0.0.0.0 www.res
Hosts: 0.0.0.0 www.rg-
Hosts: 0.0.0.0 www.rip
Hosts: 0.0.0.0 www.rob
Hosts: 0.0.0.0 www.rok
Hosts: 0.0.0.0 www.saf
Hosts: 0.0.0.0 www.saf
Hosts: 0.0.0.0 www.saf
Hosts: 0.0.0.0 www.saf
Hosts: 0.0.0.0 www.sal
Hosts: 0.0.0.0 www.san
Hosts: 0.0.0.0 www.sar
Hosts: 0.0.0.0 www.sba
Hosts: 0.0.0.0 www.sca
Hosts: 0.0.0.0 www.sca
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.sec
Hosts: 0.0.0.0 www.ser
Hosts: 0.0.0.0 www.sha
Hosts: 0.0.0.0 www.sig
Hosts: 0.0.0.0 www.sim
Hosts: 0.0.0.0 www.sit
Hosts: 0.0.0.0 www.sma
Hosts: 0.0.0.0 www.sop
Hosts: 0.0.0.0 www.sop
Hosts: 0.0.0.0 www.spa
Hosts: 0.0.0.0 www.spa
Hosts: 0.0.0.0 www.spa
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 www.spy
Hosts: 0.0.0.0 www.sta
Hosts: 0.0.0.0 www.sta
Hosts: 0.0.0.0 www.sti
Hosts: 0.0.0.0 www.sto
Hosts: 0.0.0.0 www.sun
Hosts: 0.0.0.0 www.sup
Hosts: 0.0.0.0 www.sup
Hosts: 0.0.0.0 www.syb
Hosts: 0.0.0.0 www.syb
Hosts: 0.0.0.0 www.syg
Hosts: 0.0.0.0 www.sym
Hosts: 0.0.0.0 www.sym
Hosts: 0.0.0.0 www.sym
Hosts: 0.0.0.0 www.sym
Hosts: 0.0.0.0 www.sys
Hosts: 0.0.0.0 www.thr
Hosts: 0.0.0.0 www.thu
Hosts: 0.0.0.0 www.tin
Hosts: 0.0.0.0 www.too
Hosts: 0.0.0.0 www.tra
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.tre
Hosts: 0.0.0.0 www.ugl
Hosts: 0.0.0.0 www.upd
Hosts: 0.0.0.0 www.upd
Hosts: 0.0.0.0 www.vba
Hosts: 0.0.0.0 www.vbu
Hosts: 0.0.0.0 www.vca
Hosts: 0.0.0.0 www.vds
Hosts: 0.0.0.0 www.vet
Hosts: 0.0.0.0 www.vhc
Hosts: 0.0.0.0 www.vig
Hosts: 0.0.0.0 www.vil
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vir
Hosts: 0.0.0.0 www.vis
Hosts: 0.0.0.0 www.vps
Hosts: 0.0.0.0 www.vsa
Hosts: 0.0.0.0 www.vup
Hosts: 0.0.0.0 www.web
Hosts: 0.0.0.0 www.web
Hosts: 0.0.0.0 www.wil
Hosts: 0.0.0.0 www.wil
Hosts: 0.0.0.0 www.wil
Hosts: 0.0.0.0 www.wil
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.win
Hosts: 0.0.0.0 www.wtc
Hosts: 0.0.0.0 www.www
Hosts: 0.0.0.0 www.wyv
Hosts: 0.0.0.0 www.x-c
Hosts: 0.0.0.0 www.y2k
Hosts: 0.0.0.0 www.yam
Hosts: 0.0.0.0 www.z-o
Hosts: 0.0.0.0 www.zeu
Hosts: 0.0.0.0 www.zey
Hosts: 0.0.0.0 www.zon
Hosts: 0.0.0.0 www.zon
Hosts: 0.0.0.0 www.zon
Hosts: 0.0.0.0 www.zon
Hosts: 0.0.0.0 www1.av
Hosts: 0.0.0.0 www1.my
Hosts: 0.0.0.0 www2.es
Hosts: 0.0.0.0 www3.ca
Hosts: 0.0.0.0 www3.ma
Hosts: 0.0.0.0 www3.wi
Hosts: 0.0.0.0 wwww.mc
Hosts: 0.0.0.0 wyvernw
Hosts: 0.0.0.0 y2kbrad
Hosts: 0.0.0.0 yamasof
Hosts: 0.0.0.0 z-oleg.
Hosts: 0.0.0.0 zak.avi
Hosts: 0.0.0.0 zeustra
Hosts: 0.0.0.0 zoneala
Hosts: 0.0.0.0 zonelab
Hosts: 0.0.0.0 zonelog

==== Installed Programs ======================

µTorrent
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
AI RoboForm (All Users)
AIM 7
Alarm 2.0.4
Alarm Clock Pro
AnswerWorks 5.0 English Runtime
AOL Email Toolbar
AOL Mail and AIM Gadget
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2008)
Atomic Alarm Clock 5.85
Audacity 1.2.6
Audio Editor Deluxe v9.5.1
AutoUpdate
AVG 9.0
AVI DivX to DVD SVCD VCD Converter 2.2.2
Bible Code Oracle
BitRecorder
BitTorrent
BlackBerry Desktop Software 4.7
BlackBerry Device Software Updater
BOINC
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Choice Guard
CoffeeCup HTML Editor 2008
CoffeeCup Web Form Builder - Registered
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Corel WinDVD 9
CSE HTML Validator Lite v6.52
CSE HTML Validator Professional v9.01
CuteFTP 8 Professional
CuteHTML Pro 6
CuteSITE Builder
DHTML Editing Component
Digital Voice Recorder
Distributed Password Recovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
eBay Toolbar Featuring Yahoo!
Email Charger 2.0
FileASSASSIN
FileZilla Client 3.2.8.1
GearDrvs
Global Mapper 10
GlobalSCAPE Web Survey
Gold Wave Editor v10.5.5
Google Chrome
Google Desktop
Google Earth
Google Gears
Google SketchUp 7
Google Update Helper
Guitar Pro 5.2
H.264 Decoder
HiJackThis
HijackThis 2.0.2
HTML-Kit
IBP 9.0.3
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPP Port Monitor
Ipswitch WS_FTP 12
Jasc Animation Shop 3
Jasc Paint Shop Pro 8
Java(TM) 6 Update 3
Junk Mail filter update
K-Lite Codec Pack 3.9.0 Standard
Kai's SuperGOO
Karaoke Builder Studio 3.x
Karen's Autorun.inf Editor
kSolo Recorder
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Lexmark 3400 Series
LG USB Modem driver
Logitech Vid
Malwarebytes' Anti-Malware
mCorev32.ism_new
mCPlug
mHelp
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2008
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MKV Splitter
mMHouse
Mozilla Embedded Browser version 2.0
Mozilla Firefox (3.5.5)
MP3 Audio Splitter Joiner 3.00
mPfMgr
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Alarm Clock
Nero 9 Trial
Nero 9.0.9.4 Lite
Nero Installer
neroxml
Next Generation Visualisations
Norton 360
NuSphere PhpED version 5.6
Nvu 1.0PR
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2
Opera 9.63
PC Pitstop Optimize 1.5
php-5.2.6 for NuSphere PhpED
Php Documentor version 1.4.2 for NuSphere PhpED
Polystyle 2.0zo (trial) for NuSphere PhpED
PowerISO
QuickBooks Financial Center
QuickTime
Radar Website Monitor 4
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RegCure 2.0.0.0
RegistryFix v7.0
Roxio Media Manager
RTC Client API v1.2
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Simple Port Forwarding
Skype web features
Skype™ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Super DVD Creator 9.8 Full Version
Synaptics Pointing Device Driver
TMPGEnc Authoring Works 4
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Value Added Package
Turbo Lister 2
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Ultra DVD Audio Ripper 3.2.0822
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
V CAST Music Manager
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Virtual Earth 3D (Beta)
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WeatherBug
Web Easy Professional
Web Easy Professional 8
Web Page Maker V3.1
Windows Live Call
Windows Live Communications Platform
Windows Live Family Safety
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinX DVD Ripper Platinum 5.1.6
Xilisoft DVD Ripper Ultimate
Yahoo! Messenger
Yahoo! Software Update
ZumoDrive

==== Event Viewer Messages From Past Week ========

12/14/2009 08:38:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/14/2009 08:37:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
12/14/2009 08:37:19, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
12/14/2009 01:09:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
12/14/2009 01:09:04, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 23:09:39, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/13/2009 20:29:22, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/13/2009 20:28:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2009 20:28:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/13/2009 20:28:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/13/2009 20:28:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2009 20:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/13/2009 20:28:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CbFs Cdr4_xp CSC DfsC discache kl1 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 10:35:29, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
12/13/2009 08:48:05, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Windows\system32\svchost.exe Process Id: 948 Publisher: Microsoft Corporation
12/12/2009 11:53:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
12/12/2009 07:07:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/10/2009 00:17:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

==== End Of File ===========================

PeteC · 2009/12/14

I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

quasarn01 · 2009/12/14

"PeteC said: ↑

Please do not Double Post. As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible. There was a message to this effect when you signed up.
Click to expand...

Sorry... When I tried to post attach.txt the first time the message upon attempt stated that the message was too long, over 5000+ characters, so I assumed it didn't go thru...

quasarn01 · 2009/12/14

Here is the second part of attach.txt
*******************************

==== Installed Programs ======================

µTorrent
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.7
AI RoboForm (All Users)
AIM 7
Alarm 2.0.4
Alarm Clock Pro
AnswerWorks 5.0 English Runtime
AOL Email Toolbar
AOL Mail and AIM Gadget
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2008)
Atomic Alarm Clock 5.85
Audacity 1.2.6
Audio Editor Deluxe v9.5.1
AutoUpdate
AVG 9.0
AVI DivX to DVD SVCD VCD Converter 2.2.2
Bible Code Oracle
BitRecorder
BitTorrent
BlackBerry Desktop Software 4.7
BlackBerry Device Software Updater
BOINC
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Choice Guard
CoffeeCup HTML Editor 2008
CoffeeCup Web Form Builder - Registered
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Corel WinDVD 9
CSE HTML Validator Lite v6.52
CSE HTML Validator Professional v9.01
CuteFTP 8 Professional
CuteHTML Pro 6
CuteSITE Builder
DHTML Editing Component
Digital Voice Recorder
Distributed Password Recovery
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
eBay Toolbar Featuring Yahoo!
Email Charger 2.0
FileASSASSIN
FileZilla Client 3.2.8.1
GearDrvs
Global Mapper 10
GlobalSCAPE Web Survey
Gold Wave Editor v10.5.5
Google Chrome
Google Desktop
Google Earth
Google Gears
Google SketchUp 7
Google Update Helper
Guitar Pro 5.2
H.264 Decoder
HiJackThis
HijackThis 2.0.2
HTML-Kit
IBP 9.0.3
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPP Port Monitor
Ipswitch WS_FTP 12
Jasc Animation Shop 3
Jasc Paint Shop Pro 8
Java(TM) 6 Update 3
Junk Mail filter update
K-Lite Codec Pack 3.9.0 Standard
Kai's SuperGOO
Karaoke Builder Studio 3.x
Karen's Autorun.inf Editor
kSolo Recorder
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
Lexmark 3400 Series
LG USB Modem driver
Logitech Vid
Malwarebytes' Anti-Malware
mCorev32.ism_new
mCPlug
mHelp
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets & Trips 2008
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MKV Splitter
mMHouse
Mozilla Embedded Browser version 2.0
Mozilla Firefox (3.5.5)
MP3 Audio Splitter Joiner 3.00
mPfMgr
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Alarm Clock
Nero 9 Trial
Nero 9.0.9.4 Lite
Nero Installer
neroxml
Next Generation Visualisations
Norton 360
NuSphere PhpED version 5.6
Nvu 1.0PR
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2
Opera 9.63
PC Pitstop Optimize 1.5
php-5.2.6 for NuSphere PhpED
Php Documentor version 1.4.2 for NuSphere PhpED
Polystyle 2.0zo (trial) for NuSphere PhpED
PowerISO
QuickBooks Financial Center
QuickTime
Radar Website Monitor 4
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RegCure 2.0.0.0
RegistryFix v7.0
Roxio Media Manager
RTC Client API v1.2
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Simple Port Forwarding
Skype web features
Skypeâ„¢ 4.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Super DVD Creator 9.8 Full Version
Synaptics Pointing Device Driver
TMPGEnc Authoring Works 4
TomTom HOME 2.7.2.1825
TomTom HOME Visual Studio Merge Modules
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Games
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Value Added Package
Turbo Lister 2
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Ultra DVD Audio Ripper 3.2.0822
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
V CAST Music Manager
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Virtual Earth 3D (Beta)
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WeatherBug
Web Easy Professional
Web Easy Professional 8
Web Page Maker V3.1
Windows Live Call
Windows Live Communications Platform
Windows Live Family Safety
Windows Live Movie Maker Beta
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinX DVD Ripper Platinum 5.1.6
Xilisoft DVD Ripper Ultimate
Yahoo! Messenger
Yahoo! Software Update
ZumoDrive

==== Event Viewer Messages From Past Week ========

12/14/2009 08:38:16, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp
12/14/2009 08:37:40, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
12/14/2009 08:37:19, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
12/14/2009 01:09:04, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
12/14/2009 01:09:04, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2009 23:09:39, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
12/13/2009 20:29:22, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/13/2009 20:28:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/13/2009 20:28:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/13/2009 20:28:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/13/2009 20:28:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2009 20:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/13/2009 20:28:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CbFs Cdr4_xp CSC DfsC discache kl1 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:10, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 20:28:09, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/13/2009 10:35:29, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
12/13/2009 08:48:05, Error: Microsoft-Windows-Firewall [6400] - An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE) interface was rejected because this API is not supported on Windows Vista. This has most likely occurred due to an application which is incompatible with Windows Vista. Please contact the application's vendor to make sure you have a Windows Vista compatible application version. Error Code: E_NOTIMPL Caller Process Name: C:\Windows\system32\svchost.exe Process Id: 948 Publisher: Microsoft Corporation
12/12/2009 11:53:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
12/12/2009 07:07:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/10/2009 00:17:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

==== End Of File ===========================

quasarn01 · 2009/12/14

Sorry for the double posts... When I first posted the attach.txt file I got a message telling me that the post was too long, over 5000+ characters, so I broke it up in two posts... I assumed that the message meant that the initial attach.txt didn't post... Sorry...

broni · 2009/12/14

Download HostsXpert ( http://www.majorgeeks.com/Hoster_d4626.html ) and then follow the steps below:

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click Restore MS Hosts File and then click OK.
* Click the X to exit the program

Restart computer.

==============================================================

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

quasarn01 · 2009/12/14

GooredFix by jpshortstuff (06.12.09.1)
Log created at 21:08 on 14/12/2009 (quasarn01)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:12 22/09/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [13:32 22/09/2008]

C:\Users\quasarn01\Application Data\Mozilla\Firefox\Profiles\4dtf7eme.default\extensions\
0fddbfeb3fbf18d3e7c3cef853e1f457@button.codefisher.org [17:26 11/12/2009]
fsonlinescanner@f-secure.com [16:40 12/10/2009]
moveplayer@movenetworks.com-trash [16:47 01/11/2009]
personas@christopher.beard [17:34 11/12/2009]
piclens@cooliris.com [23:44 03/05/2009]
piclens@cooliris.com-trash [23:44 03/05/2009]
smarterwiki@wikiatic.com [14:17 20/10/2009]
tabkit@jomel.me.uk [07:21 28/10/2008]
weatherwatcherlive@singerscreations.com [14:33 20/10/2009]
{20a82645-c095-46ed-80e3-08825760534b} [09:33 15/07/2009]
{3d7eb24f-2740-49df-8937-200b1cc08f8a} [18:05 11/12/2009]
{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [14:13 20/10/2009]
{3EC9C995-8072-4fc0-953E-4F30620D17F3} [16:03 24/10/2009]
{4176DFF4-4698-11DE-BEEB-45DA55D89593} [16:21 25/10/2009]
{73a6fe31-595d-460b-a920-fcc0f8843232} [18:05 11/12/2009]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [18:35 18/02/2009]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [21:53 13/12/2009]
{c1970c0d-dbe6-4d91-804f-c9c0de643a57} [04:22 14/12/2009]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [18:11 15/08/2009]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [11:27 13/12/2009]
{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [17:17 11/12/2009]
{DCBD1271-D228-4082-9FBC-36D9B7660B03} [15:53 30/07/2009]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [18:11 15/08/2009]
{fa1cfe8c-66b4-4469-b360-b60c79d70c28} [09:40 16/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{000a9d1c-beef-4f90-9363-039d445309b8} "= "C:\Program Files\Google\Google Gears\Firefox\" [02:57 04/11/2009]
"{20a82645-c095-46ed-80e3-08825760534b} "= "c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:12 03/02/2009]
"{22119944-ED35-4ab1-910B-E619EA06A115} "= "C:\Program Files\Siber Systems\AI RoboForm\Firefox" [14:28 09/11/2008]
"{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG9\Firefox" [12:26 19/10/2009]

-=E.O.F=-

broni · 2009/12/15

What about HostsXpert?

quasarn01 · 2009/12/15

I ran it and restored host file... Here it is...:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

broni · 2009/12/15

Good

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

******************************************************************************************
Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit)
DO NOT remove those entries!
If you do, your computer will become UN-bootable.
The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
****************************************************************************************

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

quasarn01 · 2009/12/16

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/16/2009 at 05:52 AM

Application Version : 4.31.1000

Core Rules Database Version : 4377
Trace Rules Database Version: 2217

Scan type : Complete Scan
Total Scan Time : 06:53:46

Memory items scanned : 353
Memory threats detected : 0
Registry items scanned : 10334
Registry threats detected : 0
File items scanned : 838123
File threats detected : 0

****************************************************

Malwarebytes' Anti-Malware 1.42
Database version: 3374
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/16/2009 11:59:44
mbam-log-2009-12-16 (11-59-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 366140
Time elapsed: 2 hour(s), 29 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*************************************************

Gmer would not run to completion. It would stop and the "Gmer has stopped running" windows box would appear. I rebooted and tried Gmer again, however, the BSOD came up and had to reboot again... So, the Gmer log is unavailable...

********************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:06, on 12/16/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1226462707\ee\aolsoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Music Alarm Clock\mac.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Camera Assistant Software.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: deskwx.weatherbug.com
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14202 bytes

broni · 2009/12/16

Please download ComboFix from [PM sent] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

quasarn01 · 2009/12/16

ComboFix 09-11-23.02 - quasarn01 12/16/2009 20:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1887 [GMT -5:00]
Running from: c:\users\quasarn01\Desktop\3c786fgt5.exe
AV: F-Secure Client Security 7.10 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
SP: F-Secure Client Security 7.10 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4017210073-3623525190-2501994021-500
c:\$recycle.bin\S-1-5-21-4017210073-3623525190-2501994021-500\desktop.ini
c:\windows\Install.txt
c:\windows\system32\Ijl11.dll
c:\windows\system32\Install.txt
c:\windows\system32\win.ini

.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-17 01:56 . 2009-12-17 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-15 20:33 . 2009-12-15 20:34 4096 d-----w- c:\program files\ERUNT
2009-12-15 09:16 . 2009-12-15 09:16 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Serif
2009-12-15 09:13 . 2009-12-15 09:13 -------- d-----w- c:\program files\Serif
2009-12-15 09:05 . 2009-12-15 09:05 -------- d-----w- C:\Serif.WebPlus
2009-12-15 08:41 . 2009-12-15 08:42 -------- d-----w- C:\greenback
2009-12-15 06:53 . 2009-12-15 06:55 -------- d-----w- C:\TemplatesX5
2009-12-15 04:32 . 2009-12-15 04:43 -------- d-----w- C:\MyWork
2009-12-15 03:58 . 2009-12-15 04:25 4096 d-----w- c:\program files\WebSite X5 v8 - Evolution
2009-12-15 03:55 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2009-12-15 03:55 . 2009-05-14 21:26 207872 ----a-w- c:\windows\system32\iwpsetup.exe
2009-12-15 03:50 . 2009-12-15 04:53 -------- d-----w- C:\WebSite.X5
2009-12-15 01:45 . 2009-12-15 01:52 -------- d-----w- C:\HostsXpert
2009-12-15 00:51 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-15 00:51 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-15 00:51 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-15 00:51 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-15 00:51 . 2009-12-15 01:54 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\users\quasarn01\AppData\Roaming\PC Tools
2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\programdata\PC Tools
2009-12-14 18:39 . 2009-12-14 18:39 388096 ----a-r- c:\users\quasarn01\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-14 18:39 . 2009-12-14 18:39 -------- d-----w- c:\program files\TrendMicro
2009-12-14 13:34 . 2009-12-14 13:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-14 13:32 . 2009-12-14 13:32 -------- d-----w- c:\program files\Panicware
2009-12-14 05:42 . 2009-12-14 05:42 -------- d-----w- C:\544100646fa7a6b6b1445c7633
2009-12-14 05:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-14 05:00 . 2009-12-14 06:09 4096 d-----w- c:\program files\BHODemon 2
2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\OpenDNS Updater
2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\program files\OpenDNS Updater
2009-12-13 22:00 . 2009-12-13 22:00 8192 d-----w- c:\program files\ConvertHelper
2009-12-13 11:57 . 2009-12-13 12:40 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 11:57 . 2009-12-13 12:29 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-13 11:49 . 2009-12-13 11:49 -------- d-----w- c:\program files\Trend Micro
2009-12-07 18:22 . 2009-12-07 18:22 -------- d-----w- C:\cart
2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\windows\PCHEALTH
2009-12-04 22:38 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 22:33 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-04 11:21 . 2009-12-04 11:21 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-04 09:30 . 2008-11-04 08:30 30568 ----a-w- c:\windows\system32\mdimon.dll
2009-12-04 08:25 . 2009-12-04 08:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-12-04 08:15 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-04 08:15 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-04 08:15 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-04 08:15 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-04 08:15 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-12-04 08:15 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-04 08:15 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-04 08:15 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-04 08:15 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-04 08:15 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Local\Windows Live Writer
2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Windows Live Writer
2009-12-04 05:06 . 2009-12-04 05:06 -------- d-----w- C:\Roboform data backup
2009-12-04 04:43 . 2009-12-04 04:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-04 04:19 . 2009-12-04 04:19 -------- d-----w- c:\programdata\RegCure
2009-12-04 04:19 . 2009-12-04 04:41 16384 d-----w- c:\program files\RegCure
2009-12-04 03:57 . 2009-12-04 04:45 -------- d-----w- c:\program files\MSECACHE
2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\users\quasarn01\AppData\Local\LogiShrd
2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\program files\Logitech
2009-12-03 19:03 . 2007-11-28 18:03 523776 ------w- c:\users\quasarn01\AppData\Roaming\SoftMaker\smun3250.exe
2009-12-03 17:29 . 2009-12-03 17:29 -------- d-----w- c:\programdata\page
2009-12-03 16:21 . 2009-12-03 19:03 4096 d-----w- c:\users\quasarn01\AppData\Roaming\SoftMaker
2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\program files\Ashampoo
2009-12-03 15:15 . 2009-12-03 18:23 4096 d-----w- c:\program files\Microsoft Officexx
2009-12-03 14:26 . 2009-12-03 14:26 4096 d-----w- C:\office 7
2009-12-03 14:20 . 2009-12-15 21:54 166488 ----a-w- c:\users\quasarn01\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 11:51 . 2009-12-03 10:37 8192 d-----w- c:\windows\Panther
2009-12-03 10:29 . 2009-12-14 04:38 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\Roaming
2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-03 09:01 . 2009-12-03 09:52 -------- d-----w- c:\users\quasarn01\dwhelper
2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\windows\system32\RTCOM
2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\program files\Synaptics
2009-12-03 02:14 . 2009-12-16 03:46 16384 d-sh--w- c:\windows\Installer
2009-12-03 01:08 . 2009-12-03 01:08 -------- d-----w- C:\inetpub
2009-12-02 19:41 . 2009-12-02 19:41 -------- d-----w- C:\kaqoo2_client
2009-12-02 19:36 . 2009-12-03 02:08 -------- d-sh--w- c:\users\quasarn01\.COMMgr
2009-12-02 18:20 . 2009-12-03 09:12 4096 d-----w- c:\program files\PTAutoRun
2009-12-02 18:20 . 2009-12-02 18:20 249856 ----a-w- c:\windows\Setup1.exe
2009-12-02 18:20 . 2009-12-02 18:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-02 17:54 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\{43CED9EC-A88C-465C-9BD3-3F868712A5B5}
2009-11-30 02:40 . 2009-12-03 09:44 -------- d-----w- c:\users\quasarn01\AppData\Roaming\dvdcss
2009-11-30 00:09 . 2009-12-03 09:05 -------- d-----w- c:\program files\Digiarty
2009-11-30 00:03 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\Xenocode
2009-11-29 23:58 . 2009-12-03 09:19 4096 d-----w- c:\program files\Ultra DVD Audio Ripper
2009-11-25 08:01 . 2009-11-25 08:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-22 23:51 . 2009-12-03 09:39 -------- d-----w- c:\users\quasarn01\AppData\Local\AIM
2009-11-22 23:51 . 2009-12-03 09:20 -------- d-----w- c:\programdata\AIM
2009-11-22 23:50 . 2009-12-03 09:01 8192 d-----w- c:\program files\AIM
2009-11-22 23:50 . 2009-12-03 09:05 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-21 23:00 . 2009-12-03 09:04 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-17 20:17 . 2009-12-03 09:20 -------- d-----w- c:\programdata\eBay
2009-11-17 20:17 . 2009-12-03 09:05 -------- d-----w- c:\program files\eBay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 01:47 . 2009-08-20 18:06 4096 d-----w- c:\users\quasarn01\AppData\Roaming\Skype
2009-12-17 01:32 . 2009-08-20 18:06 4096 d-----w- c:\users\quasarn01\AppData\Roaming\skypePM
2009-12-16 14:28 . 2009-10-19 12:26 4096 d-----w- c:\programdata\avg9
2009-12-16 03:47 . 2009-12-16 03:47 117760 ----a-w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-16 03:46 . 2009-12-16 03:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-16 03:45 . 2009-12-16 03:45 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com
2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 03:07 . 2009-12-16 01:45 4096 d-----w- c:\program files\EMCO Malware Destroyer
2009-12-15 20:20 . 2009-06-22 19:53 16384 d-----w- c:\users\quasarn01\AppData\Roaming\uTorrent
2009-12-14 01:03 . 2008-11-12 04:04 4096 d-----w- c:\program files\Common Files\aol
2009-12-14 01:02 . 2009-04-13 04:20 4096 d-----w- c:\program files\Replay Video Capture
2009-12-14 00:57 . 2009-10-03 16:16 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-14 00:56 . 2008-02-14 02:15 4096 d-----w- c:\program files\Google
2009-12-14 00:54 . 2009-04-23 20:16 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-12-13 21:05 . 2009-09-03 14:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-13 21:05 . 2009-09-03 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-13 21:05 . 2009-09-03 14:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-13 21:05 . 2009-10-19 12:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2009-12-13 21:04 . 2009-09-03 14:45 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-12 11:15 . 2009-08-12 15:18 12288 d-----w- c:\program files\CoffeeCup Software
2009-12-09 22:49 . 2008-06-25 07:59 12288 d-----w- c:\programdata\Microsoft Help
2009-12-07 17:13 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Jasc Software Inc
2009-12-07 17:13 . 2008-10-09 10:35 -------- d-----w- c:\program files\Jasc Software Inc
2009-12-07 03:58 . 2009-08-20 18:05 4096 d-----w- c:\users\quasarn01\AppData\Roaming\IBP
2009-12-04 11:25 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-04 08:23 . 2009-05-16 21:00 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 05:17 . 2009-04-12 23:44 4096 d-----w- c:\program files\Windows Live
2009-12-03 21:14 . 2009-05-16 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-05-16 21:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 14:00 . 2008-02-14 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 13:37 . 2009-12-03 13:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-03 12:32 . 2008-02-14 01:36 -------- d-----w- c:\program files\Intel
2009-12-03 10:09 . 2009-10-07 17:44 21412 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-03 09:44 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Media Player Classic
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Apple Computer
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AOL
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Alarm Clock Pro
2009-12-03 09:42 . 2009-10-19 22:12 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AceBIT
2009-12-03 09:42 . 2009-08-25 02:13 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AI Internet Solutions
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\acccore
2009-12-03 09:23 . 2009-10-11 01:24 4096 dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-12-03 09:23 . 2008-11-04 05:05 -------- d-----w- c:\programdata\Yahoo!
2009-12-03 09:23 . 2008-06-25 08:04 4096 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-12-03 09:21 . 2009-09-17 01:16 4096 d-----w- c:\programdata\LGMOBILEAX
2009-12-03 09:21 . 2009-05-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 09:21 . 2008-10-02 04:07 -------- d-----w- c:\programdata\Lavasoft
2009-12-03 09:21 . 2009-05-05 20:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-03 09:21 . 2009-10-19 23:34 -------- d-----w- c:\programdata\Ipswitch
2009-12-03 09:21 . 2009-01-25 10:58 -------- d-----w- c:\programdata\Intuit
2009-12-03 09:21 . 2009-10-12 21:04 -------- d-----w- c:\programdata\InterVideo
2009-12-03 09:21 . 2008-10-09 10:36 -------- d-----w- c:\programdata\InstallShield
2009-12-03 09:21 . 2008-06-25 08:39 -------- d-----w- c:\programdata\Intel
2009-12-03 09:21 . 2009-08-13 22:30 -------- d-----w- c:\programdata\GlobalSCAPE
2009-12-03 09:21 . 2009-05-06 00:09 -------- d-----w- c:\programdata\F-Secure
2009-12-03 09:21 . 2008-12-12 20:13 -------- d-----w- c:\programdata\Ezprint
2009-12-03 09:19 . 2009-09-06 13:40 -------- d-----w- c:\program files\Xentao
2009-12-03 09:18 . 2008-02-14 02:04 -------- d-----w- c:\program files\Ulead Systems
2009-12-03 09:18 . 2009-01-25 10:57 -------- d-----w- c:\program files\TurboTax
2009-12-03 09:18 . 2008-02-14 01:48 4096 d-----w- c:\program files\Toshiba Registration
2009-12-03 09:17 . 2008-02-14 02:11 4096 d-----w- c:\program files\TOSHIBA Games
2009-12-03 09:13 . 2008-02-14 01:42 4096 d-----w- c:\program files\TOSHIBA
2009-12-03 09:11 . 2009-11-14 18:19 -------- d-----w- c:\program files\Pegasys Inc
2009-12-03 09:11 . 2008-09-24 12:42 -------- d-----w- c:\program files\PCPitstop
2009-12-03 09:11 . 2009-08-21 14:42 4096 d-----w- c:\program files\Opera
2009-12-03 09:11 . 2009-06-23 09:38 8192 d-----w- c:\program files\Nvu
2009-12-03 09:11 . 2009-09-29 01:57 -------- d-----w- c:\program files\NuSphere
2009-12-03 09:11 . 2009-04-22 13:22 4096 d-----w- c:\program files\Nero 9
2009-12-03 09:11 . 2009-04-01 18:42 -------- d-----w- c:\program files\Nero
2009-12-03 09:11 . 2008-09-29 04:56 4096 d-----w- c:\program files\Music Alarm Clock
2009-12-03 09:11 . 2009-08-21 01:14 -------- d-----w- c:\program files\MP3 Splitter & Joiner Pro
2009-12-03 09:10 . 2008-09-23 06:15 -------- d-----w- c:\program files\Microsoft.NET
2009-12-03 09:10 . 2008-06-25 07:56 28672 d-----w- c:\program files\Microsoft Works
2009-12-03 09:10 . 2008-09-28 21:55 4096 d-----w- c:\program files\Microsoft Streets & Trips
2009-12-03 09:10 . 2009-04-12 23:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-03 09:10 . 2009-04-12 23:48 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-03 09:10 . 2008-09-24 06:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-03 09:08 . 2009-09-03 18:57 4096 d-----w- c:\program files\IPP Port Monitor
2009-12-03 09:08 . 2008-10-06 00:45 -------- d-----w- c:\program files\Ipswitch
2009-12-03 09:08 . 2008-02-14 01:53 -------- d-----w- c:\program files\Intuit
2009-12-03 09:08 . 2008-02-14 02:07 -------- d-----w- c:\program files\InterVideo
2009-12-03 09:08 . 2009-08-11 21:35 4096 d-----w- c:\program files\IBP 9
2009-12-03 09:08 . 2009-08-25 02:13 12288 d-----w- c:\program files\HTMLValidator90
2009-12-03 09:08 . 2009-08-21 01:32 -------- d-----w- c:\program files\HiFisoftware
2009-12-03 09:08 . 2008-10-14 04:31 4096 d-----w- c:\program files\Guitar Pro 5
2009-12-03 09:07 . 2009-11-14 16:26 4096 d-----w- c:\program files\Gold Wave Editor
2009-12-03 09:07 . 2009-08-13 22:28 4096 d-----w- c:\program files\GlobalSCAPE
2009-12-03 09:06 . 2009-02-23 07:45 12288 d-----w- c:\program files\GlobalMapper10
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2008-09-21 21:10 . 2008-09-21 21:10 13 --sha-r- c:\windows\System32\drivers\fbd.sys
2008-09-21 21:10 . 2008-09-21 21:10 4 --sha-r- c:\windows\System32\drivers\taishop.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe 1" [X]
"RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-15 160592]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SkinClock "= "c:\program files\Atomic Alarm\AtomicAlarmClock.exe" [2008-09-24 527360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OpenDNS Updater "= "c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Camera Assistant Software "= "c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"HostManager "= "c:\program files\Common Files\AOL\1226462707\ee\AOLSoftware.exe" [2008-06-24 41824]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
"Music Alarm Clock "= "c:\progra~1\MUSICA~1\mac.exe" [2006-01-18 970240]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-30 4911104]
"Skytel "= "Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\users\quasarn01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Assistant Software.lnk - c:\program files\Camera Assistant Software for Toshiba\traybar.exe [2008-6-25 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AccuWeather Desktop.lnk]
backup=c:\windows\pss\AccuWeather Desktop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^quasarn01^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bayvue2694056434.lnk]
backup=c:\windows\pss\bayvue2694056434.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Spyware Remover
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inixs
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceDll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSwx.sys [10/19/2009 07:26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9/3/2009 09:45 161800]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/10/2009 20:27 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [12/14/2009 19:51 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/3/2009 09:45 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/3/2009 09:45 360584]
R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [6/29/2009 13:33 146264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 08:43 74480]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/13/2009 16:05 285392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/25/2007 16:07 40960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2009 01:02 276816]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 19:09 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/13/2009 06:57 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 10:05 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 19:03 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2009 02:48 24652]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [10/19/2009 07:26 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [10/19/2009 07:26 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [10/19/2009 07:26 21208]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [11/4/2009 02:59 17408]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/13/2008 20:44 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [5/16/2009 16:00 19160]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 16:18 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [8/20/2009 01:04 189440]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm\timeserv.exe [10/3/2008 11:36 415744]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/13/2009 16:04 5832712]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7/8/2009 02:23 62776]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [4/12/2009 18:48 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 17:08 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 16:34 1028432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 08:43 7408]
S4 gupdate1c9868994777d0;Google Update Service (gupdate1c9868994777d0);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 00:25 133104]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 05:45 13088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:26]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 05:25]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 05:25]

2009-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017210073-3623525190-2501994021-1000Core.job
- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-07 02:38]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017210073-3623525190-2501994021-1000UA.job
- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-07 02:38]

2009-12-15 c:\windows\Tasks\Malwarebytes' Scheduled Update for quasarn01.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-16 21:14]

2009-12-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]

2009-12-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]

2009-12-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Email Toolbar Search
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
Trusted Zone: weatherbug.com\deskwx
TCP: {8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\quasarn01\AppData\Roaming\Mozilla\Firefox\Profiles\4dtf7eme.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - www.foxnews.com
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\quasarn01\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\quasarn01\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6 ", "AllAccess ");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Ad-Aware - c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Incomedia WebSite X5 v8 - Evolution - c:\windows\system32\iwpsetup.exe Uninst
AddRemove-sm-un1.u32 - c:\users\quasarn01\AppData\Roaming\SoftMaker\smun3250.exe sm-un1.u32
AddRemove-{6d664dea-3f3b-477d-b477-9286b99f9c8c} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=8M01-20CX-4294-TL10-U4U0-UKE2-MMT7-AHWX

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BF408F0-16A9-30BC-2C22-F999F3B18EEC}*]
"gbojbealfbpcklcmcagngafblkamneaogopnniapdfenjm "=hex:66,61,63,6a,61,64,63,6d,
6c,64,69,63,00,02

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ahead\Shared]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ulead Systems\Ulead DVD Tweak and Fit\2.1\VIO\SaveTemplateFiles]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE "=dword:00000003
"TMH "=dword:01cb5d8f
"TML "=dword:0affaab9

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-16 21:03
ComboFix-quarantined-files.txt 2009-12-17 02:03

Pre-Run: 68,447,723,520 bytes free
Post-Run: 68,479,578,112 bytes free

- - End Of File - - 5B508A24121035840EDC44BAB1495BCA
***************************************************************

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:06:25, on 12/16/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1226462707\ee\aolsoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Music Alarm Clock\mac.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - Startup: Camera Assistant Software.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: deskwx.weatherbug.com
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13468 bytes

broni · 2009/12/16

How is redirection issue?

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\iwpsetup.exe
c:\programdata\ezsidmv.dat


Folder::
c:\programdata\F-Secure


Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

quasarn01 · 2009/12/17

ComboFix 09-11-23.02 - quasarn01 12/17/2009 8:05.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1665 [GMT -5:00]
Running from: c:\users\quasarn01\Desktop\3c786fgt5.exe
Command switches used :: c:\users\quasarn01\Desktop\CFScript.txt
AV: F-Secure Client Security 7.10 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
SP: F-Secure Client Security 7.10 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\programdata\ezsidmv.dat "
"c:\windows\system32\iwpsetup.exe "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ezsidmv.dat
c:\programdata\F-Secure
c:\programdata\F-Secure\Logs\FSMA\fsma.log
c:\windows\system32\iwpsetup.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-17 13:07 . 2009-12-17 13:07 -------- d-----w- c:\users\quasarn01\AppData\Local\temp
2009-12-17 13:07 . 2009-12-17 13:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-17 13:07 . 2009-12-17 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 12:54 . 2009-12-17 13:02 49152 d-----w- C:\32788R22FWJFW
2009-12-16 03:47 . 2009-12-16 03:47 117760 ----a-w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-16 03:46 . 2009-12-16 03:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-16 03:45 . 2009-12-16 03:45 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com
2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-16 01:45 . 2009-12-16 03:07 4096 d-----w- c:\program files\EMCO Malware Destroyer
2009-12-15 23:48 . 2009-12-15 23:48 -------- d-----w- C:\_OTL
2009-12-15 20:33 . 2009-12-15 20:34 4096 d-----w- c:\program files\ERUNT
2009-12-15 09:16 . 2009-12-15 09:16 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Serif
2009-12-15 09:13 . 2009-12-15 09:13 -------- d-----w- c:\program files\Serif
2009-12-15 09:05 . 2009-12-15 09:05 -------- d-----w- C:\Serif.WebPlus
2009-12-15 08:41 . 2009-12-15 08:42 4096 d-----w- C:\greenback
2009-12-15 06:53 . 2009-12-15 06:55 -------- d-----w- C:\TemplatesX5
2009-12-15 04:32 . 2009-12-15 04:43 4096 d-----w- C:\MyWork
2009-12-15 03:58 . 2009-12-15 04:25 4096 d-----w- c:\program files\WebSite X5 v8 - Evolution
2009-12-15 03:55 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2009-12-15 03:50 . 2009-12-15 04:53 -------- d-----w- C:\WebSite.X5
2009-12-15 01:45 . 2009-12-15 01:52 -------- d-----w- C:\HostsXpert
2009-12-15 00:51 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-15 00:51 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-15 00:51 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-15 00:51 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-15 00:51 . 2009-12-15 01:54 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\users\quasarn01\AppData\Roaming\PC Tools
2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\programdata\PC Tools
2009-12-14 18:39 . 2009-12-14 18:39 388096 ----a-r- c:\users\quasarn01\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-14 18:39 . 2009-12-14 18:39 -------- d-----w- c:\program files\TrendMicro
2009-12-14 13:34 . 2009-12-14 13:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-14 13:32 . 2009-12-14 13:32 -------- d-----w- c:\program files\Panicware
2009-12-14 05:42 . 2009-12-14 05:42 -------- d-----w- C:\544100646fa7a6b6b1445c7633
2009-12-14 05:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-14 05:00 . 2009-12-14 06:09 4096 d-----w- c:\program files\BHODemon 2
2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\OpenDNS Updater
2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\program files\OpenDNS Updater
2009-12-13 22:00 . 2009-12-13 22:00 8192 d-----w- c:\program files\ConvertHelper
2009-12-13 11:57 . 2009-12-13 12:40 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-13 11:57 . 2009-12-13 12:29 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-13 11:49 . 2009-12-13 11:49 -------- d-----w- c:\program files\Trend Micro
2009-12-07 18:22 . 2009-12-07 18:22 -------- d-----w- C:\cart
2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\windows\PCHEALTH
2009-12-04 22:38 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 22:33 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-04 11:21 . 2009-12-04 11:21 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-04 09:30 . 2008-11-04 08:30 30568 ----a-w- c:\windows\system32\mdimon.dll
2009-12-04 08:25 . 2009-12-04 08:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2009-12-04 08:15 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-04 08:15 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-04 08:15 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-04 08:15 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-04 08:15 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-12-04 08:15 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-04 08:15 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-04 08:15 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-04 08:15 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-04 08:15 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Local\Windows Live Writer
2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Windows Live Writer
2009-12-04 05:06 . 2009-12-04 05:06 -------- d-----w- C:\Roboform data backup
2009-12-04 04:43 . 2009-12-04 04:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-04 04:19 . 2009-12-04 04:19 -------- d-----w- c:\programdata\RegCure
2009-12-04 04:19 . 2009-12-04 04:41 16384 d-----w- c:\program files\RegCure
2009-12-04 03:57 . 2009-12-04 04:45 -------- d-----w- c:\program files\MSECACHE
2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\users\quasarn01\AppData\Local\LogiShrd
2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\program files\Logitech
2009-12-03 19:03 . 2007-11-28 18:03 523776 ------w- c:\users\quasarn01\AppData\Roaming\SoftMaker\smun3250.exe
2009-12-03 17:29 . 2009-12-03 17:29 -------- d-----w- c:\programdata\page
2009-12-03 16:21 . 2009-12-03 19:03 4096 d-----w- c:\users\quasarn01\AppData\Roaming\SoftMaker
2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\program files\Ashampoo
2009-12-03 15:15 . 2009-12-03 18:23 4096 d-----w- c:\program files\Microsoft Officexx
2009-12-03 14:26 . 2009-12-03 14:26 4096 d-----w- C:\office 7
2009-12-03 14:20 . 2009-12-15 21:54 166488 ----a-w- c:\users\quasarn01\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-03 11:51 . 2009-12-03 10:37 8192 d-----w- c:\windows\Panther
2009-12-03 10:29 . 2009-12-17 02:15 -------- d-----w- c:\windows\system32\wbem\Performance
2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\Roaming
2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-03 09:01 . 2009-12-03 09:52 -------- d-----w- c:\users\quasarn01\dwhelper
2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\windows\system32\RTCOM
2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\program files\Synaptics
2009-12-03 02:14 . 2009-12-16 03:46 16384 d-sh--w- c:\windows\Installer
2009-12-03 01:08 . 2009-12-03 01:08 -------- d-----w- C:\inetpub
2009-12-02 19:41 . 2009-12-02 19:41 -------- d-----w- C:\kaqoo2_client
2009-12-02 19:36 . 2009-12-03 02:08 -------- d-sh--w- c:\users\quasarn01\.COMMgr
2009-12-02 18:20 . 2009-12-03 09:12 4096 d-----w- c:\program files\PTAutoRun
2009-12-02 18:20 . 2009-12-02 18:20 249856 ----a-w- c:\windows\Setup1.exe
2009-12-02 18:20 . 2009-12-02 18:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-02 17:54 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\{43CED9EC-A88C-465C-9BD3-3F868712A5B5}
2009-11-30 02:40 . 2009-12-03 09:44 -------- d-----w- c:\users\quasarn01\AppData\Roaming\dvdcss
2009-11-30 00:09 . 2009-12-03 09:05 -------- d-----w- c:\program files\Digiarty
2009-11-30 00:03 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\Xenocode
2009-11-29 23:58 . 2009-12-03 09:19 4096 d-----w- c:\program files\Ultra DVD Audio Ripper
2009-11-25 08:01 . 2009-11-25 08:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-22 23:51 . 2009-12-03 09:39 -------- d-----w- c:\users\quasarn01\AppData\Local\AIM
2009-11-22 23:51 . 2009-12-03 09:20 -------- d-----w- c:\programdata\AIM
2009-11-22 23:50 . 2009-12-03 09:01 8192 d-----w- c:\program files\AIM
2009-11-22 23:50 . 2009-12-03 09:05 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-21 23:00 . 2009-12-03 09:04 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-17 20:17 . 2009-12-03 09:20 -------- d-----w- c:\programdata\eBay
2009-11-17 20:17 . 2009-12-03 09:05 -------- d-----w- c:\program files\eBay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 08:00 . 2009-10-19 12:26 4096 d-----w- c:\programdata\avg9
2009-12-17 02:15 . 2009-08-20 18:06 4096 d-----w- c:\users\quasarn01\AppData\Roaming\Skype
2009-12-17 01:32 . 2009-08-20 18:06 4096 d-----w- c:\users\quasarn01\AppData\Roaming\skypePM
2009-12-15 20:20 . 2009-06-22 19:53 16384 d-----w- c:\users\quasarn01\AppData\Roaming\uTorrent
2009-12-14 01:03 . 2008-11-12 04:04 4096 d-----w- c:\program files\Common Files\aol
2009-12-14 01:02 . 2009-04-13 04:20 4096 d-----w- c:\program files\Replay Video Capture
2009-12-14 00:57 . 2009-10-03 16:16 -------- d-----w- c:\program files\Skyhook Wireless
2009-12-14 00:56 . 2008-02-14 02:15 4096 d-----w- c:\program files\Google
2009-12-14 00:54 . 2009-04-23 20:16 -------- d-----w- c:\program files\Ask & Record Toolbar
2009-12-13 21:05 . 2009-09-03 14:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-13 21:05 . 2009-09-03 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-13 21:05 . 2009-09-03 14:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-13 21:05 . 2009-10-19 12:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2009-12-13 21:04 . 2009-09-03 14:45 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-12 11:15 . 2009-08-12 15:18 12288 d-----w- c:\program files\CoffeeCup Software
2009-12-09 22:49 . 2008-06-25 07:59 12288 d-----w- c:\programdata\Microsoft Help
2009-12-07 17:13 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Jasc Software Inc
2009-12-07 17:13 . 2008-10-09 10:35 -------- d-----w- c:\program files\Jasc Software Inc
2009-12-07 03:58 . 2009-08-20 18:05 4096 d-----w- c:\users\quasarn01\AppData\Roaming\IBP
2009-12-04 11:25 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-12-04 08:23 . 2009-05-16 21:00 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 05:17 . 2009-04-12 23:44 4096 d-----w- c:\program files\Windows Live
2009-12-03 21:14 . 2009-05-16 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-05-16 21:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 14:00 . 2008-02-14 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-03 12:32 . 2008-02-14 01:36 -------- d-----w- c:\program files\Intel
2009-12-03 10:09 . 2009-10-07 17:44 21412 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-03 09:44 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Media Player Classic
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Apple Computer
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AOL
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Alarm Clock Pro
2009-12-03 09:42 . 2009-10-19 22:12 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AceBIT
2009-12-03 09:42 . 2009-08-25 02:13 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AI Internet Solutions
2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\acccore
2009-12-03 09:23 . 2009-10-11 01:24 4096 dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-12-03 09:23 . 2008-11-04 05:05 -------- d-----w- c:\programdata\Yahoo!
2009-12-03 09:23 . 2008-06-25 08:04 4096 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2009-12-03 09:21 . 2009-09-17 01:16 4096 d-----w- c:\programdata\LGMOBILEAX
2009-12-03 09:21 . 2009-05-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
2009-12-03 09:21 . 2008-10-02 04:07 -------- d-----w- c:\programdata\Lavasoft
2009-12-03 09:21 . 2009-05-05 20:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-03 09:21 . 2009-10-19 23:34 -------- d-----w- c:\programdata\Ipswitch
2009-12-03 09:21 . 2009-01-25 10:58 -------- d-----w- c:\programdata\Intuit
2009-12-03 09:21 . 2009-10-12 21:04 -------- d-----w- c:\programdata\InterVideo
2009-12-03 09:21 . 2008-10-09 10:36 -------- d-----w- c:\programdata\InstallShield
2009-12-03 09:21 . 2008-06-25 08:39 -------- d-----w- c:\programdata\Intel
2009-12-03 09:21 . 2009-08-13 22:30 -------- d-----w- c:\programdata\GlobalSCAPE
2009-12-03 09:21 . 2008-12-12 20:13 -------- d-----w- c:\programdata\Ezprint
2009-12-03 09:19 . 2009-09-06 13:40 -------- d-----w- c:\program files\Xentao
2009-12-03 09:18 . 2008-02-14 02:04 -------- d-----w- c:\program files\Ulead Systems
2009-12-03 09:18 . 2009-01-25 10:57 -------- d-----w- c:\program files\TurboTax
2009-12-03 09:18 . 2008-02-14 01:48 4096 d-----w- c:\program files\Toshiba Registration
2009-12-03 09:17 . 2008-02-14 02:11 4096 d-----w- c:\program files\TOSHIBA Games
2009-12-03 09:13 . 2008-02-14 01:42 4096 d-----w- c:\program files\TOSHIBA
2009-12-03 09:11 . 2009-11-14 18:19 -------- d-----w- c:\program files\Pegasys Inc
2009-12-03 09:11 . 2008-09-24 12:42 -------- d-----w- c:\program files\PCPitstop
2009-12-03 09:11 . 2009-08-21 14:42 4096 d-----w- c:\program files\Opera
2009-12-03 09:11 . 2009-06-23 09:38 8192 d-----w- c:\program files\Nvu
2009-12-03 09:11 . 2009-09-29 01:57 -------- d-----w- c:\program files\NuSphere
2009-12-03 09:11 . 2009-04-22 13:22 4096 d-----w- c:\program files\Nero 9
2009-12-03 09:11 . 2009-04-01 18:42 -------- d-----w- c:\program files\Nero
2009-12-03 09:11 . 2008-09-29 04:56 4096 d-----w- c:\program files\Music Alarm Clock
2009-12-03 09:11 . 2009-08-21 01:14 -------- d-----w- c:\program files\MP3 Splitter & Joiner Pro
2009-12-03 09:10 . 2008-09-23 06:15 -------- d-----w- c:\program files\Microsoft.NET
2009-12-03 09:10 . 2008-06-25 07:56 28672 d-----w- c:\program files\Microsoft Works
2009-12-03 09:10 . 2008-09-28 21:55 4096 d-----w- c:\program files\Microsoft Streets & Trips
2009-12-03 09:10 . 2009-04-12 23:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-03 09:10 . 2009-04-12 23:48 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-03 09:10 . 2008-09-24 06:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-03 09:08 . 2009-09-03 18:57 4096 d-----w- c:\program files\IPP Port Monitor
2009-12-03 09:08 . 2008-10-06 00:45 -------- d-----w- c:\program files\Ipswitch
2009-12-03 09:08 . 2008-02-14 01:53 -------- d-----w- c:\program files\Intuit
2009-12-03 09:08 . 2008-02-14 02:07 -------- d-----w- c:\program files\InterVideo
2009-12-03 09:08 . 2009-08-11 21:35 4096 d-----w- c:\program files\IBP 9
2009-12-03 09:08 . 2009-08-25 02:13 12288 d-----w- c:\program files\HTMLValidator90
2009-12-03 09:08 . 2009-08-21 01:32 -------- d-----w- c:\program files\HiFisoftware
2009-12-03 09:08 . 2008-10-14 04:31 4096 d-----w- c:\program files\Guitar Pro 5
2009-12-03 09:07 . 2009-11-14 16:26 4096 d-----w- c:\program files\Gold Wave Editor
2009-12-03 09:07 . 2009-08-13 22:28 4096 d-----w- c:\program files\GlobalSCAPE
2009-12-03 09:06 . 2009-02-23 07:45 12288 d-----w- c:\program files\GlobalMapper10
2009-12-03 09:06 . 2009-11-16 20:28 -------- d-----w- c:\program files\Free Desktop Tools
2009-12-03 09:04 . 2008-11-06 05:18 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-12-03 09:04 . 2008-09-23 02:30 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-03 09:04 . 2009-04-01 18:41 -------- d-----w- c:\program files\Common Files\Nero
2009-12-03 09:04 . 2009-11-10 23:49 -------- d-----w- c:\program files\Common Files\L&H
2009-12-03 09:04 . 2009-01-25 10:58 -------- d-----w- c:\program files\Common Files\Intuit
2009-12-03 09:04 . 2008-02-14 02:01 -------- d-----w- c:\program files\Common Files\Java
2009-12-03 09:04 . 2009-07-28 23:39 -------- d-----w- c:\program files\Common Files\InterVideo
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2008-09-21 21:10 . 2008-09-21 21:10 13 --sha-r- c:\windows\System32\drivers\fbd.sys
2008-09-21 21:10 . 2008-09-21 21:10 4 --sha-r- c:\windows\System32\drivers\taishop.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-12-17_01.56.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 14:38 . 2009-12-17 02:16 33310 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2009-12-17 02:16 45586 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-03 08:58 . 2009-12-17 11:38 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2009-12-17 01:29 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2009-12-17 11:38 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 14:16 . 2009-12-17 02:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 14:16 . 2009-12-17 01:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 14:16 . 2009-12-17 01:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-03 14:16 . 2009-12-17 02:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-03 14:16 . 2009-12-17 02:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-03 14:16 . 2009-12-17 01:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 10:13 . 2009-12-17 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 10:13 . 2009-12-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-09 02:14 . 2009-12-17 13:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-09 02:14 . 2009-12-16 19:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-09 02:14 . 2009-12-16 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-09 02:14 . 2009-12-17 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-10-09 02:14 . 2009-12-16 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-10-09 02:14 . 2009-12-17 13:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-03 10:13 . 2009-12-17 13:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-03 10:13 . 2009-12-17 01:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-03 10:13 . 2009-12-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 10:13 . 2009-12-17 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-03 13:35 . 2009-12-17 02:16 6542 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4017210073-3623525190-2501994021-1000_UserData.bin
+ 2009-07-04 22:45 . 2009-12-17 02:40 9560 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_48.bin
- 2009-07-04 22:45 . 2009-07-04 22:45 9560 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_48.bin
+ 2009-07-04 22:45 . 2009-12-17 02:40 4280 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_32.bin
- 2009-07-04 22:45 . 2009-07-04 22:45 4280 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_32.bin
- 2009-07-04 22:45 . 2009-07-04 22:45 2456 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_24.bin
+ 2009-07-04 22:45 . 2009-12-17 02:40 2456 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_24.bin
- 2009-12-17 01:29 . 2009-12-17 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-12-17 02:12 . 2009-12-17 02:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-12-17 01:29 . 2009-12-17 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-17 02:12 . 2009-12-17 02:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2009-12-17 02:15 650410 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-12-14 04:38 650410 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2009-12-14 04:38 117684 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2009-12-17 02:15 117684 c:\windows\System32\perfc009.dat
+ 2009-12-03 08:58 . 2009-12-17 11:38 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2009-12-16 16:31 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2009-12-17 11:52 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather "= "c:\program files\AWS\WeatherBug\Weather.exe 1" [X]
"RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-15 160592]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SkinClock "= "c:\program files\Atomic Alarm\AtomicAlarmClock.exe" [2008-09-24 527360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"OpenDNS Updater "= "c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Camera Assistant Software "= "c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"HostManager "= "c:\program files\Common Files\AOL\1226462707\ee\AOLSoftware.exe" [2008-06-24 41824]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
"Music Alarm Clock "= "c:\progra~1\MUSICA~1\mac.exe" [2006-01-18 970240]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
"RtHDVCpl "= "RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-30 4911104]
"Skytel "= "Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\users\quasarn01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Assistant Software.lnk - c:\program files\Camera Assistant Software for Toshiba\traybar.exe [2008-6-25 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AccuWeather Desktop.lnk]
backup=c:\windows\pss\AccuWeather Desktop.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^quasarn01^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bayvue2694056434.lnk]
backup=c:\windows\pss\bayvue2694056434.lnk.Startup
backupExtension=.Startup

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSwx.sys [10/19/2009 07:26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9/3/2009 09:45 161800]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/10/2009 20:27 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [12/14/2009 19:51 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/3/2009 09:45 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/3/2009 09:45 360584]
R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [6/29/2009 13:33 146264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 08:43 74480]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/13/2009 16:05 285392]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/25/2007 16:07 40960]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2009 01:02 276816]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 19:09 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/13/2009 06:57 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 10:05 92008]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 19:03 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2009 02:48 24652]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [10/19/2009 07:26 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [10/19/2009 07:26 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [10/19/2009 07:26 21208]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [11/4/2009 02:59 17408]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/13/2008 20:44 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [5/16/2009 16:00 19160]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 16:18 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [8/20/2009 01:04 189440]
S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm\timeserv.exe [10/3/2008 11:36 415744]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/13/2009 16:04 5832712]
S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7/8/2009 02:23 62776]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [4/12/2009 18:48 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 17:08 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 16:34 1028432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 08:43 7408]
S4 gupdate1c9868994777d0;Google Update Service (gupdate1c9868994777d0);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 00:25 133104]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 05:45 13088]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:26]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 05:25]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 05:25]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017210073-3623525190-2501994021-1000Core.job
- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-07 02:38]

2009-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4017210073-3623525190-2501994021-1000UA.job
- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-07 02:38]

2009-12-17 c:\windows\Tasks\Malwarebytes' Scheduled Update for quasarn01.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-16 21:14]

2009-12-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]

2009-12-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]

2009-12-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Email Toolbar Search
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
Trusted Zone: weatherbug.com\deskwx
TCP: {8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\quasarn01\AppData\Roaming\Mozilla\Firefox\Profiles\4dtf7eme.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - www.foxnews.com
FF - prefs.js: keyword.URL -
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\quasarn01\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\quasarn01\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6 ", "AllAccess ");
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BF408F0-16A9-30BC-2C22-F999F3B18EEC}*]
"gbojbealfbpcklcmcagngafblkamneaogopnniapdfenjm "=hex:66,61,63,6a,61,64,63,6d,
6c,64,69,63,00,02

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ahead\Shared]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ulead Systems\Ulead DVD Tweak and Fit\2.1\VIO\SaveTemplateFiles]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE "=dword:00000003
"TMH "=dword:01cb5d8f
"TML "=dword:0affaab9

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-17 08:14
ComboFix-quarantined-files.txt 2009-12-17 13:14
ComboFix2.txt 2009-12-17 02:03

Pre-Run: 66,839,498,752 bytes free
Post-Run: 66,639,486,976 bytes free

- - End Of File - - 4AFC9682BC2754CF283D97FA62D25D26

quasarn01 · 2009/12/17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:51, on 12/17/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1226462707\ee\aolsoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Music Alarm Clock\mac.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - Startup: Camera Assistant Software.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: deskwx.weatherbug.com
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13655 bytes

broni · 2009/12/17

How is redirection issue?

quasarn01 · 2009/12/17

Still redirecting.. Both Firefox and IE8... And it seems to be getting worse... I keep getting this with AVG:

Trojan horse PSW.Generic7.AXIW; "193.104.27.171/money3.exe "; "Object was blocked "; "12/17/2009, 5:43:21 PM "; "file "; "C:\Windows\System32\svchost.exe "

Did a scan and this is what I got:

"Infections "
"File "; "Infection "; "Result "
"C:\Windows\System32\taskhost.exe (3512):\memory_01710000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\System32\taskhost.exe (3512) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Windows\System32\igfxtray.exe (3504):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\System32\igfxtray.exe (3504) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Windows\System32\igfxpers.exe (3028):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\System32\igfxpers.exe (3028) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Windows\System32\dwm.exe (2932):\memory_008f0000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\System32\dwm.exe (2932) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Windows\RtHDVCpl.exe (3208):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\RtHDVCpl.exe (3208) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Windows\explorer.exe (3856):\memory_01ec0000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\explorer.exe (3856):\memory_01d50000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Windows\explorer.exe (3856) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe (5484):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe (5484) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (4764):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (4764) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\AVG\AVG9\avgui.exe (7924):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\AVG\AVG9\avgui.exe (7924) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\AVG\AVG9\avgtray.exe (4308):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\AVG\AVG9\avgtray.exe (4308) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\AVG\AVG9\avgscanx.exe (6428):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\AVG\AVG9\avgscanx.exe (6428) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\AVG\AVG9\avgcsrvx.exe (5588):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\AVG\AVG9\avgcsrvx.exe (5588) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "
"C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe (5060):\memory_00130000 "; "Virus identified Win32/Cryptor "; "Moved to Virus Vault "
"C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe (5060) "; "Virus identified Win32/Cryptor "; "Reboot is required to finish the action "

Log in or Sign up

Solved Google Redirect and unwanted New Tab Popups in Firefox

quasarn01 Inactive Thread Starter

PeteC SuperGeek Staff

quasarn01 Inactive Thread Starter

PeteC SuperGeek Staff

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google Redirect and unwanted New Tab Popups in Firefox

quasarn01 Inactive Thread Starter

PeteC SuperGeek Staff

quasarn01 Inactive Thread Starter

PeteC SuperGeek Staff

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

quasarn01 Inactive Thread Starter

broni Moderator Malware Analyst

quasarn01 Inactive Thread Starter

Share This Page

Useful Searches