1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google Redirect and unwanted New Tab Popups in Firefox

Discussion in 'Malware and Virus Removal Archive' started by quasarn01, 2009/12/14.

Page 2 of 2
  1. 2009/12/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Restart computer.

    =============================================================

    Please download ComboFix from [color= "Red"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #21
  2. 2009/12/18
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    ComboFix 09-12-17.03 - quasarn01 12/18/2009 7:13.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1914 [GMT -5:00]
    Running from: c:\users\quasarn01\Desktop\KittyFix.exe
    AV: F-Secure Client Security 7.10 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    SP: F-Secure Client Security 7.10 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\users\quasarn01\AppData\Roaming\EurekaLog
    c:\users\quasarn01\AppData\Roaming\EurekaLog\EmailCharger\EmailCharger.elf
    c:\windows\Cursors\aero_link.cur
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds

    Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_iphlpsvc


    ((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
    .

    2009-12-18 12:24 . 2009-12-18 12:28 -------- d-----w- c:\users\quasarn01\AppData\Local\temp
    2009-12-18 12:24 . 2009-12-18 12:24 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-12-18 12:24 . 2009-12-18 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-18 12:02 . 2009-12-18 12:06 -------- d-----w- C:\32788R22FWJFW
    2009-12-17 23:06 . 2009-12-18 03:07 -------- d-sh--w- c:\users\quasarn01\AppData\Roaming\lowsec
    2009-12-17 22:21 . 2009-12-17 22:22 -------- d-----w- C:\3d0
    2009-12-17 21:16 . 2009-12-17 21:16 -------- d-----w- c:\program files\CCleaner
    2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- C:\SpyHunter
    2009-12-17 20:14 . 2009-12-17 20:14 -------- d-----w- c:\program files\Enigma Software Group
    2009-12-17 20:00 . 2009-12-17 20:24 -------- d-----w- c:\program files\ewido anti-malware
    2009-12-17 18:59 . 2009-12-17 18:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\TrojanHunter
    2009-12-17 18:43 . 2009-12-18 03:54 -------- d-----w- c:\program files\TrojanHunter 5.2
    2009-12-16 03:46 . 2009-12-16 03:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-16 01:45 . 2009-12-16 03:07 -------- d-----w- c:\program files\EMCO Malware Destroyer
    2009-12-15 23:48 . 2009-12-15 23:48 -------- d-----w- C:\_OTL
    2009-12-15 20:33 . 2009-12-15 20:34 -------- d-----w- c:\program files\ERUNT
    2009-12-15 09:16 . 2009-12-15 09:16 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Serif
    2009-12-15 09:13 . 2009-12-15 09:13 -------- d-----w- c:\program files\Serif
    2009-12-15 09:05 . 2009-12-15 09:05 -------- d-----w- C:\Serif.WebPlus
    2009-12-15 08:41 . 2009-12-15 08:42 -------- d-----w- C:\greenback
    2009-12-15 06:53 . 2009-12-15 06:55 -------- d-----w- C:\TemplatesX5
    2009-12-15 04:32 . 2009-12-15 04:43 -------- d-----w- C:\MyWork
    2009-12-15 03:58 . 2009-12-15 04:25 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
    2009-12-15 03:55 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
    2009-12-15 03:50 . 2009-12-15 04:53 -------- d-----w- C:\WebSite.X5
    2009-12-15 01:45 . 2009-12-15 01:52 -------- d-----w- C:\HostsXpert
    2009-12-15 00:51 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-12-15 00:51 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2009-12-15 00:51 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-12-15 00:51 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-12-15 00:51 . 2009-12-15 01:54 -------- d-----w- c:\program files\Common Files\PC Tools
    2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\users\quasarn01\AppData\Roaming\PC Tools
    2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\programdata\PC Tools
    2009-12-14 18:39 . 2009-12-14 18:39 -------- d-----w- c:\program files\TrendMicro
    2009-12-14 13:34 . 2009-12-14 13:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2009-12-14 13:32 . 2009-12-14 13:32 -------- d-----w- c:\program files\Panicware
    2009-12-14 05:42 . 2009-12-14 05:42 -------- d-----w- C:\544100646fa7a6b6b1445c7633
    2009-12-14 05:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-14 05:00 . 2009-12-14 06:09 -------- d-----w- c:\program files\BHODemon 2
    2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\OpenDNS Updater
    2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\program files\OpenDNS Updater
    2009-12-13 22:00 . 2009-12-13 22:00 -------- d-----w- c:\program files\ConvertHelper
    2009-12-13 11:57 . 2009-12-13 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-13 11:57 . 2009-12-13 12:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-13 11:49 . 2009-12-13 11:49 -------- d-----w- c:\program files\Trend Micro
    2009-12-07 18:22 . 2009-12-07 18:22 -------- d-----w- C:\cart
    2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\windows\PCHEALTH
    2009-12-04 22:38 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2009-12-04 22:33 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-12-04 11:21 . 2009-12-04 11:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-12-04 09:30 . 2008-11-04 08:30 30568 ----a-w- c:\windows\system32\mdimon.dll
    2009-12-04 09:30 . 2006-10-27 00:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2009-12-04 08:25 . 2009-12-04 08:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2009-12-04 08:15 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
    2009-12-04 08:15 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-12-04 08:15 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
    2009-12-04 08:15 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
    2009-12-04 08:15 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
    2009-12-04 08:15 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
    2009-12-04 08:15 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2009-12-04 08:15 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
    2009-12-04 08:15 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
    2009-12-04 08:15 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
    2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Local\Windows Live Writer
    2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Windows Live Writer
    2009-12-04 05:06 . 2009-12-04 05:06 -------- d-----w- C:\Roboform data backup
    2009-12-04 04:43 . 2009-12-04 04:43 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-12-04 04:19 . 2009-12-04 04:19 -------- d-----w- c:\programdata\RegCure
    2009-12-04 04:19 . 2009-12-04 04:41 -------- d-----w- c:\program files\RegCure
    2009-12-04 03:57 . 2009-12-04 04:45 -------- d-----w- c:\program files\MSECACHE
    2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\users\quasarn01\AppData\Local\LogiShrd
    2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\program files\Logitech
    2009-12-03 17:29 . 2009-12-03 17:29 -------- d-----w- c:\programdata\page
    2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SoftMaker
    2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\program files\Ashampoo
    2009-12-03 15:15 . 2009-12-03 18:23 -------- d-----w- c:\program files\Microsoft Officexx
    2009-12-03 14:26 . 2009-12-03 14:26 -------- d-----w- C:\office 7
    2009-12-03 14:20 . 2009-12-15 21:54 166488 ----a-w- c:\users\quasarn01\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-03 11:51 . 2009-12-03 10:37 -------- d-----w- c:\windows\Panther
    2009-12-03 10:29 . 2009-12-17 02:15 -------- d-----w- c:\windows\system32\wbem\Performance
    2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\Roaming
    2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-12-03 09:01 . 2009-12-03 09:52 -------- d-----w- c:\users\quasarn01\dwhelper
    2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\windows\system32\RTCOM
    2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\program files\Synaptics
    2009-12-03 02:14 . 2009-12-17 22:22 -------- d-sh--w- c:\windows\Installer
    2009-12-03 01:08 . 2009-12-03 01:08 -------- d-----w- C:\inetpub
    2009-12-02 19:41 . 2009-12-02 19:41 -------- d-----w- C:\kaqoo2_client
    2009-12-02 19:36 . 2009-12-03 02:08 -------- d-sh--w- c:\users\quasarn01\.COMMgr
    2009-12-02 18:20 . 2009-12-03 09:12 -------- d-----w- c:\program files\PTAutoRun
    2009-12-02 18:20 . 2009-12-02 18:20 249856 ----a-w- c:\windows\Setup1.exe
    2009-12-02 18:20 . 2009-12-02 18:20 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-12-02 17:54 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\{43CED9EC-A88C-465C-9BD3-3F868712A5B5}
    2009-11-30 02:40 . 2009-12-03 09:44 -------- d-----w- c:\users\quasarn01\AppData\Roaming\dvdcss
    2009-11-30 00:09 . 2009-12-03 09:05 -------- d-----w- c:\program files\Digiarty
    2009-11-30 00:03 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\Xenocode
    2009-11-29 23:58 . 2009-12-03 09:19 -------- d-----w- c:\program files\Ultra DVD Audio Ripper
    2009-11-25 08:01 . 2009-11-25 08:01 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-22 23:51 . 2009-12-03 09:39 -------- d-----w- c:\users\quasarn01\AppData\Local\AIM
    2009-11-22 23:51 . 2009-12-03 09:20 -------- d-----w- c:\programdata\AIM
    2009-11-22 23:50 . 2009-12-03 09:01 -------- d-----w- c:\program files\AIM
    2009-11-22 23:50 . 2009-12-03 09:05 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2009-11-21 23:00 . 2009-12-03 09:04 -------- d-----w- c:\program files\Common Files\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-18 12:30 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Skype
    2009-12-18 11:42 . 2009-10-19 12:26 -------- d-----w- c:\programdata\avg9
    2009-12-18 05:09 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\skypePM
    2009-12-17 13:18 . 2009-12-17 13:18 56 ---ha-w- c:\programdata\ezsidmv.dat
    2009-12-16 03:47 . 2009-12-16 03:47 117760 ----a-w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-15 20:20 . 2009-06-22 19:53 -------- d-----w- c:\users\quasarn01\AppData\Roaming\uTorrent
    2009-12-14 18:39 . 2009-12-14 18:39 388096 ----a-r- c:\users\quasarn01\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2009-12-14 01:03 . 2008-11-12 04:04 -------- d-----w- c:\program files\Common Files\aol
    2009-12-14 01:02 . 2009-04-13 04:20 -------- d-----w- c:\program files\Replay Video Capture
    2009-12-14 00:57 . 2009-10-03 16:16 -------- d-----w- c:\program files\Skyhook Wireless
    2009-12-14 00:56 . 2008-02-14 02:15 -------- d-----w- c:\program files\Google
    2009-12-14 00:54 . 2009-04-23 20:16 -------- d-----w- c:\program files\Ask & Record Toolbar
    2009-12-13 21:05 . 2009-09-03 14:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-13 21:05 . 2009-09-03 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-13 21:05 . 2009-09-03 14:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-13 21:05 . 2009-10-19 12:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
    2009-12-13 21:04 . 2009-09-03 14:45 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2009-12-12 11:15 . 2009-08-12 15:18 -------- d-----w- c:\program files\CoffeeCup Software
    2009-12-09 22:49 . 2008-06-25 07:59 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-07 17:13 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Jasc Software Inc
    2009-12-07 17:13 . 2008-10-09 10:35 -------- d-----w- c:\program files\Jasc Software Inc
    2009-12-07 03:58 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\IBP
    2009-12-04 11:25 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
    2009-12-04 08:23 . 2009-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 05:17 . 2009-04-12 23:44 -------- d-----w- c:\program files\Windows Live
    2009-12-03 21:14 . 2009-05-16 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 21:13 . 2009-05-16 21:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-03 14:00 . 2008-02-14 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-03 12:32 . 2008-02-14 01:36 -------- d-----w- c:\program files\Intel
    2009-12-03 10:09 . 2009-10-07 17:44 21412 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-12-03 09:44 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Media Player Classic
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Apple Computer
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AOL
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Alarm Clock Pro
    2009-12-03 09:42 . 2009-10-19 22:12 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AceBIT
    2009-12-03 09:42 . 2009-08-25 02:13 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AI Internet Solutions
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\acccore
    2009-12-03 09:23 . 2009-10-11 01:24 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-12-03 09:23 . 2008-11-04 05:05 -------- d-----w- c:\programdata\Yahoo!
    2009-12-03 09:23 . 2008-06-25 08:04 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2009-12-03 09:21 . 2009-09-17 01:16 -------- d-----w- c:\programdata\LGMOBILEAX
    2009-12-03 09:21 . 2009-05-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-03 09:21 . 2008-10-02 04:07 -------- d-----w- c:\programdata\Lavasoft
    2009-12-03 09:21 . 2009-05-05 20:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2009-12-03 09:21 . 2009-10-19 23:34 -------- d-----w- c:\programdata\Ipswitch
    2009-12-03 09:21 . 2009-01-25 10:58 -------- d-----w- c:\programdata\Intuit
    2009-12-03 09:21 . 2009-10-12 21:04 -------- d-----w- c:\programdata\InterVideo
    2009-12-03 09:21 . 2008-10-09 10:36 -------- d-----w- c:\programdata\InstallShield
    2009-12-03 09:21 . 2008-06-25 08:39 -------- d-----w- c:\programdata\Intel
    2009-12-03 09:21 . 2009-08-13 22:30 -------- d-----w- c:\programdata\GlobalSCAPE
    2009-12-03 09:21 . 2008-12-12 20:13 -------- d-----w- c:\programdata\Ezprint
    2009-12-03 09:19 . 2009-09-06 13:40 -------- d-----w- c:\program files\Xentao
    2009-12-03 09:18 . 2008-02-14 02:04 -------- d-----w- c:\program files\Ulead Systems
    2009-12-03 09:18 . 2009-01-25 10:57 -------- d-----w- c:\program files\TurboTax
    2009-12-03 09:18 . 2008-02-14 01:48 -------- d-----w- c:\program files\Toshiba Registration
    2009-12-03 09:17 . 2008-02-14 02:11 -------- d-----w- c:\program files\TOSHIBA Games
    2009-12-03 09:13 . 2008-02-14 01:42 -------- d-----w- c:\program files\TOSHIBA
    2009-12-03 09:11 . 2009-11-14 18:19 -------- d-----w- c:\program files\Pegasys Inc
    2009-12-03 09:11 . 2008-09-24 12:42 -------- d-----w- c:\program files\PCPitstop
    2009-12-03 09:11 . 2009-08-21 14:42 -------- d-----w- c:\program files\Opera
    2009-12-03 09:11 . 2009-06-23 09:38 -------- d-----w- c:\program files\Nvu
    2009-12-03 09:11 . 2009-09-29 01:57 -------- d-----w- c:\program files\NuSphere
    2009-12-03 09:11 . 2009-04-22 13:22 -------- d-----w- c:\program files\Nero 9
    2009-12-03 09:11 . 2009-04-01 18:42 -------- d-----w- c:\program files\Nero
    2009-12-03 09:11 . 2008-09-29 04:56 -------- d-----w- c:\program files\Music Alarm Clock
    2009-12-03 09:11 . 2009-08-21 01:14 -------- d-----w- c:\program files\MP3 Splitter & Joiner Pro
    2009-12-03 09:10 . 2008-09-23 06:15 -------- d-----w- c:\program files\Microsoft.NET
    2009-12-03 09:10 . 2008-06-25 07:56 -------- d-----w- c:\program files\Microsoft Works
    2009-12-03 09:10 . 2008-09-28 21:55 -------- d-----w- c:\program files\Microsoft Streets & Trips
    2009-12-03 09:10 . 2009-04-12 23:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-03 09:10 . 2009-04-12 23:48 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-12-03 09:10 . 2008-09-24 06:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-03 09:08 . 2009-09-03 18:57 -------- d-----w- c:\program files\IPP Port Monitor
    2009-12-03 09:08 . 2008-10-06 00:45 -------- d-----w- c:\program files\Ipswitch
    2009-12-03 09:08 . 2008-02-14 01:53 -------- d-----w- c:\program files\Intuit
    2009-12-03 09:08 . 2008-02-14 02:07 -------- d-----w- c:\program files\InterVideo
    2009-12-03 09:08 . 2009-08-11 21:35 -------- d-----w- c:\program files\IBP 9
    2009-12-03 09:08 . 2009-08-25 02:13 -------- d-----w- c:\program files\HTMLValidator90
    2009-12-03 09:08 . 2009-08-21 01:32 -------- d-----w- c:\program files\HiFisoftware
    2009-12-03 09:08 . 2008-10-14 04:31 -------- d-----w- c:\program files\Guitar Pro 5
    2009-12-03 09:07 . 2009-11-14 16:26 -------- d-----w- c:\program files\Gold Wave Editor
    2009-12-03 09:07 . 2009-08-13 22:28 -------- d-----w- c:\program files\GlobalSCAPE
    2009-12-03 09:06 . 2009-02-23 07:45 -------- d-----w- c:\program files\GlobalMapper10
    2009-12-03 09:06 . 2009-11-16 20:28 -------- d-----w- c:\program files\Free Desktop Tools
    2009-12-03 09:04 . 2008-11-06 05:18 -------- d-----w- c:\program files\Common Files\Nullsoft
    2009-12-03 09:04 . 2008-09-23 02:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-12-03 09:04 . 2009-04-01 18:41 -------- d-----w- c:\program files\Common Files\Nero
    2009-12-03 09:04 . 2009-11-10 23:49 -------- d-----w- c:\program files\Common Files\L&H
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2008-09-21 21:10 . 2008-09-21 21:10 13 --sha-r- c:\windows\System32\drivers\fbd.sys
    2008-09-21 21:10 . 2008-09-21 21:10 4 --sha-r- c:\windows\System32\drivers\taishop.sys
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-15 160592]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
    "Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "SkinClock "= "c:\program files\Atomic Alarm\AtomicAlarmClock.exe" [2008-09-24 527360]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "OpenDNS Updater "= "c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "RtHDVCpl "= "RtHDVCpl.exe" [2008-01-30 4911104]
    "Skytel "= "Skytel.exe" [2007-11-21 1826816]
    "Camera Assistant Software "= "c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
    "HostManager "= "c:\program files\Common Files\AOL\1226462707\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
    "Music Alarm Clock "= "c:\progra~1\MUSICA~1\mac.exe" [2006-01-18 970240]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
    "THGuard "= "c:\program files\TrojanHunter 5.2\THGuard.exe" [2009-11-26 1069728]

    c:\users\quasarn01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Camera Assistant Software.lnk - c:\program files\Camera Assistant Software for Toshiba\traybar.exe [2008-6-25 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AccuWeather Desktop.lnk]
    backup=c:\windows\pss\AccuWeather Desktop.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^quasarn01^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bayvue2694056434.lnk]
    backup=c:\windows\pss\bayvue2694056434.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
    2008-01-22 21:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2009-10-11 01:26 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    2009-04-08 19:37 637232 ----a-w- c:\program files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
    2009-05-05 19:16 4178688 ----a-w- c:\program files\BOINC\boincmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
    2009-05-05 19:16 58112 ----a-w- c:\program files\BOINC\boinctray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    2009-03-19 15:12 632048 ----a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server]
    2008-10-17 13:00 346896 ----a-w- c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2007-06-25 15:34 82608 ----a-w- c:\program files\Lexmark 3400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-02-14 02:15 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-07 02:38 133104 ----atw- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-09-11 22:15 173592 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS]
    2006-11-21 18:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcytime.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
    2007-06-25 15:34 291504 ----a-w- c:\program files\Lexmark 3400 Series\lxcymon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
    2009-04-13 18:14 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2008-09-19 15:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
    2008-09-24 09:05 527360 ----a-w- c:\program files\Atomic Alarm\AtomicAlarmClock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smash]
    2007-11-22 17:42 163840 ----a-w- c:\program files\Ashampoo\Ashampoo Office 2008\smash.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
    2009-04-01 22:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2009-10-20 15:08 1693184 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
    2009-06-29 18:33 1743 ----a-w- c:\program files\Zecter\ZumoDrive\ZumoDrive.lnk

    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSwx.sys [10/19/2009 07:26 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9/3/2009 09:45 161800]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/10/2009 20:27 64160]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [12/14/2009 19:51 207792]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/3/2009 09:45 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/3/2009 09:45 360584]
    R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [6/29/2009 13:33 146264]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 08:43 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 08:43 74480]
    R2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm\timeserv.exe [10/3/2008 11:36 415744]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/13/2009 16:05 285392]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/13/2009 16:04 5832712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/25/2007 16:07 40960]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2009 01:02 276816]
    R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 19:09 11032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/13/2009 06:57 1153368]
    R2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7/8/2009 02:23 62776]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 10:05 92008]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 19:03 126976]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2009 02:48 24652]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [10/19/2009 07:26 122376]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [10/19/2009 07:26 30216]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [10/19/2009 07:26 21208]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [11/4/2009 02:59 17408]
    R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/13/2008 20:44 7168]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [5/16/2009 16:00 19160]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 16:18 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [8/20/2009 01:04 189440]
    S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [4/12/2009 18:48 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 17:08 533360]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 16:34 1028432]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 08:43 7408]
    S4 gupdate1c9868994777d0;Google Update Service (gupdate1c9868994777d0);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 00:25 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    seclogon
    AppInfo
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    AppMgmt
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &AOL Email Toolbar Search
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    Trusted Zone: weatherbug.com\deskwx
    TCP: {8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E} = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\quasarn01\AppData\Roaming\Mozilla\Firefox\Profiles\4dtf7eme.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
    FF - prefs.js: browser.startup.homepage - www.foxnews.com
    FF - prefs.js: keyword.URL -
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\kSolo\npAVX.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\quasarn01\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\users\quasarn01\Program Files\DNA\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6 ", "AllAccess ");
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BF408F0-16A9-30BC-2C22-F999F3B18EEC}*]
    "gbojbealfbpcklcmcagngafblkamneaogopnniapdfenjm "=hex:66,61,63,6a,61,64,63,6d,
    6c,64,69,63,00,02

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ahead\Shared]
    @DACL=(02 0000)

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ulead Systems\Ulead DVD Tweak and Fit\2.1\VIO\SaveTemplateFiles]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\IVP\Services\Software Upgrades\Swupdtmr]
    @DACL=(02 0000)
    @SACL=
    "STATE "=dword:00000003
    "TMH "=dword:01cb5d8f
    "TML "=dword:0affaab9

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5616)
    c:\program files\Zecter\ZumoDrive\ShellExt.dll
    c:\program files\Atomic Alarm\Clock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\windows\system32\CISVC.EXE
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Super_DVD_Creator_9.8\NMSAccessU.exe
    c:\toshiba\IVP\ISM\pinger.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Enigma Software Group\SpyHunter\Spyhunter3.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\Music Alarm Clock\mac.exe
    c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-18 07:36:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-18 12:36
    ComboFix2.txt 2009-12-17 13:14
    ComboFix3.txt 2009-12-17 02:03

    Pre-Run: 93,611,814,912 bytes free
    Post-Run: 93,646,577,664 bytes free

    - - End Of File - - ED1A5138897730323538125ADF8FEB72
    *************************************************************
     
    quasarn01,
    #22


  3. to hide this advert.

  4. 2009/12/18
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:40:34, on 12/18/2009
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1226462707\ee\aolsoftware.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Music Alarm Clock\mac.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Logitech\Logitech Vid\Vid.exe
    C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
    O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe "
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    O4 - Startup: Camera Assistant Software.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: deskwx.weatherbug.com
    O15 - Trusted IP range: http://192.168.2.1
    O15 - ESC Trusted IP range: http://192.168.2.1
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13822 bytes
     
    quasarn01,
    #23
  5. 2009/12/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Redirection still there?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\programdata\ezsidmv.dat


Folder::

Driver::

Registry::

RegLockDel::

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
    broni,
    #24
  6. 2009/12/19
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    Sorry for the delay... Our internet was out for the past 2 days due to snow storms... So far I haven't had any trouble with redirects, however, I've only been on now for 10 minutes... Here are my logs that I ran prior to the snow storms...
    **************************************************************


    ComboFix 09-12-17.03 - quasarn01 12/19/2009 1:48.4.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1810 [GMT -5:00]
    Running from: c:\users\quasarn01\Desktop\KittyFix.exe
    Command switches used :: c:\users\quasarn01\Desktop\CFScript.txt
    AV: F-Secure Client Security 7.10 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    SP: F-Secure Client Security 7.10 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    FILE ::
    "c:\programdata\ezsidmv.dat "
    .
    The following files were disabled during the run:
    c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\ezsidmv.dat

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-19 to 2009-12-19 )))))))))))))))))))))))))))))))
    .

    2009-12-19 07:00 . 2009-12-19 07:00 -------- d-----w- c:\users\quasarn01\AppData\Local\temp
    2009-12-19 07:00 . 2009-12-19 07:00 -------- d-----w- c:\users\Public\AppData\Local\temp
    2009-12-19 07:00 . 2009-12-19 07:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-12-19 06:43 . 2009-12-19 06:46 -------- d-----w- C:\32788R22FWJFW
    2009-12-19 06:08 . 2009-12-19 06:08 286720 ----a-w- c:\windows\iun507.exe
    2009-12-19 06:08 . 2009-12-19 06:08 -------- d-----w- c:\program files\PersonalWebKit3
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-18 21:16 . 2009-12-18 21:16 866200 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\{45534523-DCD1-FBCC-2720-938DD9E71B8F}-SpyHunter3.exe
    2009-12-17 23:06 . 2009-12-18 03:07 -------- d-sh--w- c:\users\quasarn01\AppData\Roaming\lowsec
    2009-12-17 22:21 . 2009-12-17 22:22 -------- d-----w- C:\3d0
    2009-12-17 21:16 . 2009-12-17 21:16 -------- d-----w- c:\program files\CCleaner
    2009-12-17 20:33 . 2009-12-17 20:33 -------- d-----w- C:\SpyHunter
    2009-12-17 20:14 . 2009-12-17 20:14 -------- d-----w- c:\program files\Enigma Software Group
    2009-12-17 20:00 . 2009-12-17 20:24 -------- d-----w- c:\program files\ewido anti-malware
    2009-12-17 18:59 . 2009-12-17 18:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\TrojanHunter
    2009-12-17 18:43 . 2009-12-18 03:54 -------- d-----w- c:\program files\TrojanHunter 5.2
    2009-12-16 03:47 . 2009-12-16 03:47 117760 ----a-w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-12-16 03:46 . 2009-12-16 03:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SUPERAntiSpyware.com
    2009-12-16 03:45 . 2009-12-16 03:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-16 01:45 . 2009-12-16 03:07 -------- d-----w- c:\program files\EMCO Malware Destroyer
    2009-12-15 23:48 . 2009-12-15 23:48 -------- d-----w- C:\_OTL
    2009-12-15 20:33 . 2009-12-15 20:34 -------- d-----w- c:\program files\ERUNT
    2009-12-15 09:16 . 2009-12-15 09:16 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Serif
    2009-12-15 09:13 . 2009-12-15 09:13 -------- d-----w- c:\program files\Serif
    2009-12-15 09:05 . 2009-12-15 09:05 -------- d-----w- C:\Serif.WebPlus
    2009-12-15 08:41 . 2009-12-15 08:42 -------- d-----w- C:\greenback
    2009-12-15 06:53 . 2009-12-19 03:26 -------- d-----w- C:\TemplatesX5
    2009-12-15 04:32 . 2009-12-18 21:21 -------- d-----w- C:\MyWork
    2009-12-15 03:58 . 2009-12-15 04:25 -------- d-----w- c:\program files\WebSite X5 v8 - Evolution
    2009-12-15 03:55 . 1997-01-16 05:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
    2009-12-15 03:50 . 2009-12-15 04:53 -------- d-----w- C:\WebSite.X5
    2009-12-15 01:45 . 2009-12-15 01:52 -------- d-----w- C:\HostsXpert
    2009-12-15 00:51 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2009-12-15 00:51 . 2009-10-30 16:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2009-12-15 00:51 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-12-15 00:51 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-12-15 00:51 . 2009-12-15 01:54 -------- d-----w- c:\program files\Common Files\PC Tools
    2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\users\quasarn01\AppData\Roaming\PC Tools
    2009-12-15 00:51 . 2009-12-15 00:51 -------- d-----w- c:\programdata\PC Tools
    2009-12-14 18:39 . 2009-12-14 18:39 388096 ----a-r- c:\users\quasarn01\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2009-12-14 18:39 . 2009-12-14 18:39 -------- d-----w- c:\program files\TrendMicro
    2009-12-14 13:34 . 2009-12-14 13:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2009-12-14 13:32 . 2009-12-14 13:32 -------- d-----w- c:\program files\Panicware
    2009-12-14 05:42 . 2009-12-14 05:42 -------- d-----w- C:\544100646fa7a6b6b1445c7633
    2009-12-14 05:21 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-12-14 05:00 . 2009-12-14 06:09 -------- d-----w- c:\program files\BHODemon 2
    2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\users\quasarn01\AppData\Roaming\OpenDNS Updater
    2009-12-14 03:59 . 2009-12-14 03:59 -------- d-----w- c:\program files\OpenDNS Updater
    2009-12-13 22:00 . 2009-12-13 22:00 -------- d-----w- c:\program files\ConvertHelper
    2009-12-13 11:57 . 2009-12-13 12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-13 11:57 . 2009-12-13 12:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-12-13 11:49 . 2009-12-13 11:49 -------- d-----w- c:\program files\Trend Micro
    2009-12-07 18:22 . 2009-12-07 18:22 -------- d-----w- C:\cart
    2009-12-05 15:20 . 2009-12-05 15:20 -------- d-----w- c:\windows\PCHEALTH
    2009-12-04 22:38 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2009-12-04 22:33 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-12-04 11:21 . 2009-12-04 11:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2009-12-04 09:30 . 2008-11-04 08:30 30568 ----a-w- c:\windows\system32\mdimon.dll
    2009-12-04 09:30 . 2006-10-27 00:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2009-12-04 08:25 . 2009-12-04 08:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2009-12-04 08:15 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
    2009-12-04 08:15 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-12-04 08:15 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
    2009-12-04 08:15 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
    2009-12-04 08:15 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
    2009-12-04 08:15 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
    2009-12-04 08:15 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2009-12-04 08:15 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
    2009-12-04 08:15 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
    2009-12-04 08:15 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
    2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Local\Windows Live Writer
    2009-12-04 05:18 . 2009-12-04 05:18 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Windows Live Writer
    2009-12-04 05:06 . 2009-12-04 05:06 -------- d-----w- C:\Roboform data backup
    2009-12-04 04:43 . 2009-12-04 04:43 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-12-04 04:19 . 2009-12-04 04:19 -------- d-----w- c:\programdata\RegCure
    2009-12-04 04:19 . 2009-12-04 04:41 -------- d-----w- c:\program files\RegCure
    2009-12-04 03:57 . 2009-12-04 04:45 -------- d-----w- c:\program files\MSECACHE
    2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\users\quasarn01\AppData\Local\LogiShrd
    2009-12-04 01:15 . 2009-12-04 01:15 -------- d-----w- c:\program files\Logitech
    2009-12-03 19:03 . 2007-11-28 18:03 523776 ------w- c:\users\quasarn01\AppData\Roaming\SoftMaker\smun3250.exe
    2009-12-03 17:29 . 2009-12-03 17:29 -------- d-----w- c:\programdata\page
    2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\users\quasarn01\AppData\Roaming\SoftMaker
    2009-12-03 16:21 . 2009-12-03 19:03 -------- d-----w- c:\program files\Ashampoo
    2009-12-03 15:15 . 2009-12-03 18:23 -------- d-----w- c:\program files\Microsoft Officexx
    2009-12-03 14:26 . 2009-12-03 14:26 -------- d-----w- C:\office 7
    2009-12-03 14:20 . 2009-12-15 21:54 166488 ----a-w- c:\users\quasarn01\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-12-03 11:51 . 2009-12-03 10:37 -------- d-----w- c:\windows\Panther
    2009-12-03 10:29 . 2009-12-17 02:15 -------- d-----w- c:\windows\system32\wbem\Performance
    2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\Roaming
    2009-12-03 10:01 . 2009-12-03 10:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2009-12-03 09:01 . 2009-12-03 09:52 -------- d-----w- c:\users\quasarn01\dwhelper
    2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\windows\system32\RTCOM
    2009-12-03 08:57 . 2009-12-03 08:57 -------- d-----w- c:\program files\Synaptics
    2009-12-03 02:14 . 2009-12-17 22:22 -------- d-sh--w- c:\windows\Installer
    2009-12-03 01:08 . 2009-12-03 01:08 -------- d-----w- C:\inetpub
    2009-12-02 19:41 . 2009-12-02 19:41 -------- d-----w- C:\kaqoo2_client
    2009-12-02 19:36 . 2009-12-03 02:08 -------- d-sh--w- c:\users\quasarn01\.COMMgr
    2009-12-02 18:20 . 2009-12-03 09:12 -------- d-----w- c:\program files\PTAutoRun
    2009-12-02 18:20 . 2009-12-02 18:20 249856 ----a-w- c:\windows\Setup1.exe
    2009-12-02 18:20 . 2009-12-02 18:20 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-12-02 17:54 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\{43CED9EC-A88C-465C-9BD3-3F868712A5B5}
    2009-11-30 02:40 . 2009-12-03 09:44 -------- d-----w- c:\users\quasarn01\AppData\Roaming\dvdcss
    2009-11-30 00:09 . 2009-12-03 09:05 -------- d-----w- c:\program files\Digiarty
    2009-11-30 00:03 . 2009-12-03 09:42 -------- d-----w- c:\users\quasarn01\AppData\Local\Xenocode
    2009-11-29 23:58 . 2009-12-03 09:19 -------- d-----w- c:\program files\Ultra DVD Audio Ripper
    2009-11-25 08:01 . 2009-11-25 08:01 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-22 23:51 . 2009-12-03 09:39 -------- d-----w- c:\users\quasarn01\AppData\Local\AIM
    2009-11-22 23:51 . 2009-12-03 09:20 -------- d-----w- c:\programdata\AIM
    2009-11-22 23:50 . 2009-12-03 09:01 -------- d-----w- c:\program files\AIM
    2009-11-22 23:50 . 2009-12-03 09:05 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2009-11-21 23:00 . 2009-12-03 09:04 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2009-11-21 22:57 . 2009-11-21 22:57 79144 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-19 06:25 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Skype
    2009-12-19 05:06 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\skypePM
    2009-12-18 11:42 . 2009-10-19 12:26 -------- d-----w- c:\programdata\avg9
    2009-12-15 20:20 . 2009-06-22 19:53 -------- d-----w- c:\users\quasarn01\AppData\Roaming\uTorrent
    2009-12-14 01:03 . 2008-11-12 04:04 -------- d-----w- c:\program files\Common Files\aol
    2009-12-14 01:02 . 2009-04-13 04:20 -------- d-----w- c:\program files\Replay Video Capture
    2009-12-14 00:57 . 2009-10-03 16:16 -------- d-----w- c:\program files\Skyhook Wireless
    2009-12-14 00:56 . 2008-02-14 02:15 -------- d-----w- c:\program files\Google
    2009-12-14 00:54 . 2009-04-23 20:16 -------- d-----w- c:\program files\Ask & Record Toolbar
    2009-12-13 21:05 . 2009-09-03 14:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-13 21:05 . 2009-09-03 14:45 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-13 21:05 . 2009-09-03 14:45 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-12-13 21:05 . 2009-10-19 12:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
    2009-12-13 21:04 . 2009-09-03 14:45 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2009-12-12 11:15 . 2009-08-12 15:18 -------- d-----w- c:\program files\CoffeeCup Software
    2009-12-09 22:49 . 2008-06-25 07:59 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-07 17:13 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Jasc Software Inc
    2009-12-07 17:13 . 2008-10-09 10:35 -------- d-----w- c:\program files\Jasc Software Inc
    2009-12-07 03:58 . 2009-08-20 18:05 -------- d-----w- c:\users\quasarn01\AppData\Roaming\IBP
    2009-12-04 11:25 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
    2009-12-04 08:23 . 2009-05-16 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 06:02 . 2009-10-20 05:13 4844296 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-12-04 05:17 . 2009-04-12 23:44 -------- d-----w- c:\program files\Windows Live
    2009-12-03 21:14 . 2009-05-16 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 21:13 . 2009-05-16 21:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-03 14:00 . 2008-02-14 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-03 12:32 . 2008-02-14 01:36 -------- d-----w- c:\program files\Intel
    2009-12-03 10:09 . 2009-10-07 17:44 21412 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-12-03 09:44 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Media Player Classic
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Apple Computer
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AOL
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\Alarm Clock Pro
    2009-12-03 09:42 . 2009-10-19 22:12 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AceBIT
    2009-12-03 09:42 . 2009-08-25 02:13 -------- d-----w- c:\users\quasarn01\AppData\Roaming\AI Internet Solutions
    2009-12-03 09:42 . 2009-08-20 18:06 -------- d-----w- c:\users\quasarn01\AppData\Roaming\acccore
    2009-12-03 09:23 . 2009-10-11 01:24 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-12-03 09:23 . 2008-11-04 05:05 -------- d-----w- c:\programdata\Yahoo!
    2009-12-03 09:23 . 2008-06-25 08:04 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2009-12-03 09:21 . 2009-09-17 01:16 -------- d-----w- c:\programdata\LGMOBILEAX
    2009-12-03 09:21 . 2009-05-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
    2009-12-03 09:21 . 2008-10-02 04:07 -------- d-----w- c:\programdata\Lavasoft
    2009-12-03 09:21 . 2009-05-05 20:56 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2009-12-03 09:21 . 2009-10-19 23:34 -------- d-----w- c:\programdata\Ipswitch
    2009-12-03 09:21 . 2009-01-25 10:58 -------- d-----w- c:\programdata\Intuit
    2009-12-03 09:21 . 2009-10-12 21:04 -------- d-----w- c:\programdata\InterVideo
    2009-12-03 09:21 . 2008-10-09 10:36 -------- d-----w- c:\programdata\InstallShield
    2009-12-03 09:21 . 2008-06-25 08:39 -------- d-----w- c:\programdata\Intel
    2009-12-03 09:21 . 2009-08-13 22:30 -------- d-----w- c:\programdata\GlobalSCAPE
    2009-12-03 09:21 . 2008-12-12 20:13 -------- d-----w- c:\programdata\Ezprint
    2009-12-03 09:19 . 2009-09-06 13:40 -------- d-----w- c:\program files\Xentao
    2009-12-03 09:18 . 2008-02-14 02:04 -------- d-----w- c:\program files\Ulead Systems
    2009-12-03 09:18 . 2009-01-25 10:57 -------- d-----w- c:\program files\TurboTax
    2009-12-03 09:18 . 2008-02-14 01:48 -------- d-----w- c:\program files\Toshiba Registration
    2009-12-03 09:17 . 2008-02-14 02:11 -------- d-----w- c:\program files\TOSHIBA Games
    2009-12-03 09:13 . 2008-02-14 01:42 -------- d-----w- c:\program files\TOSHIBA
    2009-12-03 09:11 . 2009-11-14 18:19 -------- d-----w- c:\program files\Pegasys Inc
    2009-12-03 09:11 . 2008-09-24 12:42 -------- d-----w- c:\program files\PCPitstop
    2009-12-03 09:11 . 2009-08-21 14:42 -------- d-----w- c:\program files\Opera
    2009-12-03 09:11 . 2009-06-23 09:38 -------- d-----w- c:\program files\Nvu
    2009-12-03 09:11 . 2009-09-29 01:57 -------- d-----w- c:\program files\NuSphere
    2009-12-03 09:11 . 2009-04-22 13:22 -------- d-----w- c:\program files\Nero 9
    2009-12-03 09:11 . 2009-04-01 18:42 -------- d-----w- c:\program files\Nero
    2009-12-03 09:11 . 2008-09-29 04:56 -------- d-----w- c:\program files\Music Alarm Clock
    2009-12-03 09:11 . 2009-08-21 01:14 -------- d-----w- c:\program files\MP3 Splitter & Joiner Pro
    2009-12-03 09:10 . 2008-09-23 06:15 -------- d-----w- c:\program files\Microsoft.NET
    2009-12-03 09:10 . 2008-06-25 07:56 -------- d-----w- c:\program files\Microsoft Works
    2009-12-03 09:10 . 2008-09-28 21:55 -------- d-----w- c:\program files\Microsoft Streets & Trips
    2009-12-03 09:10 . 2009-04-12 23:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-12-03 09:10 . 2009-04-12 23:48 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-12-03 09:10 . 2008-09-24 06:57 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-12-03 09:08 . 2009-09-03 18:57 -------- d-----w- c:\program files\IPP Port Monitor
    2009-12-03 09:08 . 2008-10-06 00:45 -------- d-----w- c:\program files\Ipswitch
    2009-12-03 09:08 . 2008-02-14 01:53 -------- d-----w- c:\program files\Intuit
    2009-12-03 09:08 . 2008-02-14 02:07 -------- d-----w- c:\program files\InterVideo
    2009-12-03 09:08 . 2009-08-11 21:35 -------- d-----w- c:\program files\IBP 9
    2009-12-03 09:08 . 2009-08-25 02:13 -------- d-----w- c:\program files\HTMLValidator90
    2009-12-03 09:08 . 2009-08-21 01:32 -------- d-----w- c:\program files\HiFisoftware
    2009-12-03 09:08 . 2008-10-14 04:31 -------- d-----w- c:\program files\Guitar Pro 5
    2009-12-03 09:07 . 2009-11-14 16:26 -------- d-----w- c:\program files\Gold Wave Editor
    2009-12-03 09:07 . 2009-08-13 22:28 -------- d-----w- c:\program files\GlobalSCAPE
    2009-12-03 09:06 . 2009-02-23 07:45 -------- d-----w- c:\program files\GlobalMapper10
    2009-12-03 09:06 . 2009-11-16 20:28 -------- d-----w- c:\program files\Free Desktop Tools
    2009-12-03 09:04 . 2008-11-06 05:18 -------- d-----w- c:\program files\Common Files\Nullsoft
    2009-12-03 09:04 . 2008-09-23 02:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-12-03 09:04 . 2009-04-01 18:41 -------- d-----w- c:\program files\Common Files\Nero
    2009-12-03 09:04 . 2009-11-10 23:49 -------- d-----w- c:\program files\Common Files\L&H
    2009-12-03 09:04 . 2009-01-25 10:58 -------- d-----w- c:\program files\Common Files\Intuit
    2009-12-03 09:04 . 2008-02-14 02:01 -------- d-----w- c:\program files\Common Files\Java
    2009-12-03 09:04 . 2009-07-28 23:39 -------- d-----w- c:\program files\Common Files\InterVideo
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2008-09-21 21:10 . 2008-09-21 21:10 13 --sha-r- c:\windows\System32\drivers\fbd.sys
    2008-09-21 21:10 . 2008-09-21 21:10 4 --sha-r- c:\windows\System32\drivers\taishop.sys
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-12-17_01.56.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-12-03 14:38 . 2009-12-18 12:13 35936 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 04:55 . 2009-12-18 15:27 45756 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-17 18:43 . 2009-12-17 18:44 59392 c:\windows\System32\streamhlp.dll
    + 2009-12-03 08:58 . 2009-12-18 15:26 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:41 . 2009-12-18 15:26 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-03 14:16 . 2009-12-18 15:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-03 14:16 . 2009-12-17 01:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:34 . 2009-12-17 19:36 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-12-03 14:16 . 2009-12-18 15:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-03 14:16 . 2009-12-17 01:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-03 14:16 . 2009-12-17 01:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-03 14:16 . 2009-12-18 15:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-03 10:13 . 2009-12-18 15:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-12-03 10:13 . 2009-12-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-10-09 02:14 . 2009-12-19 06:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-10-09 02:14 . 2009-12-16 19:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2009-10-09 02:14 . 2009-12-19 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2009-10-09 02:14 . 2009-12-16 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2009-10-09 02:14 . 2009-12-19 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    - 2009-10-09 02:14 . 2009-12-16 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    - 2009-12-03 10:13 . 2009-12-17 01:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-03 10:13 . 2009-12-19 06:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-03 10:13 . 2009-12-17 01:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-03 10:13 . 2009-12-18 15:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-12-03 13:35 . 2009-12-18 15:27 6988 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4017210073-3623525190-2501994021-1000_UserData.bin
    - 2009-07-04 22:45 . 2009-07-04 22:45 9560 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_48.bin
    + 2009-07-04 22:45 . 2009-12-17 02:40 9560 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_48.bin
    - 2009-07-04 22:45 . 2009-07-04 22:45 4280 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_32.bin
    + 2009-07-04 22:45 . 2009-12-17 02:40 4280 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_32.bin
    + 2009-07-04 22:45 . 2009-12-17 02:40 2456 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_24.bin
    - 2009-07-04 22:45 . 2009-07-04 22:45 2456 c:\windows\System32\NetworkList\Icons\{2D52082E-460E-4002-86A8-416E032F0763}_24.bin
    - 2009-12-17 01:29 . 2009-12-17 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-12-18 12:10 . 2009-12-18 15:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-12-18 12:10 . 2009-12-18 15:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-12-17 01:29 . 2009-12-17 01:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-12-21 19:18 . 2006-12-21 19:18 497496 c:\windows\System32\XceedZip.dll
    + 2006-09-11 15:53 . 2006-09-11 15:53 276352 c:\windows\System32\XceedSco.dll
    + 2006-09-11 15:56 . 2006-09-11 15:56 526184 c:\windows\System32\XceedCry.dll
    + 2004-12-07 14:11 . 2004-12-07 14:11 258352 c:\windows\System32\unicows.dll
    - 2009-07-14 02:05 . 2009-12-14 04:38 650410 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2009-12-17 02:15 650410 c:\windows\System32\perfh009.dat
    + 2009-07-14 02:05 . 2009-12-17 02:15 117684 c:\windows\System32\perfc009.dat
    - 2009-07-14 02:05 . 2009-12-14 04:38 117684 c:\windows\System32\perfc009.dat
    + 2009-12-03 08:58 . 2009-12-18 15:26 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2005-12-29 19:11 . 2000-07-16 21:20 185856 c:\windows\System32\Bmp2Jpeg.dll
    + 2009-08-03 20:10 . 2009-08-03 20:10 791552 c:\windows\Installer\941d85.msi
    + 2009-07-14 02:03 . 2009-12-18 19:46 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:03 . 2009-12-16 16:31 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @= "{D25B32FE-CB96-491A-98FF-AD59DA382D69} "
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @= "{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @= "{B3C78E40-6B64-47C3-AE34-60B770881EB8} "
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @= "{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2009-06-11 19:46 634368 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm "= "c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-15 160592]
    "Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
    "Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "SkinClock "= "c:\program files\Atomic Alarm\AtomicAlarmClock.exe" [2008-09-24 527360]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "OpenDNS Updater "= "c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "RtHDVCpl "= "RtHDVCpl.exe" [2008-01-30 4911104]
    "Skytel "= "Skytel.exe" [2007-11-21 1826816]
    "Camera Assistant Software "= "c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
    "HostManager "= "c:\program files\Common Files\AOL\1226462707\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
    "PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
    "TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-13 2033432]
    "Music Alarm Clock "= "c:\progra~1\MUSICA~1\mac.exe" [2006-01-18 970240]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
    "THGuard "= "c:\program files\TrojanHunter 5.2\THGuard.exe" [2009-11-26 1069728]

    c:\users\quasarn01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Camera Assistant Software.lnk - c:\program files\Camera Assistant Software for Toshiba\traybar.exe [2008-6-25 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AccuWeather Desktop.lnk]
    backup=c:\windows\pss\AccuWeather Desktop.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^quasarn01^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bayvue2694056434.lnk]
    backup=c:\windows\pss\bayvue2694056434.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
    2008-01-22 21:25 712704 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2009-10-11 01:26 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    2009-04-08 19:37 637232 ----a-w- c:\program files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
    2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
    2009-05-05 19:16 4178688 ----a-w- c:\program files\BOINC\boincmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
    2009-05-05 19:16 58112 ----a-w- c:\program files\BOINC\boinctray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    2009-03-19 15:12 632048 ----a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server]
    2008-10-17 13:00 346896 ----a-w- c:\program files\ElcomSoft\Distributed Password Recovery\esdprs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
    2007-06-25 15:34 82608 ----a-w- c:\program files\Lexmark 3400 Series\ezprint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-02-14 02:15 1862144 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-07 02:38 133104 ----atw- c:\users\quasarn01\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-09-11 22:15 173592 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS]
    2006-11-21 18:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcytime.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
    2007-06-25 15:34 291504 ----a-w- c:\program files\Lexmark 3400 Series\lxcymon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
    2009-04-13 18:14 2577120 ----a-w- c:\program files\PCPitstop\Optimize\PCPOptimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2008-09-19 15:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
    2008-09-24 09:05 527360 ----a-w- c:\program files\Atomic Alarm\AtomicAlarmClock.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smash]
    2007-11-22 17:42 163840 ----a-w- c:\program files\Ashampoo\Ashampoo Office 2008\smash.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    2007-06-16 04:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
    2009-04-01 22:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
    2009-10-20 15:08 1693184 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
    2009-06-29 18:33 1743 ----a-w- c:\program files\Zecter\ZumoDrive\ZumoDrive.lnk

    R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSwx.sys [10/19/2009 07:26 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9/3/2009 09:45 161800]
    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10/10/2009 20:27 64160]
    R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [12/14/2009 19:51 207792]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/3/2009 09:45 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9/3/2009 09:45 360584]
    R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs.sys [6/29/2009 13:33 146264]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 08:43 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 08:43 74480]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/13/2009 16:05 285392]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [12/25/2007 16:07 40960]
    R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 19:09 11032]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2009 02:48 24652]
    R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [10/19/2009 07:26 122376]
    R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [10/19/2009 07:26 30216]
    R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [10/19/2009 07:26 21208]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [11/4/2009 02:59 17408]
    R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/13/2008 20:44 7168]
    R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [5/16/2009 16:00 19160]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [6/10/2009 16:18 4231168]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [8/20/2009 01:04 189440]
    S2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm\timeserv.exe [10/3/2008 11:36 415744]
    S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/13/2009 16:04 5832712]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/4/2009 01:02 276816]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/13/2009 06:57 1153368]
    S2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [7/8/2009 02:23 62776]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2009 10:05 92008]
    S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [12/3/2007 19:03 126976]
    S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [4/12/2009 18:48 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 17:08 533360]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 16:34 1028432]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 08:43 7408]
    S4 gupdate1c9868994777d0;Google Update Service (gupdate1c9868994777d0);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 00:25 133104]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.foxnews.com
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &AOL Email Toolbar Search
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel
    IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    Trusted Zone: weatherbug.com\deskwx
    TCP: {8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E} = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\quasarn01\AppData\Roaming\Mozilla\Firefox\Profiles\4dtf7eme.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=
    FF - prefs.js: browser.startup.homepage - www.foxnews.com
    FF - prefs.js: keyword.URL -
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\kSolo\npAVX.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\quasarn01\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\users\quasarn01\Program Files\DNA\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\defaults\pref\activex.js - pref( "capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6 ", "AllAccess ");
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2BF408F0-16A9-30BC-2C22-F999F3B18EEC}*]
    "gbojbealfbpcklcmcagngafblkamneaogopnniapdfenjm "=hex:66,61,63,6a,61,64,63,6d,
    6c,64,69,63,00,02

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ahead\Shared]
    @DACL=(02 0000)

    [HKEY_USERS\S-1-5-21-4017210073-3623525190-2501994021-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Ulead Systems\Ulead DVD Tweak and Fit\2.1\VIO\SaveTemplateFiles]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\TOSHIBA\IVP\Services\Software Upgrades\Swupdtmr]
    @DACL=(02 0000)
    @SACL=
    "STATE "=dword:00000003
    "TMH "=dword:01cb5d8f
    "TML "=dword:0affaab9

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(680)
    c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

    - - - - - - - > 'lsass.exe'(616)
    c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
    .
    Completion time: 2009-12-19 02:06:27
    ComboFix-quarantined-files.txt 2009-12-19 07:06
    ComboFix2.txt 2009-12-18 12:36
    ComboFix3.txt 2009-12-17 13:14
    ComboFix4.txt 2009-12-17 02:03

    Pre-Run: 92,688,785,408 bytes free
    Post-Run: 92,757,532,672 bytes free

    - - End Of File - - 042B60D369BD20386C14ABAE30912621
     
    quasarn01,
    #25
  7. 2009/12/19
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:08:25, on 12/19/2009
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\CISVC.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe
    C:\TOSHIBA\IVP\ISM\ivpsvmgr.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\explorer.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
    O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe "
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    O4 - Startup: Camera Assistant Software.lnk = ?
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: deskwx.weatherbug.com
    O15 - Trusted IP range: http://192.168.2.1
    O15 - ESC Trusted IP range: http://192.168.2.1
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 14388 bytes
     
    quasarn01,
    #26
  8. 2009/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Restart computer.

    ===============================================================

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ==============================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ==============================================================

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    ===========================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    - R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    - R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    - O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    - O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    - O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    - O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    - O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    - O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
    - O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    - O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
    - O4 - Startup: Camera Assistant Software.lnk = ?
    - O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)
    - O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - (no file)


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    - O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    - O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1226462707\ee\AOLSoftware.exe
    - O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    - O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    - O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [unless you have paid version]
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #27
  9. 2009/12/19
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:27:19, on 12/20/2009
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\RegCure\RegCure.exe
    C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Atomic Alarm\timeserv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\CISVC.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
    C:\TOSHIBA\IVP\ISM\pinger.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\TrojanHunter 5.2\THGuard.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Logitech\Logitech Vid\Vid.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\msfeedssync.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O3 - Toolbar: NuSphere ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: NuSphere PhpED :: Debug this page - res://C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll/1000
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: deskwx.weatherbug.com
    O15 - Trusted IP range: http://192.168.2.1
    O15 - ESC Trusted IP range: http://192.168.2.1
    O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255270777018
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1255271290635
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF997EB-6F7A-451D-9D31-8EA6F0A85A3E}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Atomic Alarm Clock Time (AtomicAlarmClock) - Unknown owner - C:\Program Files\Atomic Alarm\timeserv.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

    --
    End of file - 13492 bytes
     
    quasarn01,
    #28
  10. 2009/12/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Please, let me know, how is your computer doing.
     
    broni,
    #29
  11. 2009/12/19
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    All's done and everything seems to be back in order... I really do appreciate the help... I had been allowing my grandkids access to my laptop, however, from now on they'll just have to keep their hands off... Again thanks...
     
    quasarn01,
    #30
  12. 2009/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
    Merry Christmas :)
     
    broni,
    #31
  13. 2009/12/20
    quasarn01

    quasarn01 Inactive Thread Starter

    Joined:
    2009/12/14
    Messages:
    19
    Likes Received:
    0
    Back Atcha...
     
    quasarn01,
    #32
  14. 2009/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    :)...
     
    broni,
    #33
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...