TechSpot

Back again. I suspect a virus

Solved
By Klykyl
Mar 15, 2011
  1. A few nights ago I was told something about a boot sector crashing or something like that. But since then I have uninstalled a whole lot of programs since this is not my computer I don't know what has been done on here. This is the same computer I had cleaned a month or so ago. So can I also have links to some kind of like guide for smart computer use or something. I don't want to be here a month from now again. I feel like I'm using up your guys time to much.

    I ran 2 Malwarebytes scans
    --
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6008

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/10/2011 10:23:25 PM
    mbam-log-2011-03-10 (22-23-25).txt

    Scan type: Full scan (C:\|D:\|E:\|G:\|I:\|J:\|K:\|L:\|M:\|)
    Objects scanned: 471821
    Time elapsed: 1 hour(s), 51 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Kyle\documents\my downloads\aviconvertersetup(1).exe (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Users\Kyle\documents\my downloads\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
    \
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6008

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/9/2011 10:35:28 PM
    mbam-log-2011-03-09 (22-35-28).txt

    Scan type: Quick scan
    Objects scanned: 225977
    Time elapsed: 30 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Kyle\AppData\Local\temp\icreinstall\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

    --

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-15 17:27:12
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000063 ST332062 rev.3.AD
    Running: u8p256cl.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kxkiipog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    ---

    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/3/2007 8:58:02 AM
    System Uptime: 3/15/2011 5:28:16 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY206
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 125.154 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 0.007 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT32) - 56 GiB total, 48.687 GiB free.
    G: is CDROM (CDFS)
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    M: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0001
    Service: tunmp
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Sansa Media Converter
    3ivx MPEG-4 5.0.3 (remove only)
    747Boeing_BCA Screen Saver
    777Boeing_BCA2 Screen Saver
    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Adobe Stock Photos 1.0
    Adobe® Photoshop® Album Starter Edition 3.2
    Akamai NetSession Interface
    Amazon MP3 Downloader 1.0.0+6
    Animoids
    AOL Mail and AIM Gadget
    AOL Registration
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Atomaders
    Avira AntiVir Personal - Free Antivirus
    Bejeweled 2 Deluxe
    Bejeweled 2 Deluxe 1.1
    Bejeweled Twist 1.0
    Belkin Wireless Driver
    Big Fish Games Client
    Bonjour
    Brain Train on the Go (remove only)
    Brother HL-2170W
    CCleaner
    CCScore
    Cisco Network Magic
    Comcast High-Speed Internet Install Wizard
    Conexant D850 PCI V.92 Modem
    Cook'n with Betty Crocker
    D3DX10
    Dell DataSafe Online
    Dell Printer Software Uninstall
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Desktop Doctor
    Digital Line Detect
    DivX Setup
    EA Download Manager
    EA Download Manager UI
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    FlipShare
    Games, Music, & Photos Launcher
    Garmin USB Drivers
    Garmin WebUpdater
    getPlus(R) for Adobe
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP My Display
    IRIScan 2
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Jewel Quest 3
    Junk Mail filter update
    Kodak EasyShare software
    LanUpdate
    LEGO Digital Designer
    Malwarebytes' Anti-Malware
    MediaBar 2.0
    Megaupload Toolbar
    Mesh Runtime
    Messenger Companion
    MetaFrame Presentation Server Client
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Flight Simulator 2004 A Century of Flight
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox (3.6.13)
    Mozilla Firefox (3.6.15)
    MP3 Player Recovery Tool
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Plugin 1.0
    Need for Speed Underground 2 Demo
    netbrdg
    Netgear Update Assistant
    NetWaiting
    Network Magic
    Nitto 1320 Legends Public Beta 0.9.12.8
    NVIDIA Drivers
    NVIDIANetworkDiagnostic
    OfotoXMI
    OGA Notifier 2.0.0048.0
    Paint Shop Pro 7 Anniversary Edition
    PlayStation(R)Network Downloader
    Product Documentation Launcher
    Project64 1.6
    Pure Networks Platform
    QLP 2002 Manuals
    Quicken Lawyer 2002 Personal Deluxe
    QuickTime
    Readiris Pro 11
    RealArcade
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Registry Mechanic 8.0
    Revo Uninstaller 1.91
    Revo Uninstaller Pro 2.5.1
    Rhapsody
    Rhapsody MP3 Download Manager
    Rhapsody Player Engine
    Roblox for Kyle
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    RTC Client API v1.2
    Safari
    Samsung CLP-310 Series
    SDK
    Secunia PSI (2.0.0.3001)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Sonic Activation Module
    Spelling Dictionaries Support For Adobe Reader 9
    staticcr
    Stunt Track Driver
    SUPERAntiSpyware Free Edition
    The Sims 2 HomeCrafter Plus
    The Sims™ 2 Apartment Life
    The Sims™ 2 Best of Business Collection
    The Sims™ 2 Double Deluxe
    The Sims™ 2 IKEA® Home Stuff
    The Sims™ 2 Seasons
    The Weather Channel Desktop 6
    TVersity Codec Pack 1.4
    TVersity Media Server 1.9.3
    TVersitybar Toolbar
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    URL Assistant
    User's Guides
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    VoiceOver Kit
    VPRINTOL
    Wal-Mart Music Downloads Store
    WebEx
    WebEx Support Manager for Internet Explorer
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    WinRAR archiver
    WIRELESS
    Yahoo! Toolbar
    .
    ==== End Of File ===========================

    --
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Kyle at 17:34:39.54 on Tue 03/15/2011
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2130 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\ProgramData\TVersity\Media Server\MediaServer.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Netgear Update Assistant\LANUpdate.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iriscn2i\bmanm12.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Brownie\BrStsWnd.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Registry Mechanic\RMTray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\ehome\ehmsas.exe
    c:\program files\real\realplayer\RealPlay.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchProtocolHost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kyle\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.bearshare.com/
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
    TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [BearShare] "c:\program files\bearshare applications\bearshare\BearShare.exe" --lightmode
    uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [Megakey] c:\users\kyle\appdata\local\megamedia\megakey\Megakey.exe /Tray
    uRun: [MegakeyUpdater] c:\users\kyle\appdata\local\megamedia\megakey\MegakeyUpdater.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [AdobeUpdater] c:\program files\common files\adobe\updater\AdobeUpdater.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [HostManager] c:\program files\common files\aol\1187236095\ee\AOLSoftware.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [LanUpdate] "c:\program files\netgear update assistant\LanUpdate.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [IRIScan 2 button manager] "c:\program files\iriscn2i\bmanm12.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boeing.webex.com/client/T27L10NSP11_PSOBOEING/webex/ieatgpc1.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\mw7j842y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
    FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
    FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
    FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-6-14 4608]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 61960]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-8 39272]
    .
    =============== Created Last 30 ================
    .
    2011-03-11 07:43:35 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{45fa31e0-bd0f-4b3e-b3e9-7aa625124624}\mpengine.dll
    2011-03-10 07:58:46 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-03-10 04:59:06 -------- d-----w- c:\program files\iPod
    2011-03-09 14:15:37 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 14:15:37 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 14:15:37 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 14:15:37 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 14:15:33 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 14:15:33 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-03 04:51:33 -------- d-----w- C:\divx
    2011-02-28 07:30:35 -------- d-----w- c:\program files\common files\PX Storage Engine
    2011-02-28 07:29:50 -------- d-----w- c:\program files\common files\DivX Shared
    2011-02-28 07:29:15 -------- d-----w- c:\program files\DivX
    2011-02-28 07:28:56 -------- d-----w- c:\progra~2\DivX
    2011-02-27 05:28:49 -------- d-----w- c:\users\kyle\appdata\local\BuildAGadget Content
    2011-02-27 04:53:39 -------- d-----w- c:\users\kyle\appdata\roaming\Azureus
    2011-02-22 05:29:02 -------- d-----w- c:\program files\TVersitybar
    2011-02-22 05:27:18 -------- d-----w- c:\program files\TVersity Codec Pack
    2011-02-22 05:26:59 -------- d-----w- c:\progra~2\TVersity
    2011-02-19 08:14:09 -------- d-----w- c:\users\kyle\roblox decals
    2011-02-19 00:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-16 03:22:06 -------- d-----w- c:\users\kyle\appdata\roaming\MegauploadToolbar
    2011-02-16 03:22:06 -------- d-----w- c:\program files\MegauploadToolbar
    2011-02-15 02:03:58 -------- d-----w- c:\program files\Search Toolbar
    2011-02-15 02:03:49 -------- d-----w- c:\program files\FoxTabAVIConverter
    2011-02-15 01:03:13 -------- d-----w- c:\program files\Animoids
    2011-02-15 01:01:23 -------- d--h--w- c:\program files\Zero G Registry
    2011-02-15 01:00:29 -------- d-----w- c:\users\kyle\Zero G Registry
    .
    ==================== Find3M ====================
    .
    2011-02-06 04:25:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-06 04:25:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 17:39:30.20 ===============
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Well, I'd welcome you back, but you'd probably rather not be here! But based on some of your comments, I'll make a couple of my own!

    1. This computer was cleaned a month ago.
    2. A boot sector crash doesn't mean malware.
    3. A lot of program have been uninstalled> like what? And why/
    4. He has his Start page loading uStart Page = hxxp://search.bearshare.com/> a fairly nasty file sharing program.
    5. He's loading and running c:\users\kyle\appdata\roaming\Azureus, another file haring program
    6. Hr has several plugins for Firefox 6 Beta 4, which I believe is not out on Final Release.
    7. There is a Toolbar on the system, Search Toolbar which comes from zugo.com, bundled with various third party applications - detected by Malwarebytes' Anti-Malware as Adware.Zugo - It is referred to as "potentially unwanted program" (PUP) or foistwareThis software is not a virus or a Trojan. Moist Foistware is bundled with another unrelated program. Some are prechecked on the download screen, but basically they are downloaded without the users permission or knowledge.

    From #4, all are vulnerabilities to the system. Unless he makes some changes, he is never going to be without malware.
    ==================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===========================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    You're not using too much of our time, but the big problem here is that it's not your computer so basically that can mean you don't really know what the user is doing.

    Do you have any malware related problems- other than you mention about a boot sector problem?
     
  3. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Alrighty sorry for the delay I', participating in a competition on a website that is very demanding.

    Okay I have some what of a clue what he is doing on this computer, he is doing alot of downloading. I don't know exactly what but stuff for his sims program and videos and whatnot. And he's recently gotten into downloading movies online which I put a stop to immediatly. Like he tried downloading frostwire on a different computer which I uninstalled immediatly as soon as i saw it.

    And I know bearshare isn't something wanted on this computer so I deleted a good while ago but I could never get rid of that tool bar.

    But I've been uninstalling unnecessary programs. That i know he doesn't need and he doesn't fully comprehend what he is downloading because he's a 14 year old boy who doesn't read.
    So heres some of the things I've uninstalled.
    Sciagaj.org
    vuse
    MegaKey
    Wefi (I still don't have a clue what this is or why it's there)
    Tversity
    MojoPac
    iLivid
    Bflix
    7z SFX
    --
    Also what worried me about this computer was my malwarebytes program was corrupt and I had to reinstall it. And my google searches differed from the same search of a computer in the same room. I also think a few of my searches redirected. SOrry but my memory is fuzzy this was like a week and a half ago. But anyways I suppose those difference in results could be from all the different tool bars he had.

    Anyways here are the logs!

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=851cdfd32d942f4eadc68298b7666803
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-16 06:22:14
    # local_time=2011-03-15 11:22:14 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1797 16775165 100 100 0 75024313 120881 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 100 0 136857677 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=260156
    # found=1
    # cleaned=0
    # scan_time=6385
    C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I


    ComboFix 11-03-18.01 - Kyle 03/18/2011 14:42:21.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.1524 [GMT -7:00]
    Running from: c:\users\Kyle\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\programdata\ntuser.dat
    c:\programdata\PCDr\5744\Downloads\ceb06396-ae9d-42b7-a00f-867e3e8710fd.dll
    c:\programdata\PCDr\5744\Downloads\fb37c43e-fc6b-476d-8936-e95ecdba3cf7.dll
    c:\users\Deborah\ntuser.pol
    c:\users\Kelly x3\ntuser.pol
    c:\users\Kyle\ntuser.pol
    c:\users\Lawrence\ntuser.pol
    c:\users\Mcx1\ntuser.pol
    F:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Lawrence\AppData\Local Settings\Roaming\temp
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Deborah\AppData\Local\temp
    2011-03-18 21:39 . 2011-03-18 21:39 -------- d-----w- C:\32788R22FWJFW
    2011-03-18 13:47 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F422C40-602D-42A8-9A38-71462E57267B}\mpengine.dll
    2011-03-16 04:31 . 2011-03-16 04:31 -------- d-----w- c:\program files\ESET
    2011-03-10 07:58 . 2011-03-12 02:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-03-10 04:59 . 2011-03-10 04:59 -------- d-----w- c:\program files\iPod
    2011-03-09 14:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 14:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 14:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 14:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 14:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 14:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 14:42 . 2011-03-08 14:42 -------- d-----w- c:\users\Deborah\AppData\Roaming\MEGAUPLOADTOOLBAR
    2011-03-04 21:00 . 2011-03-04 21:00 -------- d-----w- c:\users\Lawrence\AppData\Local\DDMSettings
    2011-03-03 04:51 . 2011-03-09 03:41 -------- d-----w- C:\divx
    2011-02-28 22:29 . 2011-03-03 02:54 -------- d-----w- c:\users\Lawrence\AppData\Roaming\Azureus
    2011-02-28 07:31 . 2011-03-03 04:51 -------- d-----w- c:\users\Kyle\AppData\Roaming\DivX
    2011-02-28 07:30 . 2011-02-28 07:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2011-02-28 07:29 . 2011-02-28 07:29 -------- d-----w- c:\program files\Common Files\DivX Shared
    2011-02-28 07:29 . 2011-02-28 07:32 -------- d-----w- c:\program files\DivX
    2011-02-28 07:28 . 2011-02-28 07:32 -------- d-----w- c:\programdata\DivX
    2011-02-27 05:28 . 2011-02-27 05:28 -------- d-----w- c:\users\Kyle\AppData\Local\BuildAGadget Content
    2011-02-27 04:53 . 2011-02-28 06:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\Azureus
    2011-02-22 05:29 . 2011-02-22 05:29 -------- d-----w- c:\program files\TVersitybar
    2011-02-22 05:27 . 2011-02-22 05:27 -------- d-----w- c:\program files\TVersity Codec Pack
    2011-02-22 05:26 . 2011-02-22 05:26 -------- d-----w- c:\programdata\TVersity
    2011-02-19 08:14 . 2011-02-19 08:14 -------- d-----w- c:\users\Kyle\roblox decals
    2011-02-19 00:36 . 2011-02-19 00:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-19 00:36 . 2011-02-19 00:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-17 00:29 . 2009-09-26 17:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-10 05:16 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-06 04:25 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-06 04:25 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-03 01:11 . 2011-02-04 03:18 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:37 . 2011-02-08 23:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-08 23:34 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-08 23:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-08 23:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-08 23:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-08 23:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-08 23:34 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-08 23:34 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-08 23:34 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-08 23:34 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-08 23:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-08 23:34 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-08 23:34 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-08 23:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-08 23:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-08 23:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-08 23:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-08 23:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24 . 2011-02-08 23:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-08 23:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-08 23:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-08 23:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-08 23:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-08 23:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-08 23:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-08 23:34 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44 . 2011-02-08 23:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44 . 2011-02-08 23:34 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47 . 2011-02-08 23:33 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-08 23:33 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57 . 2011-02-08 23:34 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55 . 2011-01-12 04:56 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-22 09:06 . 2010-12-22 09:06 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-12-21 02:09 . 2009-09-27 04:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 02:08 . 2009-09-27 04:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
    .
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    2010-10-10 23:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
    .
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
    .
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    .
    c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
    backup=c:\windows\pss\ymetray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
    path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
    backup=c:\windows\pss\AOL Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
    2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
    2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
    R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - PCDSRVC{E9D79540-57D5953E-06020101}_0
    *Deregistered* - PCDSRVC{E9D79540-57D5953E-06020101}_0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]
    .
    2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
    .
    2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
    .
    2011-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-03-18 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.bearshare.com/
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
    FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mw7j842y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
    FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
    FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    HKCU-Run-BearShare - c:\program files\BearShare Applications\BearShare\BearShare.exe
    HKCU-Run-Megakey - c:\users\Kyle\AppData\Local\Megamedia\Megakey\Megakey.exe
    HKCU-Run-MegakeyUpdater - c:\users\Kyle\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-18 15:35
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\Kyle\AppData\Local\Temp\catchme.dll 53248 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    Completion time: 2011-03-18 16:03:01
    ComboFix-quarantined-files.txt 2011-03-18 23:02
    .
    Pre-Run: 125,017,178,112 bytes free
    Post-Run: 125,661,233,152 bytes free
    .
    - - End Of File - - 13ABA18DAC0782BCBBB3C1F5D73654F5
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry- I got a bit behind!

    First off- are you using a flash drive? There is a deletion in Combofix that indicates you are. You can also clean other removable drives, if needed, at the same time. If so, run it through the following:

    These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    I'm finishing setting up some script for you to run through Combofix. Do you want me to remove entries for the file sharing and any left 'over I see from the programs you removed?
     
  5. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    It's okay! Like I said I'm in a competition thats eats up my time.
    Okay ill run this but do microsd cards that have been in the computer need to be scanned to or no?


    And yes, can you please have the left overs removed? Especially those file sharing entries. :)

    edit: oh and i dont know if this is of any concern but I was downloading a addon earlier and this popped up with avira not to long afterward.
    Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
    detected in file 'C:\Users\Deborah\AppData\Local\temp\EAD1290.exe.
    Action performed: Deny access
    Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
    detected in file 'C:\Users\Deborah\AppData\Local\temp\EAD1290.exe.
    Action performed: Deny access
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run the Eset scan again:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    There was one entry I was going to have you remove. If there is anything new, I should see it here. It would be beset if he doesn't download anything new while I'm trying to clean the system.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\program files\common files\Symantec Shared
    c:\users\Lawrence\AppData\Roaming\Azureus
    c:\users\Kyle\AppData\Roaming\Azureus
    DDS::
    uStart Page = hxxp://search.bearshare.com/
    uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
    TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    uRun: [BearShare] "c:\program files\bearshare applications\bearshare\BearShare.exe" --lightmode
    uRun: [Megakey] c:\users\kyle\appdata\local\megamedia\megakey\Megakey.exe /Tray
    uRun: [MegakeyUpdater] c:\users\kyle\appdata\local\megamedia\megakey\MegakeyUpdater.exe
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"=- 
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66bd2442-241b-44cd-8c7a-b51037053cdb}"=- 
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66BD2442-241B-44CD-8C7A-B51037053CDB}"=- 
    [HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    Extras::
    File::
    c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
    Firefox::
    Firefox-: - Profile - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\mw7j842y.default\
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I've moved as many processes as I recognized from your uninstalls.
    The Firefox Extensions needs to be opened and the following Java removed: Jave v6u16, v6u20, v6u22
    NOTE: Java updates do not have to be added to Firefox extensions. Be sure the most current version is on the system: Check this site .Java Updates Current is v6u24. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    The following Firefox Extension also need to be removed:
    Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

    I'll have you clean the Eset entry after I see the log from the new scan.
     
  8. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    alright I tried running that disenfect thing and it just wouldnt pop up when i clicked it I tried a few times.
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=851cdfd32d942f4eadc68298b7666803
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-16 06:22:14
    # local_time=2011-03-15 11:22:14 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1797 16775165 100 100 0 75024313 120881 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 100 0 136857677 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=260156
    # found=1
    # cleaned=0
    # scan_time=6385
    C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=851cdfd32d942f4eadc68298b7666803
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-03-24 01:36:49
    # local_time=2011-03-23 06:36:49 (-0800, Pacific Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1797 16775165 100 100 0 75697014 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 100 12409 137530378 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=292943
    # found=1
    # cleaned=0
    # scan_time=7758
    C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I


    ---

    ComboFix 11-03-23.04 - Kyle 03/23/2011 19:10:08.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2167 [GMT -7:00]
    Running from: c:\users\Kyle\Downloads\ComboFix.exe
    Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll"
    "c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll"
    "c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll"
    "c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll"
    "c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~1\megaup~2\MEGAUP~1.DLL
    c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
    c:\program files\common files\Symantec Shared
    c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
    c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
    c:\program files\tversitybar\tbTVer.dll
    c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    c:\users\Kyle\AppData\Roaming\Azureus
    c:\users\Kyle\AppData\Roaming\Azureus\.certs
    c:\users\Kyle\AppData\Roaming\Azureus\.keystore
    c:\users\Kyle\AppData\Roaming\Azureus\.lock
    c:\users\Kyle\AppData\Roaming\Azureus\azureus.config
    c:\users\Kyle\AppData\Roaming\Azureus\azureus.config.bak
    c:\users\Kyle\AppData\Roaming\Azureus\azureus.statistics
    c:\users\Kyle\AppData\Roaming\Azureus\azureus.statistics.bak
    c:\users\Kyle\AppData\Roaming\Azureus\cache\-355833786.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\-636886948.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\1348866851.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\1734918254.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\1737934631.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\206891298.ico
    c:\users\Kyle\AppData\Roaming\Azureus\cache\569002433.ico
    c:\users\Kyle\AppData\Roaming\Azureus\devices.config
    c:\users\Kyle\AppData\Roaming\Azureus\devices.config.bak
    c:\users\Kyle\AppData\Roaming\Azureus\devices\a5d7869e-1ab9-6098-fef9-88476d988455.dat
    c:\users\Kyle\AppData\Roaming\Azureus\dht\addresses.dat
    c:\users\Kyle\AppData\Roaming\Azureus\dht\contacts.dat
    c:\users\Kyle\AppData\Roaming\Azureus\dht\diverse.dat
    c:\users\Kyle\AppData\Roaming\Azureus\dht\version.dat
    c:\users\Kyle\AppData\Roaming\Azureus\downloads.config
    c:\users\Kyle\AppData\Roaming\Azureus\downloads.config.bak
    c:\users\Kyle\AppData\Roaming\Azureus\ipfilter.cache
    c:\users\Kyle\AppData\Roaming\Azureus\logs\debug_1.log
    c:\users\Kyle\AppData\Roaming\Azureus\logs\Plugin Update_1.log
    c:\users\Kyle\AppData\Roaming\Azureus\metasearch.config
    c:\users\Kyle\AppData\Roaming\Azureus\metasearch.config.bak
    c:\users\Kyle\AppData\Roaming\Azureus\net\pm_33650.dat
    c:\users\Kyle\AppData\Roaming\Azureus\net\pm_default.dat
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\plugin.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\plugin_install.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\android_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV2.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_320.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_400.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_480x320.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_480x360.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Boxee_h264_720p.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Browser.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\devicelist.csv
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_directTV.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_h264_480p.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_h264_720p.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_mp4.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_1024x600_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_160x128_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_220x176_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_320x240_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_400x240_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_480x320_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_640x360_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_800x480_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_800x480_LQ_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_856x480_generic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPad.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone4.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodClassic.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodNano.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodTouch.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\LG_DMP_h264_720p.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-default.ffpreset
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipad.ffpreset
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipod640.ffpreset
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_HD.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_SD.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PSP.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\samsung_sgh-t959.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\samsung_sgh-t959_card.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_BluRay_Player.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_Bravia.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_Bravia_16-9.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_InternetTV_h264_720p.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\TiVo_HD.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Wii.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_HD.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_SD.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Zen.properties
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.7.2.jar
    c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.7.2.zip
    c:\users\Kyle\AppData\Roaming\Azureus\sidebarauto.config
    c:\users\Kyle\AppData\Roaming\Azureus\tables.config
    c:\users\Kyle\AppData\Roaming\Azureus\tables.config.bak
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU1778561098993647650.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU2364115000078785854.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU2477893825132718404.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4147122689535228570.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4321534706374544160.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4350709544634494390.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4699965962052597769.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5018616847872755251.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5369731145363840878.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU554039839922557836.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5964271044784106882.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU7073259769881982248.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU7830725853837656564.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU8734052951368668690.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU9180080896649617609.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU954140240891388422.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU3608869756757462139.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU7552754533994725594.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU8211178868350714330.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU8657926461577167651.tmp
    c:\users\Kyle\AppData\Roaming\Azureus\VuzeActivities.config
    c:\users\Kyle\AppData\Roaming\Azureus\xcodejobs.config
    c:\users\Kyle\AppData\Roaming\Azureus\xcodejobs.config.bak
    c:\users\Lawrence\AppData\Roaming\Azureus
    c:\users\Lawrence\AppData\Roaming\Azureus\.certs
    c:\users\Lawrence\AppData\Roaming\Azureus\.keystore
    c:\users\Lawrence\AppData\Roaming\Azureus\.lock
    c:\users\Lawrence\AppData\Roaming\Azureus\azureus.config
    c:\users\Lawrence\AppData\Roaming\Azureus\azureus.config.bak
    c:\users\Lawrence\AppData\Roaming\Azureus\azureus.statistics
    c:\users\Lawrence\AppData\Roaming\Azureus\azureus.statistics.bak
    c:\users\Lawrence\AppData\Roaming\Azureus\devices.config
    c:\users\Lawrence\AppData\Roaming\Azureus\devices.config.bak
    c:\users\Lawrence\AppData\Roaming\Azureus\dht\addresses.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\dht\contacts.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\dht\diverse.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\dht\version.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\downloads.config
    c:\users\Lawrence\AppData\Roaming\Azureus\downloads.config.bak
    c:\users\Lawrence\AppData\Roaming\Azureus\ipfilter.cache
    c:\users\Lawrence\AppData\Roaming\Azureus\logs\debug_1.log
    c:\users\Lawrence\AppData\Roaming\Azureus\logs\Plugin Update_1.log
    c:\users\Lawrence\AppData\Roaming\Azureus\metasearch.config
    c:\users\Lawrence\AppData\Roaming\Azureus\metasearch.config.bak
    c:\users\Lawrence\AppData\Roaming\Azureus\net\pm_33650.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\net\pm_default.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
    c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
    c:\users\Lawrence\AppData\Roaming\Azureus\sidebarauto.config
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU1132088417804163158.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU256236340827781327.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU3169371554525113763.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU3482766534707194187.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU5312978799117572369.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU5918946887469331866.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU6027605154609805850.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU7197483561679179391.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU7679101338222980639.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8627739579258120343.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8812842383438595828.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8963289841605882432.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU9104025744595597831.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU3011071094651982753.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU6678209823951935209.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU8353882587423751505.tmp
    c:\users\Lawrence\AppData\Roaming\Azureus\VuzeActivities.config
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Public\AppData\Local\temp
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Lawrence\AppData\Local\temp
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Lawrence\AppData\Local Settings\Roaming\temp
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
    2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-23 22:18 . 2011-03-23 22:18 -------- d-----w- c:\program files\iPod
    2011-03-22 20:09 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-22 20:09 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-22 20:09 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-22 20:00 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EC3B66F-D62D-4806-8404-CAF9BD3B73D0}\mpengine.dll
    2011-03-21 04:55 . 2011-03-21 04:55 -------- d-----w- c:\users\Kyle\AppData\Local\DDMSettings
    2011-03-19 04:47 . 2011-03-19 04:47 -------- d-----w- c:\windows\Sun
    2011-03-19 02:58 . 2011-03-19 02:58 -------- d-----w- c:\programdata\Roblox
    2011-03-19 02:58 . 2011-03-19 02:58 -------- d-----w- c:\program files\Roblox
    2011-03-18 23:03 . 2011-03-24 02:18 -------- d-----w- c:\users\Deborah\AppData\Local\temp
    2011-03-16 04:31 . 2011-03-16 04:31 -------- d-----w- c:\program files\ESET
    2011-03-09 14:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 14:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 14:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 14:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 14:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 14:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 14:42 . 2011-03-08 14:42 -------- d-----w- c:\users\Deborah\AppData\Roaming\MEGAUPLOADTOOLBAR
    2011-03-04 21:00 . 2011-03-04 21:00 -------- d-----w- c:\users\Lawrence\AppData\Local\DDMSettings
    2011-03-03 04:51 . 2011-03-09 03:41 -------- d-----w- C:\divx
    2011-02-28 07:31 . 2011-03-03 04:51 -------- d-----w- c:\users\Kyle\AppData\Roaming\DivX
    2011-02-28 07:30 . 2011-02-28 07:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2011-02-28 07:29 . 2011-02-28 07:29 -------- d-----w- c:\program files\Common Files\DivX Shared
    2011-02-28 07:29 . 2011-02-28 07:32 -------- d-----w- c:\program files\DivX
    2011-02-28 07:28 . 2011-02-28 07:32 -------- d-----w- c:\programdata\DivX
    2011-02-27 05:28 . 2011-02-27 05:28 -------- d-----w- c:\users\Kyle\AppData\Local\BuildAGadget Content
    2011-02-22 05:29 . 2011-03-24 02:17 -------- d-----w- c:\program files\TVersitybar
    2011-02-22 05:27 . 2011-02-22 05:27 -------- d-----w- c:\program files\TVersity Codec Pack
    2011-02-22 05:26 . 2011-02-22 05:26 -------- d-----w- c:\programdata\TVersity
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-17 00:29 . 2009-09-26 17:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-03-10 05:16 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-19 00:36 . 2011-02-19 00:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-19 00:36 . 2011-02-19 00:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-06 04:25 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-06 04:25 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-03 01:11 . 2011-02-04 03:18 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:37 . 2011-02-08 23:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-08 23:34 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-08 23:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-08 23:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-08 23:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-08 23:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-08 23:34 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-08 23:34 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-08 23:34 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-08 23:34 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-08 23:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-08 23:34 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-08 23:34 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-08 23:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-08 23:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-08 23:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-08 23:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-08 23:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-08 23:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-08 23:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-08 23:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-08 23:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-08 23:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-08 23:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-08 23:34 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-08 08:47 . 2011-02-08 23:33 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-08 23:33 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57 . 2011-02-08 23:34 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55 . 2011-01-12 04:56 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
    "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
    "LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
    backup=c:\windows\pss\ymetray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
    path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
    backup=c:\windows\pss\AOL Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
    2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
    2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
    R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
    S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - CFCATCHME
    *Deregistered* - CFcatchme
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    Akamai REG_MULTI_SZ Akamai
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
    .
    2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
    .
    2011-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
    .
    2011-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
    .
    2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
    FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mw7j842y.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
    FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
    FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
    FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
    FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
    FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
    FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-23 19:22
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    Completion time: 2011-03-23 19:25:19
    ComboFix-quarantined-files.txt 2011-03-24 02:25
    ComboFix2.txt 2011-03-18 23:03
    .
    Pre-Run: 138,453,549,056 bytes free
    Post-Run: 138,751,664,128 bytes free
    .
    - - End Of File - - B68AC5EA2D22881364865632FDFFF9C2
     
  9. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Avira scanned today and found 7 things. we haven't downloading anything but looks like it flagged that disinfecting program thing
    Heres the log./


    Avira AntiVir Personal
    Report file date: Thursday, March 24, 2011 12:00

    Scanning for 2529438 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : FAMILY_ROOM_2PC

    Version information:
    BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/9/2010 05:38:24
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 10:25:20
    LUKE.DLL : 10.0.3.2 104296 Bytes 12/9/2010 05:38:25
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:15:54
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:43:01
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:34:17
    VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 11:34:17
    VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 11:34:18
    VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 11:34:18
    VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 11:34:18
    VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 11:34:18
    VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 11:34:18
    VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 11:34:19
    VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 11:34:19
    VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 11:34:19
    VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 11:34:19
    VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 11:32:20
    VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 03:35:31
    VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 03:35:50
    VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 23:59:09
    VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 23:58:59
    VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 06:18:03
    VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 02:57:31
    VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 02:58:25
    VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 05:29:00
    VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 06:26:18
    VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 00:28:54
    VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 00:28:54
    VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 01:53:35
    VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 02:37:14
    VBASE027.VDF : 7.11.5.39 2048 Bytes 3/23/2011 02:37:14
    VBASE028.VDF : 7.11.5.40 2048 Bytes 3/23/2011 02:37:14
    VBASE029.VDF : 7.11.5.41 2048 Bytes 3/23/2011 02:37:14
    VBASE030.VDF : 7.11.5.42 2048 Bytes 3/23/2011 02:37:14
    VBASE031.VDF : 7.11.5.57 78336 Bytes 3/24/2011 11:48:22
    Engineversion : 8.2.4.188
    AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 05:01:05
    AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/18/2011 10:20:28
    AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 05:38:25
    AESBX.DLL : 8.1.3.2 254324 Bytes 11/23/2010 05:38:26
    AERDL.DLL : 8.1.9.8 639346 Bytes 3/17/2011 00:29:06
    AEPACK.DLL : 8.2.4.12 520567 Bytes 3/17/2011 00:29:03
    AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/8/2011 02:57:36
    AEHEUR.DLL : 8.1.2.87 3371383 Bytes 3/18/2011 10:20:24
    AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 04:04:29
    AEGEN.DLL : 8.1.5.3 397684 Bytes 3/18/2011 10:20:05
    AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 05:38:20
    AECORE.DLL : 8.1.19.2 196983 Bytes 2/4/2011 04:04:28
    AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 10:25:56
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
    AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 10:24:24
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/9/2010 05:38:25
    AVARKT.DLL : 10.0.22.6 231784 Bytes 12/9/2010 05:38:23
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 10:24:23

    Configuration settings for the scan:
    Jobname.............................: Local Hard Disks
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, F:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,

    Start of the scan: Thursday, March 24, 2011 12:00

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'LogonUI.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'mobsync.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'psi_tray.exe' - '1' Module(s) have been scanned
    Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
    Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
    Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'bmanm12.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'nmapp.exe' - '1' Module(s) have been scanned
    Scan process 'nmctxth.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'SSMMgr.exe' - '1' Module(s) have been scanned
    Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
    Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
    Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'Dwm.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'sua.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
    Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
    Scan process 'PSIA.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'FlipShareService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'atashost.exe' - '1' Module(s) have been scanned
    Scan process 'AOLAcsd.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'AERTSrv.exe' - '1' Module(s) have been scanned
    Scan process 'ACService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!
    Master boot sector HD5
    [INFO] No virus was found!
    Master boot sector HD6
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1921' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nppl3260.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprpjplug.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    C:\Users\Kyle\Desktop\Flash_Disinfector.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

    [0] Archive type: RAR SFX (self extracting)
    --> nircmd.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
    C:\Users\Kyle\Downloads\Flash_Disinfector.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

    [0] Archive type: RAR SFX (self extracting)
    --> nircmd.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
    Begin scan in 'D:\' <RECOVERY>
    Begin scan in 'F:\' <WD Passport>

    Beginning disinfection:
    C:\Users\Kyle\Downloads\Flash_Disinfector.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
    [NOTE] The file was moved to the quarantine directory under the name '482213ef.qua'.
    C:\Users\Kyle\Desktop\Flash_Disinfector.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
    [NOTE] The file was moved to the quarantine directory under the name '50b53c48.qua'.
    C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '02e766ac.qua'.
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprpjplug.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '64cc296e.qua'.
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '21480450.qua'.
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nppl3260.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5e553631.qua'.
    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '12ef1a7b.qua'.


    End of the scan: Thursday, March 24, 2011 14:25
    Used time: 2:01:35 Hour(s)

    The scan has been done completely.

    43082 Scanned directories
    871462 Files were scanned
    7 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    7 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    871455 Files not concerned
    4928 Archives were scanned
    0 Warnings
    7 Notes
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Avira scan is OK- this is a legitimate part of the flash disinfector: I suggest you delete the entries from Avira, uninstall the current Flash Disinfector, download it again, disable Avira before running the scan. It's possible that Avira is removing necessary processes to run the scan.
    C:\Users\Kyle\Downloads\Flash_Disinfector.exe>>APPL/NirCmd.2 application

    Qoobox is where Combofix puts the qurantined files.C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan

    No new or bad entries found.
    =========================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Program Files\FoxTabAVIConverter\AviConverter.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    IF you did not reboot the computer, do it now.
    Empty the Recycle Bin.
    ========================================
    Remove outdated Java plugin files from the Firefox plugins folder:
    Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
    1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
    2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
    3. Select each Java plugin listed to make sure that all are enabled.
    4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
    5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
    C:\Program Files\Mozilla Firefox\plugins
    Java files from older versions in the Firefox plugins folder can prevent Java from working correctly.

    Please remove Java v6u16, Java v6u17, Java v6u20, Java v6u22
    If you have any of these versions in Add/Remove Programs.
    lease update to the current v6u24: Java Updates
    Reminder: you do not have to add a separate plugin to Java when you update the OS.
     
  11. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    All processes killed
    ========== FILES ==========
    C:\Program Files\FoxTabAVIConverter\AviConverter.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Deborah
    ->Temp folder emptied: 86204 bytes
    ->Temporary Internet Files folder emptied: 636869 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 101259883 bytes
    ->Flash cache emptied: 1961 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kelly x3
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kyle
    ->Temp folder emptied: 1050022 bytes
    ->Temporary Internet Files folder emptied: 35582410 bytes
    ->Java cache emptied: 28363 bytes
    ->FireFox cache emptied: 103004011 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 7028 bytes

    User: Lawrence
    ->Temp folder emptied: 43444735 bytes
    ->Temporary Internet Files folder emptied: 67544519 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1421 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 169299 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78450 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 337.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03292011_165834

    Files moved on Reboot...
    File C:\Users\Deborah\AppData\Local\Temp\JET4F78.tmp not found!
    C:\Users\Lawrence\AppData\Local\Temp\CMLS--2011-03-29--16-58-59.log moved successfully.
    File C:\Users\Lawrence\AppData\Local\Temp\~DF51D1.tmp not found!
    File C:\Users\Lawrence\AppData\Local\Temp\~DF5E45.tmp not found!
    File C:\Users\Lawrence\AppData\Local\Temp\~DF5EA5.tmp not found!
    File C:\Users\Lawrence\AppData\Local\Temp\~DF627D.tmp not found!
    File C:\Users\Lawrence\AppData\Local\Temp\~DF6779.tmp not found!
    File C:\Users\Lawrence\AppData\Local\Temp\~DF6D3A.tmp not found!
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\01[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\openhand_8_8[1].bmp moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\Pug[1].gif moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\Pug[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\type_simple_nrmp-zoom-in[1].ico moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\fc[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\half_ebay_com[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifpc_relay[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifr[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifr[2].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\pixel[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OE5UST5W\home_header_frm[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\01[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\0[2].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\AdDisplayTrackerServlet[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\AdDisplayTrackerServlet[2].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\ae_12232010[1].html moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\build_creative[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\comcast_net[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\freq[1].html moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\hbpix[1].gif moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\IFrame[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\ifr[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\login_status[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\meta[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[1].gif moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[2].gif moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[3].gif moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\readyToDownload[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\01[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\ddc[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\dell[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\frame[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\freq[1].html moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\ifpc_relay[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\index[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[2].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[3].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\syncuppixels[1].html moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\world_news-asiapacific[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\aviationskills_com[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\data_sync[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ifpc_relay[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ifr[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ig[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\my_yahoo_com[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\theanimenetwork_com[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    File C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\6407052283[1].htm not found!
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\dell[1].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\home_header_frm[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\tcode_helix[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\ifpc_relay[1].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\load_v6[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\login[1].psp moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\mailhelixinbox160x600_adult[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\mailhelixrw728x90_adult[1].htm moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\tcodewads_at[1].htm moved successfully.
    File C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\2644527252[1].htm not found!
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[1].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[2].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[3].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[4].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ServiceLogin[1].txt moved successfully.
    C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\welcome_aol_com[1].txt moved successfully.
    C:\Windows\temp\WebEx\Log\323\atashost.log moved successfully.

    Registry entries deleted on Reboot...



    ---

    I will be on vacation from tomorrow till next wednesday.. Sorry for the late reply my internet competition finally ended.


    Oh and I still cant get that disenfectant to run and i've tried multiple times.
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, good. I'm running behind. Going to check out the flash disinft. Many having problems.

    Later
     
  13. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Back and refreshed from my trip to disney!

    I hope your not still running behind and hopefully there isnt to much left to do with this computer!
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I have to ask about something I just noticed. You mentioned that the system belonged to a 14 year old boy. But I see all these users:
    c:\users\Deborah\ntuser.pol
    c:\users\Kellyx3\ntuser.pol
    c:\users\Kyle\ntuser.pol
    c:\users\Lawrence\ntuser.pol
    c:\users\Mcx1\ntuser.pol


    So now I am puzzle!
     
  15. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    It's a shared computer or at least it was when we first bought it but he is for the most part the only one who uses it besides my dad. Deborah is my mom ( she has 2 other computers) Kelly is me (and I have my own computer) Kyle is the boy and lawrence is my dad..
    But I do not recognize Mcx1.. I've never seen it on the welcome screen..
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Guess you can tell I'm still running behind! Sorry. You are very patient.

    Account 'mystery' solved: MCX1 is user account used by the Xbox 360 to access the media on the PC. So if you still use Xbox 360, leave it. If you don't, go into the Control Panel> User Accounts and remove it.

    Are you still having the original problems?
     
  17. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Haha yes I can tell you are still running behind but I know how important it is to be patient I'm a mod on a forum and I know that it is greatly appreciated when people are patient. :)

    Alrighty, I'll leave that account then. I don't think the computer is having the original problem I haven't heard any complaints about any problems. SO is the computer all good now?
    And I do plan as soon as you give me the all clear to restrict the boys account and not allow him to download.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    How about a quick scan with the following?

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

    I'll check this log and if okay, I'll have you remove the cleaning tools.
    ==================================
    About these entries in the Avira scan: Sometimes, it can be unfortunate when the AV program takes an 'all or nothing' approach: For instance:

    C:\Users\Kyle\Desktop\Flash_Disinfector.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

    NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. http://www.nirsoft.net/utils/nircmd.html

    I like to use analogies: Think of a bomb-sniffing dog. If he gets near anything with explosives, he will wag and go in circles, telling his master that he found explosives. But consider this> If the explosives were contained in a legitimate package, (don't ask!) he would still wag and circle the same.

    The AV is telling you that this entry has a pattern sometimes seen in malware programs. But the same process, when used correctly in a legitimate program can be very acceptable.

    Another example: Qoobox holds the files and folders that were removed in Combofix. They are no longer active in the system. But the AV flags the original malware infections in the Qoobox that were removed in Combofix. It doesn't recognize that these are no longer active in the system.

    C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
    [DETECTION] Is the TR/Trash.Gen Trojan[NOTE] The file was moved to the quarantine directory under the name '21480450.qua'.

    This entry has actually already been quarantined. The original malware was no longer active in the system.

    Okay, lesson over. We'll finish up after the HJT log.
     
  19. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Just posting to say I haven't forgotten i've just been sick. Ill run the scan tonight.
     
  20. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Alright I'm always ready to learn and your little lesson was very understandable. So the stuff that was flagged in the last scan was not harmful at all. Oh goody.
    Now the long awaited log.
    --

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:11:55 PM, on 4/21/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19048)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Netgear Update Assistant\LANUpdate.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iriscn2i\bmanm12.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Brownie\BrStsWnd.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Registry Mechanic\RMTray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
    C:\Program Files\Dell Support Center\imstrayicon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Users\Kyle\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187236095\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [IRIScan 2 button manager] "C:\Program Files\iriscn2i\bmanm12.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [SacReminderHDDV2N] C:\ProgramData\Clickfree\C2NPlus\reminder\SacReminder.exe (User 'Lawrence')
    O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Lawrence')
    O4 - S-1-5-21-1464156989-3786269669-3921397701-1000 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Lawrence')
    O4 - S-1-5-21-1464156989-3786269669-3921397701-1000 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Lawrence')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.crucial.com/controls/cpcVistaBeta.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T27L10NSP11_PSOBOEING/webex/ieatgpc1.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1ca513fd70eb30) (gupdate1ca513fd70eb30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SacNetAgentService_C57C4F854F53 - Storage Appliance Corporation - C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 17243 bytes
     
  21. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    It's been almost a week.. is the computer ok?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry- I didn't get notice of your reply after you were sick. Hope all is better now.

    I reviewed all the log and the current HijackThis log. I do not seen any entries for malware. But what I do see is an extraordinary number of unecessary processes running. Considering what you've uninstalled and what has been removed, that is saying a lot.

    I would strongly recommend doing a reformat/reinstall. Don't ut anything back on the Startup Menu except the AV, firewall if there is a 3rd party one running, the Pure Magic processes (2 or 3), touchpad if laptop and nothing else.

    Review the Services on Black Viper's site and put any Service that doesn't need to start on boot on Manual Startup type. Some can also be disabled.
    ============================================
    If you're going to stick with it, Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Empty the Recycle Bin
    ===================================
    And here's some guidance you asked for:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast Free Version
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      [o] Temporary File Cleaner
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad links.
     
  23. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Alright sorry for the delayed response again I was celebrating my birthday and I'm sick again.

    Alright what do you mean about reformatting/ reinstall of the processes?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  25. Klykyl

    Klykyl TS Rookie Topic Starter Posts: 61

    Oh thank you :) And I'm always sick I hang out with elementary school kids.

    So by reformat/ Reinstall you mean start the system over again? This is the fastest moving computer we have second to our 5 day old laptop. I also don't trust myself in doing this we already have lost alot of data off a corrupt hard drive on the computer I'm using now.. So Can I just leave it? The computer moves very fast and start up doesn't take long at all.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.