TechSpot

Registry Infected

By chewchi
Sep 15, 2011
  1. Below is my report from using Malwarebytes' Anti-Malware
    hoping some one could help me safely remove and repair what is needed



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7723

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    9/15/2011 2:04:01 PM
    mbam-log-2011-09-15 (14-03-49).txt

    Scan type: Quick scan
    Objects scanned: 165271
    Time elapsed: 13 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 15
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
    HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\TYPELIB (Fake.Dropped.Malware) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} (Fake.Dropped.Malware) -> Value: {0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} (Fake.Dropped.Malware) -> Value: {0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lugapedutu (Trojan.Agent) -> Value: lugapedutu -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll be glad to help you, but you will need to start again!

    You did not check for Malwarebytes to remove the entries it finds- so all those entries say No Action Taken. You need to update Malwarebytes and scan again taking care to follow this:
    Then proceed with the rest of the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please include the new Mbam log.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. chewchi

    chewchi TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7721

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    9/15/2011 6:35:43 AM
    mbam-log-2011-09-15 (06-35-43).txt

    Scan type: Quick scan
    Objects scanned: 165073
    Time elapsed: 5 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 26
    Registry Values Infected: 9
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD4258A-7138-49C4-8D34-587879A5C7A4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BCC488-1AE7-11D4-AB82-0010A4EC2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000DA-0786-4633-87C6-1AA7A4429EF1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} (Fake.Dropped.Malware) -> Value: {0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Value: {0e1230f8-ea50-42a9-983c-d22abc2eeb4c} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Value: SystemCheck2 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    GMER 1.0.15.15641 - http://www.gmer.net

    Rootkit scan 2011-09-15 17:44:30
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK6037GSX rev.DL340D
    Running: fly7ygqb.exe; Driver: C:\Users\Doreen\AppData\Local\Temp\uxdirpow.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[360] ntdll.dll!LdrLoadDll 777B93A8 5 Bytes JMP 00041410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[360] USER32.dll!GetWindowInfo 765D428E 5 Bytes JMP 6FA592D0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[852] USER32.dll!SetWindowLongA 765CE7CD 5 Bytes JMP 6FC4A800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[852] USER32.dll!SetWindowLongW 765D13B4 5 Bytes JMP 6FC4A792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[852] USER32.dll!GetWindowInfo 765D428E 5 Bytes JMP 6FA5229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[852] USER32.dll!TrackPopupMenu 765E14F3 5 Bytes JMP 6FA52861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[1252] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0035A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[1252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0035A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \FileSystem\fastfat \Fat 9589AA7A

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_2011-08-26.01)
    - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by Doreen at 17:45:06 on 2011-09-15
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.130 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
    uWindow Title = Internet Explorer provided by Dell
    uSearch Bar =
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - ooVoo Toolbar
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.0.28\ips\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - Bing Bar BHO
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} -
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.0.28\coIEPlg.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    uRun: [Google Update] "c:\users\doreen\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTE5NTExNDY4LUIxLUtWMys3LVhLKzEtU1QxMkZPSSsxLUREVCswLVNUMTJBUFArMS1FVUxBKzE"&"prod=94"&"ver=2012.0.1796"&"mid=041b0578d2cb47d1846cd155656dcbf3-ec79430492988f0908e02d89066d457332c0680e
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7AE2123C-4806-429A-83F3-975E883F6620} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\doreen\appdata\roaming\mozilla\firefox\profiles\32h8sfh9.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf530ea3a-aa77-4abe-a522-7319a6af7e3f%7D&mid=041b0578d2cb47d1846cd155656dcbf3-ec79430492988f0908e02d89066d457332c0680e&ds=AVG&v=8.0.0.34&lang=en&pr=pr&d=2011-09-11%2015%3A58%3A55&sap=ku&q=
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\doreen\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\users\doreen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\doreen\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301000.01c\SymDS.sys [2011-9-13 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301000.01c\SymEFA.sys [2011-9-13 897656]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-29 148520]
    S0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-8-18 79052]
    S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20110909.001\BHDrvx86.sys [2011-9-9 816760]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301000.01c\ccSetx86.sys [2011-9-13 132744]
    S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20110914.031_db0\IDSvix86.sys [2011-9-15 368248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301000.01c\Ironx86.sys [2011-9-13 149624]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1301000.01c\symtdiv.sys [2011-9-13 344184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
    S2 gupdate;Google Update Service (gupdate); [x]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-15 366152]
    S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.0.28\ccSvcHst.exe [2011-9-13 138760]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-13 105592]
    S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-8-30 18768]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-12 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem); [x]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-15 22216]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-8-30 30600]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-8-30 19280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-8-30 328536]
    S4 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-8-30 820568]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-09-15 18:13:09 -------- d-----w- c:\program files\Free Window Registry Repair
    2011-09-15 12:42:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-15 12:12:27 -------- d-----w- c:\users\doreen\appdata\local\CrashDumps
    2011-09-15 11:44:16 -------- d-----w- c:\windows\ReadyBoot
    2011-09-15 11:28:21 -------- d-----w- c:\users\doreen\appdata\roaming\Malwarebytes
    2011-09-15 11:28:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-15 11:28:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-15 09:17:19 -------- d-----w- c:\users\doreen\appdata\local\ElevatedDiagnostics
    2011-09-15 09:16:04 -------- d-----w- C:\MATS
    2011-09-14 01:48:34 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-09-14 01:48:33 -------- d-----w- c:\program files\Symantec
    2011-09-14 01:47:13 897656 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\SymEFA.sys
    2011-09-14 01:47:13 344184 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\symtdiv.sys
    2011-09-14 01:47:13 314488 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\symnets.sys
    2011-09-14 01:47:12 566904 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\srtsp.sys
    2011-09-14 01:47:12 340088 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\SymDS.sys
    2011-09-14 01:47:12 31864 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\srtspx.sys
    2011-09-14 01:47:12 149624 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\Ironx86.sys
    2011-09-14 01:47:11 132744 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\ccSetx86.sys
    2011-09-14 01:45:33 2801 ----a-r- c:\windows\system32\drivers\nis\1301000.01c\SymVTcer.dat
    2011-09-14 01:45:31 -------- d-----w- c:\windows\system32\drivers\nis\1301000.01C
    2011-09-14 01:45:31 -------- d-----w- c:\windows\system32\drivers\NIS
    2011-09-14 01:45:26 -------- d-----w- c:\program files\Norton Internet Security
    2011-09-14 01:45:24 -------- d-----w- c:\programdata\Norton
    2011-09-14 01:44:45 -------- d-----w- c:\programdata\NortonInstaller
    2011-09-14 01:44:45 -------- d-----w- c:\program files\NortonInstaller
    2011-09-14 00:50:04 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b9ac2ad-88c0-4bd7-a1ab-32d0cd5add71}\mpengine.dll
    2011-09-11 21:01:19 -------- d-----w- c:\users\doreen\appdata\roaming\AVG2012
    2011-09-11 20:58:34 -------- d--h--w- c:\programdata\Common Files
    2011-09-11 20:53:37 -------- d-----w- c:\programdata\AVG2012
    2011-09-11 20:50:35 -------- d--h--w- C:\$AVG
    2011-09-11 20:23:12 -------- d-----w- c:\programdata\MFAData
    2011-09-11 09:48:18 -------- d--h--w- c:\windows\msdownld.tmp
    2011-09-11 09:48:11 -------- d-----w- c:\windows\system32\directx
    2011-09-11 08:27:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-09-11 08:27:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-09-11 08:27:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-09-11 08:27:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-09-11 08:27:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-09-11 08:27:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-09-11 08:27:30 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-09-11 07:58:38 -------- d-----w- c:\users\doreen\appdata\local\Solid State Networks
    2011-09-04 10:28:41 -------- d-----w- c:\program files\uTorrent
    2011-09-04 10:27:12 -------- d-----w- c:\users\doreen\appdata\roaming\uTorrent
    2011-09-04 10:27:12 -------- d-----w- c:\users\doreen\appdata\local\uTorrent
    2011-09-01 09:30:12 -------- d-----w- c:\program files\ooVoo
    2011-08-30 10:15:19 -------- d-----w- c:\users\doreen\appdata\local\Apps
    2011-08-30 08:25:38 -------- d-----w- c:\programdata\IObit
    2011-08-30 08:20:55 -------- d-----w- c:\users\doreen\appdata\roaming\IObit
    2011-08-30 08:20:48 -------- d-----w- c:\program files\IObit
    2011-08-30 07:27:40 -------- d-----w- c:\users\doreen\appdata\roaming\PC Cleaners
    2011-08-30 07:26:57 5366544 ----a-w- c:\windows\uninst.exe
    2011-08-30 07:26:39 -------- d-----w- c:\programdata\PC1Data
    2011-08-29 18:22:23 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-29 11:24:02 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-08-29 11:24:02 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-08-29 11:24:02 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-08-29 11:24:02 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-08-29 11:24:02 153088 ----a-w- c:\windows\system32\unrar3.dll
    2011-08-29 11:23:50 -------- d-----w- c:\users\doreen\appdata\roaming\Simply Super Software
    2011-08-29 11:23:50 -------- d-----w- c:\programdata\Simply Super Software
    2011-08-28 11:04:05 -------- d-----w- c:\users\doreen\appdata\local\Mozilla
    2011-08-24 12:59:40 -------- d-----w- c:\users\doreen\appdata\roaming\Dell
    2011-08-24 12:58:49 -------- d-----w- c:\programdata\PCDr
    2011-08-24 11:28:44 -------- d-----w- c:\users\doreen\appdata\roaming\PCDr
    2011-08-24 11:21:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 08:42:13 -------- d-----w- c:\programdata\AVAST Software
    .
    ==================== Find3M ====================
    .
    2011-09-03 10:18:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 10:05:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ============= FINISH: 17:46:44.43 ===============



    .

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/15/2007 1:42:25 PM
    System Uptime: 9/15/2011 4:24:51 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0UW744
    Processor: Mobile AMD Sempron(tm) Processor 3500+ | Socket M2/S1G1 | 1795/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 46 GiB total, 3.195 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 6.421 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1446: 9/13/2011 7:49:29 PM - Windows Update
    RP1447: 9/14/2011 8:27:33 AM - Scheduled Checkpoint
    RP1448: 9/15/2011 3:00:26 AM - Windows Update
    RP1449: 9/15/2011 7:28:53 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.8
    Advanced SystemCare 4
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center Ex
    ATI PCI Express (3GIO) Filter Driver
    Bing Bar Platform
    CL-Eye Driver
    Conexant HDA D110 MDC V.92 Modem
    D3DX10
    Dell DataSafe Online
    Dell Support Center
    Dell System Customization Wizard
    Dell Wireless WLAN Card
    DellSupport
    Digital Line Detect
    Driver Whiz
    Free Window Registry Repair
    Games, Music, & Photos Launcher
    getPlus(R) for Adobe
    Google Talk Plugin
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Internet Service Offers Launcher
    IObit Malware Fighter
    Java Auto Updater
    Java(TM) 6 Update 27
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    LG USB Modem driver
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware version 1.51.2.1300
    ManyCam 2.6.55 (remove only)
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Phone Data Manager (beta)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Web Publishing Wizard 1.52
    Microsoft Works
    Modem Diagnostic Tool
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    ooVoo
    Product Documentation Launcher
    Publish-iT 3.6
    QuickSet
    QuickTime
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio Update Manager
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3 USB Driver Installer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Segoe UI
    SigmaTel Audio
    Sonic Activation Module
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    URL Assistant
    User's Guides
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 8:15:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:12:53 PM on 9/9/2011 was unexpected.
    9/9/2011 5:47:35 PM, Error: EventLog [6008] - The previous system shutdown at 5:44:02 PM on 9/9/2011 was unexpected.
    9/15/2011 9:28:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007041d: Security Update for Windows Vista (KB2570947).
    9/15/2011 9:28:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    9/15/2011 9:28:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    9/15/2011 9:28:17 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/15/2011 9:24:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2533523).
    9/15/2011 9:15:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WcesComm service.
    9/15/2011 8:00:25 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUDDYEST03-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7AE2123C-4806-429A-83F3-975E. The master browser is stopping or an election is being forced.
    9/15/2011 7:25:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    9/15/2011 7:22:00 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    9/15/2011 7:22:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    9/15/2011 7:22:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    9/15/2011 7:22:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    9/15/2011 7:18:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.
    9/15/2011 7:17:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
    9/15/2011 7:17:10 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    9/15/2011 7:16:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    9/15/2011 7:14:33 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    9/15/2011 7:13:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS SRTSP
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Advanced SystemCare Service service to connect.
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/15/2011 7:11:54 AM, Error: Service Control Manager [7000] - The Advanced SystemCare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/15/2011 7:09:59 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    9/15/2011 7:09:58 AM, Error: SRTSP [4] - Error loading virus definitions.
    9/15/2011 5:16:51 AM, Error: EventLog [6008] - The previous system shutdown at 5:13:48 AM on 9/15/2011 was unexpected.
    9/15/2011 5:06:14 AM, Error: EventLog [6008] - The previous system shutdown at 5:03:34 AM on 9/15/2011 was unexpected.
    9/15/2011 4:26:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS BHDrvx86 ccSet_NIS eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SYMTDIv Wanarpv6
    9/15/2011 4:26:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/15/2011 4:26:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/15/2011 4:26:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/15/2011 4:26:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/15/2011 4:25:36 PM, Error: EventLog [6008] - The previous system shutdown at 4:13:53 PM on 9/15/2011 was unexpected.
    9/15/2011 4:12:34 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    9/15/2011 4:12:34 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified.
    9/15/2011 4:08:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/15/2011 4:08:06 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    9/15/2011 4:07:29 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/15/2011 4:06:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS
    9/15/2011 4:06:29 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/15/2011 4:06:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    9/15/2011 4:05:08 PM, Error: R300 [43015] - I2c return failed
    9/15/2011 4:02:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    9/15/2011 4:02:11 AM, Error: EventLog [6008] - The previous system shutdown at 3:56:36 AM on 9/15/2011 was unexpected.
    9/15/2011 3:46:47 AM, Error: EventLog [6008] - The previous system shutdown at 3:40:04 AM on 9/15/2011 was unexpected.
    9/15/2011 12:47:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/15/2011 12:46:32 PM, Error: EventLog [6008] - The previous system shutdown at 12:44:17 PM on 9/15/2011 was unexpected.
    9/15/2011 12:22:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    9/13/2011 9:57:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Mobile-based device connectivity service to connect.
    9/13/2011 9:57:11 PM, Error: Service Control Manager [7000] - The Windows Mobile-based device connectivity service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/13/2011 9:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service RapiMgr with arguments "" in order to run the server: {ED081F25-6A77-4C89-B689-C6E15C582EC1}
    9/13/2011 7:26:28 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    9/12/2011 6:00:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    9/11/2011 8:03:09 AM, Error: Service Control Manager [7034] - The CLAgent Service service terminated unexpectedly. It has done this 1 time(s).
    9/11/2011 7:51:37 AM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
    9/11/2011 7:51:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
    9/11/2011 7:46:33 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
    9/11/2011 7:40:55 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/11/2011 7:40:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    9/11/2011 7:36:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    9/11/2011 7:36:52 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/11/2011 7:36:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    9/11/2011 7:19:03 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    9/11/2011 7:19:03 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/11/2011 7:06:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
    9/11/2011 6:53:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:52:22 AM on 9/11/2011 was unexpected.
    9/11/2011 5:51:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
    9/11/2011 3:57:41 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7AE2123C-4806-429A-83F3-975E883F6620} because another computer on the network has the same name. The server could not start.
    9/11/2011 3:57:41 PM, Error: netbt [4321] - The name "DOREEN-PC :20" could not be registered on the interface with IP address 169.254.84.61. The computer with the IP address 192.168.1.65 did not allow the name to be claimed by this computer.
    9/11/2011 3:57:36 PM, Error: netbt [4321] - The name "DOREEN-PC :0" could not be registered on the interface with IP address 169.254.84.61. The computer with the IP address 192.168.1.65 did not allow the name to be claimed by this computer.
    9/10/2011 2:40:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    9/10/2011 2:39:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    9/10/2011 2:39:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    9/10/2011 2:27:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This system is not stable now There are multiple crashes. Please don't install any new programs.
    ==========================
    I strongly recommend you uninstall the following:
    Advanced SystemCare 4- this is not a good program to have on the system and all the Iobit pages are not well rated.
    Free Window Registry Repair We do not advise anyone to use a registry program.
    ============================
    Malware bytes has done a good job of removing infected files, but there are more:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =================================
    I will set up some script for you to run through Combofix after I see the log> Some will also be from DDS.
     
  5. chewchi

    chewchi TS Rookie Topic Starter

    Results

    Esetscan

    C:\Users\Doreen\AppData\Local\Temp\ICReinstall\cnet_RegpairSetup_exe.exe a variant of Win32/InstallCore.C application
    C:\Users\Doreen\Downloads\cnet_RegpairSetup_exe.exe a variant of Win32/InstallCore.C application



    ComboFix 11-09-15.05 - Doreen 09/16/2011 4:18.1.1 - x86 NETWORK
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.260 [GMT -5:00]
    Running from: c:\users\Doreen\Downloads\ComboFix.exe
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Doreen\AppData\Local\ApplicationHistory
    c:\users\Doreen\AppData\Local\ApplicationHistory\dsca.exe.cf6b816f.ini
    c:\users\Doreen\AppData\Local\ApplicationHistory\EULALauncher.exe.3f62b452.ini
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\comct332.ocx
    c:\windows\system32\mfc100deu.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-16 09:27 . 2011-09-16 09:27 -------- d-----w- c:\users\Doreen\AppData\Local\temp
    2011-09-16 09:27 . 2011-09-16 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-16 02:26 . 2011-09-16 02:26 -------- d-----w- c:\program files\ESET
    2011-09-15 18:13 . 2011-09-16 02:19 -------- d-----w- c:\program files\Free Window Registry Repair
    2011-09-15 12:42 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-15 12:12 . 2011-09-15 19:29 -------- d-----w- c:\users\Doreen\AppData\Local\CrashDumps
    2011-09-15 11:44 . 2011-09-15 11:44 -------- d-----w- c:\windows\ReadyBoot
    2011-09-15 11:28 . 2011-09-15 11:28 -------- d-----w- c:\users\Doreen\AppData\Roaming\Malwarebytes
    2011-09-15 11:28 . 2011-09-15 11:28 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-15 11:28 . 2011-09-15 12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-15 09:17 . 2011-09-15 09:22 -------- d-----w- c:\users\Doreen\AppData\Local\ElevatedDiagnostics
    2011-09-15 09:16 . 2011-09-15 09:16 -------- d-----w- C:\MATS
    2011-09-14 01:48 . 2011-09-14 01:48 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-09-14 01:48 . 2011-09-14 01:48 -------- d-----w- c:\program files\Symantec
    2011-09-14 01:45 . 2011-09-14 01:45 -------- d-----w- c:\windows\system32\drivers\NIS
    2011-09-14 01:45 . 2011-09-14 01:45 -------- d-----w- c:\program files\Norton Internet Security
    2011-09-14 01:45 . 2011-09-14 01:50 -------- d-----w- c:\programdata\Norton
    2011-09-14 01:44 . 2011-09-14 01:44 -------- d-----w- c:\program files\NortonInstaller
    2011-09-14 00:50 . 2011-08-16 13:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B9AC2AD-88C0-4BD7-A1AB-32D0CD5ADD71}\mpengine.dll
    2011-09-13 23:53 . 2011-09-13 23:53 -------- d-----w- c:\program files\GOOGLE
    2011-09-11 21:01 . 2011-09-11 21:01 -------- d-----w- c:\users\Doreen\AppData\Roaming\AVG2012
    2011-09-11 20:58 . 2011-09-11 20:58 -------- d--h--w- c:\programdata\Common Files
    2011-09-11 20:53 . 2011-09-14 01:33 -------- d-----w- c:\programdata\AVG2012
    2011-09-11 20:50 . 2011-09-11 20:50 -------- d-----w- C:\$AVG
    2011-09-11 20:23 . 2011-09-14 00:42 -------- d-----w- c:\programdata\MFAData
    2011-09-11 11:34 . 2011-09-11 11:34 -------- d-----w- c:\program files\Microsoft.NET
    2011-09-11 09:48 . 2011-09-11 09:49 -------- d--h--w- c:\windows\msdownld.tmp
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-09-11 08:27 . 2011-09-11 08:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-09-11 08:24 . 2011-09-11 08:27 -------- d-----w- c:\program files\QuickTime
    2011-09-11 08:10 . 2011-09-11 08:10 -------- d-----w- c:\program files\Common Files\Apple
    2011-09-11 08:06 . 2011-09-11 08:06 -------- d-----w- c:\program files\Apple Software Update
    2011-09-11 07:58 . 2011-09-15 18:06 -------- d-----w- c:\users\Doreen\AppData\Local\Solid State Networks
    2011-09-10 08:31 . 2011-09-10 08:55 -------- d-----w- c:\users\Doreen\AppData\Roaming\VoipStunt
    2011-09-04 10:28 . 2011-09-04 10:28 -------- d-----w- c:\program files\uTorrent
    2011-09-04 10:27 . 2011-09-12 22:57 -------- d-----w- c:\users\Doreen\AppData\Roaming\uTorrent
    2011-09-04 10:27 . 2011-09-04 10:27 -------- d-----w- c:\users\Doreen\AppData\Local\uTorrent
    2011-09-01 09:30 . 2011-09-01 09:30 -------- d-----w- c:\program files\ooVoo
    2011-08-31 21:15 . 2011-08-31 23:38 -------- d-----w- c:\programdata\NCH Software
    2011-08-30 10:15 . 2011-08-30 10:15 -------- d-----w- c:\users\Doreen\AppData\Local\Apps
    2011-08-30 08:25 . 2011-08-30 08:25 -------- d-----w- c:\programdata\IObit
    2011-08-30 08:20 . 2011-08-30 08:25 -------- d-----w- c:\users\Doreen\AppData\Roaming\IObit
    2011-08-30 08:20 . 2011-09-15 15:04 -------- d-----w- c:\program files\IObit
    2011-08-30 07:27 . 2011-08-30 07:27 -------- d-----w- c:\users\Doreen\AppData\Roaming\PC Cleaners
    2011-08-30 07:26 . 2011-08-30 07:21 5366544 ----a-w- c:\windows\uninst.exe
    2011-08-30 07:26 . 2011-08-30 07:26 -------- d-----w- c:\programdata\PC1Data
    2011-08-29 18:22 . 2011-03-13 16:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
    2011-08-29 11:24 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-08-29 11:24 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-08-29 11:24 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-08-29 11:24 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2011-08-29 11:24 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-08-29 11:23 . 2011-08-29 11:25 -------- d-----w- c:\users\Doreen\AppData\Roaming\Simply Super Software
    2011-08-29 11:23 . 2011-08-29 11:23 -------- d-----w- c:\programdata\Simply Super Software
    2011-08-28 11:04 . 2011-08-28 11:04 -------- d-----w- c:\users\Doreen\AppData\Local\Mozilla
    2011-08-24 12:59 . 2011-08-24 12:59 -------- d-----w- c:\users\Doreen\AppData\Roaming\Dell
    2011-08-24 12:58 . 2011-09-12 09:31 -------- d-----w- c:\programdata\PCDr
    2011-08-24 11:28 . 2011-08-24 11:29 -------- d-----w- c:\users\Doreen\AppData\Roaming\PCDr
    2011-08-24 11:21 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-23 08:42 . 2011-09-11 07:49 -------- d-----w- c:\programdata\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-03 10:18 . 2011-05-29 06:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 02:54 . 2011-08-11 08:45 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-11 08:45 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-11 08:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-19 10:05 . 2011-03-18 16:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-06 15:31 . 2011-08-11 04:09 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-06-20 08:54 . 2011-08-11 04:09 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54 . 2011-08-11 04:09 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-09-08 06:44 . 2011-08-28 11:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg&inst=NzYtOTE5NTExNDY4LUIxLUtWMys3LVhLKzEtU1QxMkZPSSsxLUREVCswLVNUMTJBUFArMS1FVUxBKzE&prod=94&ver=2012.0.1796&mid=041b0578d2cb47d1846cd155656dcbf3-ec79430492988f0908e02d89066d457332c0680e" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
    2011-08-09 21:56 417112 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-07-11 22:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2006-11-22 00:52 1540096 ----a-w- c:\windows\System32\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-03-16 10:20 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-09-10 07:47 136176 ----atw- c:\users\Doreen\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
    2011-07-20 17:19 4393816 ----a-w- c:\program files\IObit\IObit Malware Fighter\IMF.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2008-10-24 14:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2008-10-24 14:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-08-31 22:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-02-08 05:11 303104 ----a-w- c:\windows\sttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2006-11-20 17:51 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
    2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R0 AFS;AFS; [x]
    R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110909.001\BHDrvx86.sys [2011-09-09 816760]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [2011-08-08 132744]
    R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110914.031_db0\IDSvix86.sys [2011-09-13 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [2011-07-25 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1301000.01C\SYMTDIV.SYS [2011-07-25 344184]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate); [x]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [2011-08-10 138760]
    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-09-14 105592]
    R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-07-11 18768]
    R3 gupdatem;Google Update Service (gupdatem); [x]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-03-23 30600]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-03-23 19280]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536]
    R4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1301000.01C\SYMDS.SYS [2011-07-25 340088]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1301000.01C\SYMEFA.SYS [2011-07-28 897656]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-03-13 148520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ECACHE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966267612-1689376104-3358760185-1000Core.job
    - c:\users\Doreen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 07:47]
    .
    2011-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-966267612-1689376104-3358760185-1000UA.job
    - c:\users\Doreen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 07:47]
    .
    2011-09-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
    .
    2011-09-15 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\32h8sfh9.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf530ea3a-aa77-4abe-a522-7319a6af7e3f%7D&mid=041b0578d2cb47d1846cd155656dcbf3-ec79430492988f0908e02d89066d457332c0680e&ds=AVG&v=8.0.0.34&lang=en&pr=pr&d=2011-09-11%2015%3A58%3A55&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
    BHO-{59c6f12b-f004-43e5-9997-08f2123119b6} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{59c6f12b-f004-43e5-9997-08f2123119b6} - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="YMP.Media"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1480)
    c:\program files\WinRAR\rarext.dll
    c:\program files\IObit\IObit Malware Fighter\IMFShellExt.dll
    c:\program files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
    .
    Completion time: 2011-09-16 04:31:44
    ComboFix-quarantined-files.txt 2011-09-16 09:31
    .
    Pre-Run: 2,575,736,832 bytes free
    Post-Run: 5,803,479,040 bytes free
    .
    - - End Of File - - 30A24AACC208E5535AE6725FE62D4F3A
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    uSearch Page =
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
    uSearch Bar =
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} -
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {B80F591E-FE9A-46CF-A13E-180377240586} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFaUDItUko3UFItN0dOTVUtQUJMRTYtVFBRQ0ktNg"&"inst=NzYtOTE5NTExNDY4L UIxLUtWMys3LVhLKzEtU1QxMkZPSSsxLUREVCswLVNUMTJBUFArMS1FVUxBKzE"&"prod=94"&" ver=2012.0.1796"&"mid=041b0578d2cb47d1846cd155656dcbf3-ec79430492988f0908e02d89066d457332c0680e
    Folder::
    c:\program files\Free Window Registry Repair
    c:\windows\ReadyBoot
    c:\users\Doreen\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Doreen\AppData\Local\CrashDumps
    c:\users\Doreen\AppData\Roaming\AVG2012
    c:\programdata\Common Files
    c:\programdata\AVG2012
    C:\$AVG
    c:\windows\msdownld.tmp
    c:\program files\uTorrent
    c:\users\Doreen\AppData\Roaming\uTorrent
    c:\users\Doreen\AppData\Local\uTorrent
    c:\users\Doreen\AppData\Local\Apps
    c:\users\Doreen\AppData\Roaming\PC Cleaners
    c:\programdata\PC1Data
    c:\programdata\PCDr
    c:\users\Doreen\AppData\Roaming\PCDr
    c:\programdata\AVAST Software
    Registry::
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    Extra::
    Firefox::
    Firefox-: - Profile - c:\users\doreen\appdata\roaming\mozilla\firefox\profiles\32h8sfh9.default\
    Firefox-: prefs.js- Startup.Homepage
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================

    Please go on to next reply.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Users\Doreen\AppData\Local\Temp\ICReinstall\cnet_RegpairSetup_exe.exe 
      C:\Users\Doreen\Downloads\cnet_RegpairSetup_exe.exe 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...