BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
System tool trojan
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > System tool trojan  
Forum Quick Jump
 
New Topic Post reply to : System tool trojan Printable version of : System tool trojan
[ << Previous Thread | Next Thread >> ]

banksy
Junior Member


Date Joined Jun 2008
Total Posts : 53
 
   Posted 11/21/2010 9:32 PM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
hi, any help with this would be appreciated :
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5163
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
21/11/2010 18:17:28
mbam-log-2010-11-21 (18-17-28).txt
Scan type: Full scan (C:\|)
Objects scanned: 186833
Time elapsed: 26 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 161
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 153
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\2867078 (Trojan.SCTool.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\008711D1.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\001CA6A7.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00016E64 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00017A2C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001847D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00018E21 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001FC3D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0005069F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00051804.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0008E911.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0008E9EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001AE495 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001AECB3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001AED3F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001AED9D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\001AEDFB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0024CC49.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0024D041.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0024D13B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0024D273 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00F59979.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02DFE24A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Application Data\2867078.exe (Trojan.SCTool.Gen) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:37, on 21/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbar.dll
O2 - BHO: Online Oryte Games Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnl2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: FBLayouts Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\FBLayouts\fblayouts.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Online Oryte Games Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnl2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CANYON CN-WCAM23 PC-Camera
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SmileyCentralIE_1w Browser Plugin Loader] C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbrmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HPOwlCluster] C:\Program Files\Desktop Owl\skinkers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\user\Application Data\IMVUClient\IMVUQualityAgent.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\user\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\user\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1c9eea42f70050c) (gupdate1c9eea42f70050c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SmileyCentral Service (SmileyCentralIE_1wService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe
--
End of file - 12612 bytes

DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by user at 18:20:42.06 on 21/11/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.596 [GMT 0:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\My Documents\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: N/A: {339a0dff-d9af-439b-92bc-636220fb3dae} - c:\program files\smileycentralie_1w\bar\1.bin\1wSrcAs.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Toolbar BHO: {55cde9e7-696c-47c4-8e21-7210b8aeb103} - c:\progra~1\smiley~2\bar\1.bin\1wbar.dll
BHO: Online Oryte Games Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnl2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Assistant BHO: {5ed22e89-62fa-47ec-bd8d-374d849d436c} - c:\program files\smileycentralie_1w\bar\1.bin\1wSrcAs.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Online Oryte Games Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnl2.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: SmileyCentral: {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - c:\program files\smileycentralie_1w\bar\1.bin\1wbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [HPOwlCluster] c:\program files\desktop owl\skinkers.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE CANYON CN-WCAM23 PC-Camera
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [SmileyCentralIE_1w Browser Plugin Loader] c:\progra~1\smiley~2\bar\1.bin\1wbrmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\imvu.lnk - c:\documents and settings\user\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Free YouTube Download - c:\documents and settings\user\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-24 54752]
S2 gupdate1c9eea42f70050c;Google Update Service (gupdate1c9eea42f70050c);c:\program files\google\update\GoogleUpdate.exe [2009-6-16 133104]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-29 583640]
S2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\smiley~2\bar\1.bin\1wbarsvc.exe [2010-10-23 28766]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-5-21 87936]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-21 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
SUnknown MyWebSearchService;MyWebSearchService; [x]
=============== Created Last 30 ================
2010-11-21 18:17:49 54016 ----a-w- c:\windows\system32\drivers\vywfx.sys
2010-11-21 17:47:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 17:47:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-21 17:39:02 -------- d-----w- c:\program files\CCleaner
2010-11-14 11:57:18 -------- d-----w- c:\docume~1\user\locals~1\applic~1\ConduitEngine
2010-11-14 11:57:06 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-14 11:57:06 -------- d-----w- c:\program files\ConduitEngine
2010-11-07 14:28:54 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Amazon
2010-11-07 14:28:38 -------- d-----w- c:\program files\Amazon
2010-11-06 11:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-29 22:18:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-23 13:15:05 -------- d-----w- c:\program files\SmileyCentralIE_1w
2010-10-23 13:14:43 -------- d-----w- c:\program files\SmileyCentral_1vEI
==================== Find3M  ====================
2010-10-29 22:18:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-04-02 08:41:39 716320 ----a-w- c:\program files\PSISetup.exe
============= FINISH: 18:21:08.39 ===============
 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/05/2008 08:36:29
System Uptime: 21/11/2010 17:27:43 (1 hours ago)
Motherboard: Dell Inc. |  |      
Processor:         Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 20.014 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP362: 20/10/2010 15:35:26 - System Checkpoint
RP363: 21/10/2010 17:53:39 - System Checkpoint
RP364: 22/10/2010 20:22:47 - System Checkpoint
RP365: 23/10/2010 20:25:42 - System Checkpoint
RP366: 24/10/2010 23:56:02 - System Checkpoint
RP367: 26/10/2010 00:54:17 - System Checkpoint
RP368: 29/10/2010 20:13:58 - System Checkpoint
RP369: 29/10/2010 23:14:15 - Installed QuickTime
RP370: 29/10/2010 23:17:24 - Removed Java(TM) 6 Update 20
RP371: 29/10/2010 23:18:07 - Installed Java(TM) 6 Update 22
RP372: 31/10/2010 01:52:49 - System Checkpoint
RP373: 01/11/2010 01:20:46 - System Checkpoint
RP374: 02/11/2010 19:26:23 - System Checkpoint
RP375: 04/11/2010 17:24:47 - System Checkpoint
RP376: 05/11/2010 17:46:25 - System Checkpoint
RP377: 06/11/2010 21:23:04 - System Checkpoint
RP378: 08/11/2010 18:46:54 - System Checkpoint
RP379: 10/11/2010 16:55:01 - System Checkpoint
RP380: 11/11/2010 09:05:32 - Software Distribution Service 3.0
RP381: 12/11/2010 18:30:12 - System Checkpoint
RP382: 15/11/2010 07:53:48 - System Checkpoint
RP383: 17/11/2010 15:42:21 - System Checkpoint
==== Installed Programs ======================
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
ALOT Toolbar
Amazon Kindle For PC v1.1
Apple Application Support
Apple Software Update
avast! Free Antivirus
BAMZOOKi v3.1 (build 115.158)
C-Major Audio
CANYON CN-WCAM23 PC-Camera
CCleaner
Classic Sudoku (remove only)
Conexant D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Desktop Owl
DVD Shrink 3.2
DVDFab 7.0.4.0 (15/04/2010)
DVDVideoSoftTB Toolbar
Free Studio version 4.8
Free YouTube to MP3 Converter version 3.2
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
LightScribe  1.4.136.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Journal Viewer
MS Access 97 SP2
MSN Toolbar
MSVCRT
Norton Security Scan
NVIDIA PhysX
Online_Games_Bar Toolbar
Photodex Presenter
PowerDVD
QuickTime
RealPlayer
RealUpgrade 1.0
Registry Mechanic 10.0
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Smart Menus (Windows Live Toolbar)
SmileyCentral
Solitaire Master 3
SweetIM for Messenger 3.2
SweetIM Toolbar for Internet Explorer 3.9
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
21/11/2010 17:29:44, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Aavmker4 aswSP aswTdi Fips intelppm
21/11/2010 17:28:41, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/11/2010 21:00:56, error: Dhcp [1002]  - The IP address lease 10.0.0.102 for the Network Card with network address 0014A5043289 has been denied by the DHCP server 10.0.0.200 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
cheers, banksy.
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/22/2010 8:05 AM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
Hello    smile
 
 

Please download combofix:  Here
Save it to Desktop.
 
Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix.
There are details for disabling many programmes: Here
 
Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please post it to your next reply
 
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

banksy
Junior Member


Date Joined Jun 2008
Total Posts : 53
 
   Posted 11/22/2010 11:54 PM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
ComboFix 10-11-22.01 - user 22/11/2010  20:14:56.2.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.800 [GMT 0:00]
Running from: c:\documents and settings\user\My Documents\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Guest\Application Data\alot
c:\documents and settings\Guest\Application Data\PriceGong
c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml
c:\documents and settings\user\Application Data\alot
c:\documents and settings\user\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\user\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\user\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\user\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\user\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\user\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\user\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\user\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\user\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\user\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\user\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\user\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\user\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\user\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\user\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\user\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\user\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\user\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\user\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\user\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\user\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\user\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\user\Application Data\alot\configurator\configurator.xml
c:\documents and settings\user\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\user\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\user\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\user\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\user\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\user\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\user\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\user\Application Data\alot\products\products.xml
c:\documents and settings\user\Application Data\alot\products\products.xml.backup
c:\documents and settings\user\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\user\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\user\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\user\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\user\Application Data\alot\Resources\Button_3\images\4678_icon.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_3\images\4678_icon.png
c:\documents and settings\user\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png
c:\documents and settings\user\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png
c:\documents and settings\user\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png
c:\documents and settings\user\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png
c:\documents and settings\user\Application Data\alot\Resources\Button_8\images\4675_icon.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_8\images\4675_icon.png
c:\documents and settings\user\Application Data\alot\Resources\Button_9\images\4680_icon.bmp
c:\documents and settings\user\Application Data\alot\Resources\Button_9\images\4680_icon.png
c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\user\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\user\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\user\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\user\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\user\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\user\Application Data\alot\toolbar.xml
c:\documents and settings\user\Application Data\alot\toolbar.xml.backup
c:\documents and settings\user\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\user\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\user\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\user\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\user\Application Data\alot\Updater\Updater.xml
c:\documents and settings\user\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\user\Application Data\inst.exe
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.xml
c:\documents and settings\user\Application Data\PriceGong\Data\a.xml
c:\documents and settings\user\Application Data\PriceGong\Data\b.xml
c:\documents and settings\user\Application Data\PriceGong\Data\c.xml
c:\documents and settings\user\Application Data\PriceGong\Data\d.xml
c:\documents and settings\user\Application Data\PriceGong\Data\e.xml
c:\documents and settings\user\Application Data\PriceGong\Data\f.xml
c:\documents and settings\user\Application Data\PriceGong\Data\g.xml
c:\documents and settings\user\Application Data\PriceGong\Data\h.xml
c:\documents and settings\user\Application Data\PriceGong\Data\i.xml
c:\documents and settings\user\Application Data\PriceGong\Data\J.xml
c:\documents and settings\user\Application Data\PriceGong\Data\k.xml
c:\documents and settings\user\Application Data\PriceGong\Data\l.xml
c:\documents and settings\user\Application Data\PriceGong\Data\m.xml
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.xml
c:\documents and settings\user\Application Data\PriceGong\Data\o.xml
c:\documents and settings\user\Application Data\PriceGong\Data\p.xml
c:\documents and settings\user\Application Data\PriceGong\Data\q.xml
c:\documents and settings\user\Application Data\PriceGong\Data\r.xml
c:\documents and settings\user\Application Data\PriceGong\Data\s.xml
c:\documents and settings\user\Application Data\PriceGong\Data\t.xml
c:\documents and settings\user\Application Data\PriceGong\Data\u.xml
c:\documents and settings\user\Application Data\PriceGong\Data\v.xml
c:\documents and settings\user\Application Data\PriceGong\Data\w.xml
c:\documents and settings\user\Application Data\PriceGong\Data\x.xml
c:\documents and settings\user\Application Data\PriceGong\Data\y.xml
c:\documents and settings\user\Application Data\PriceGong\Data\z.xml
c:\documents and settings\user\My Documents\Internet Explorer.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.4.inf
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE

(((((((((((((((((((((((((   Files Created from 2010-10-22 to 2010-11-22  )))))))))))))))))))))))))))))))
.
2010-11-21 18:22 . 2010-11-21 18:22 -------- d-----w- c:\program files\Trend Micro
2010-11-21 17:47 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 17:47 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-21 17:39 . 2010-11-21 18:39 -------- d-----w- c:\program files\CCleaner
2010-11-14 16:32 . 2010-11-14 16:32 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\ConduitEngine
2010-11-14 11:57 . 2010-11-14 13:26 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ConduitEngine
2010-11-14 11:57 . 2010-11-14 11:57 -------- d-----w- c:\program files\ConduitEngine
2010-11-14 11:57 . 2010-11-14 11:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\documents and settings\user\Application Data\Amazon
2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Amazon
2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\program files\Amazon
2010-11-06 11:37 . 2010-11-06 11:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-10-29 22:19 . 2010-10-29 22:19 -------- d-----w- c:\program files\Common Files\Java
2010-10-29 22:18 . 2010-10-29 22:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-29 22:15 . 2010-10-29 22:16 -------- d-----w- c:\program files\QuickTime
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 22:18 . 2010-04-26 14:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 08:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-04-02 08:41 . 2010-04-02 08:41 716320 ----a-w- c:\program files\PSISetup.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
"{339a0dff-d9af-439b-92bc-636220fb3dae}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll" [2010-10-23 53248]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CLASSES_ROOT\clsid\{339a0dff-d9af-439b-92bc-636220fb3dae}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55cde9e7-696c-47c4-8e21-7210b8aeb103}]
2010-10-23 13:15 675840 ----a-w- c:\progra~1\SMILEY~2\bar\1.bin\1wbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Online_Games_Bar\tbOnl2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ed22e89-62fa-47ec-bd8d-374d849d436c}]
2010-10-23 13:15 53248 ----a-w- c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 16:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnl2.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
"{d3ca5551-fc2e-4d09-8ece-263607acf9fc}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-10-23 675840]
[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnl2.dll" [2010-10-18 3908192]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192]
"{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-10-23 675840]
[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 68856]
"HPOwlCluster"="c:\program files\Desktop Owl\skinkers.exe" [2002-11-19 347648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-08-20 40960]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-29 68592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-26 202256]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"SmileyCentralIE_1w Browser Plugin Loader"="c:\progra~1\SMILEY~2\bar\1.bin\1wbrmon.exe" [2010-10-23 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\E Games\\Solitaire Master 3\\master.exe"=
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [21/05/2008 13:09 87936]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 14:05 14904]
S2 gupdate1c9eea42f70050c;Google Update Service (gupdate1c9eea42f70050c);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2009 17:02 133104]
S2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [23/10/2010 13:15 28766]
.
Contents of the 'Scheduled Tasks' folder
2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 17:01]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 17:01]
2010-11-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1958367476-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1958367476-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Free YouTube Download - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
AddRemove-MS Access 97 SP2 - c:\program files\Microsoft Office\setup\setup.exe
 
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 20:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ...
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\WININET.dll
c:\progra~1\SMILEY~2\bar\1.bin\1wbrstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Secunia\PSI\psi.exe
.
**************************************************************************
.
Completion time: 2010-11-22  20:47:27 - machine was rebooted
ComboFix-quarantined-files.txt  2010-11-22 20:47
Pre-Run: 21,726,339,072 bytes free
Post-Run: 21,810,130,944 bytes free
- - End Of File - - AE538515B39E32B56CF807CFE4495369
cheers, banksy.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/23/2010 7:49 AM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
 Follow the instructions on the site. When downloaded, click on – Check for updates – Button.
Under Configuration and Preferences, click the Preferences button.
Click the
Scanning Control tab.
Under
Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.

When the scan have finished ->
Click Preferences . Click the Statistics/Logs tab .
Under
Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).
·         Save the logfile to desktop
·         Click close and close again to exit the program.
Reboot, if needed.
Post Superantispyware log in next reply.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

banksy
Junior Member


Date Joined Jun 2008
Total Posts : 53
 
   Posted 11/24/2010 1:13 AM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/23/2010 at 09:56 PM
Application Version : 4.46.1000
Core Rules Database Version : 5907
Trace Rules Database Version: 3719
Scan type       : Complete Scan
Total Scan Time : 00:41:46
Memory items scanned      : 445
Memory threats detected   : 0
Registry items scanned    : 5605
Registry threats detected : 16
File items scanned        : 39484
File threats detected     : 193
Adware.Tracking Cookie
 C:\Documents and Settings\user\Cookies\user@www.googleadservices[1].txt
 C:\Documents and Settings\user\Cookies\user@imrworldwide[2].txt
 C:\Documents and Settings\user\Cookies\user@surveymonkey.122.2o7[1].txt
 C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
 C:\Documents and Settings\user\Cookies\user@adecn[1].txt
 C:\Documents and Settings\user\Cookies\user@invitemedia[1].txt
 C:\Documents and Settings\user\Cookies\user@adbrite[1].txt
 C:\Documents and Settings\user\Cookies\user@adviva[1].txt
 C:\Documents and Settings\user\Cookies\user@content.yieldmanager[3].txt
 C:\Documents and Settings\user\Cookies\user@adtech[1].txt
 C:\Documents and Settings\user\Cookies\user@pro-market[1].txt
 C:\Documents and Settings\user\Cookies\user@ru4[2].txt
 C:\Documents and Settings\user\Cookies\user@apmebf[2].txt
 C:\Documents and Settings\user\Cookies\user@yieldmanager[1].txt
 C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt
 C:\Documents and Settings\user\Cookies\user@revsci[3].txt
 C:\Documents and Settings\user\Cookies\user@ads.raasnet[1].txt
 C:\Documents and Settings\user\Cookies\user@content.yieldmanager[1].txt
 C:\Documents and Settings\user\Cookies\user@media6degrees[2].txt
 C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt
 C:\Documents and Settings\user\Cookies\user@atdmt[3].txt
 C:\Documents and Settings\user\Cookies\user@collective-media[1].txt
 C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt
 C:\Documents and Settings\user\Cookies\user@user.lucidmedia[1].txt
 C:\Documents and Settings\user\Cookies\user@zedo[1].txt
 C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
 C:\Documents and Settings\user\Cookies\user@mediaplex[3].txt
 C:\Documents and Settings\user\Cookies\user@specificclick[1].txt
 C:\Documents and Settings\user\Cookies\user@advertising[1].txt
 cdn4.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 gw.callingbanners.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 ia.media-imdb.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 media.mtvnservices.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 s0.2mdn.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 secure-us.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 spe.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ]
 C:\Documents and Settings\Guest\Cookies\guest@112.2o7[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@122.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@247realmedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[4].txt
 C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@adecn[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@adecn[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs.ticketmaster[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.pubmatic[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.raasnet[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.skiddle[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ads.telegraph.co[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@adtech[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@adtech[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@adviva[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@adviva[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@adxpose[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@adxpose[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@apmebf[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@apmebf[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@at.atwola[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@at.atwola[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@atdmt[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@chitika[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@clickfuse[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@collective-media[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@collective-media[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[4].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[5].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[6].txt
 C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[7].txt
 C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@doubleclick[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6aekoolajwbo.stats.esomniture[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkowhcjsgq.stats.esomniture[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfmyupdzkcq.stats.esomniture[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgk4qndjsgp.stats.esomniture[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgk4qndjsgp.stats.esomniture[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkouhcpclp.stats.esomniture[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmyand5gdp.stats.esomniture[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wnkocidzebp.stats.esomniture[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@eas.apm.emediate[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@ehg-tfl.hitbox[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@in.getclicky[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@indoormedia.co[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@interclick[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@invitemedia[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@kantarmedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@liveperson[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@liveperson[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@liveperson[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@lovefilm.db.advertising[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@media.adfrontiers[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@media6degrees[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@mediaforge[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@mediaplex[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@mediaplex[4].txt
 C:\Documents and Settings\Guest\Cookies\guest@myonlineaccounts2.abbeynational.co[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@mywebsearch[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@nationalmediamuseum.org[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@newlook.112.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@nextag.co[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@onlineadtracker.co[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@paypal.112.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@premiumtv.122.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@pro-market[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@riverisland.122.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ru4[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@server.lon.liveperson[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@server.lon.liveperson[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@serving-sys[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@specificclick[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@statcounter[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@stats.mytraveline[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@stats.paypal[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@statsadv.dadapro[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@steelhousemedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@tacoda[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@track.adform[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@track.omguk[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@tracking.adjug[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@tracking.dc-storm[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@user.lucidmedia[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@vdwp.solution.weborama[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@videoegg.adbureau[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@virginmediapeople[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@virginmedia[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@w00tpublishers.wootmedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@warnerbros.112.2o7[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@weborama[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@ww251.smartadserver[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[10].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[11].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[3].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[4].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[5].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[6].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[7].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[8].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[9].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.nationalmediamuseum.org[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.nationalmediamuseum.org[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@www.virginmedia[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@www3.smartadserver[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[2].txt
 C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
 C:\Documents and Settings\Guest\Cookies\guest@zedo[3].txt
 secure-uk.imrworldwide.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\RTYS9N9M ]
 C:\Documents and Settings\user\Cookies\user@apmebf[1].txt
 C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
 C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
 C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt
 C:\Documents and Settings\user\Cookies\user@revsci[1].txt
Browser Hijacker.Deskbar
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
 HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
 HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
 HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
 HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
 HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
 HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
 HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
 HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
 HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
 HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
 HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
Adware.MyWebSearch/FunWebProducts
 C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
cheers, banksy.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/25/2010 9:34 AM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
How are things running now ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

banksy
Junior Member


Date Joined Jun 2008
Total Posts : 53
 
   Posted 12/15/2010 10:16 PM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
sorry about the length of time since my last reply.
things seem ok confused
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 12/18/2010 6:40 AM (GMT +3)    Quote: System tool trojanAlert an admin about: System tool trojan
No problem  smile
 
things seem ok
It doesn´t sound you are absolutely sure ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Post reply to : System tool trojan Printable version of : System tool trojan
 
Forum Information
Currently it is Thursday, August 28, 2014 12:07 PM (GMT +3)
There are a total of 60,587 posts in 13,320 threads.
In the last 3 days there were 9 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 36287 registered members. Please welcome our newest member, sdvwe.
5 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
[1 Min] Order, [5 Mins] Delivery fifa coins (0)8/28/2014 8:49:41 AM (sdvwe)
Blocking of sites (3)8/28/2014 8:06:23 AM (Dickens)
Cheap Kitchen Leeds (0)8/28/2014 1:53:54 AM (zolahayio)
Kitchen Sale Aberdeen (0)8/27/2014 5:40:59 PM (semlenget911)
Kitchens For Sale Bradford (0)8/27/2014 3:39:22 PM (emeseeyu)