System tool trojan

Posted 11/21/2010 6:32 PM
#90095
User avatar

banksy Advanced member

Date Joined Nov 2016
Total Posts: 50
hi, any help with this would be appreciated : <br/> <br/> <br/>Malwarebytes' Anti-Malware 1.46 <br/>www.malwarebytes.org <br/> <br/>Database version: 5163 <br/> <br/>Windows 5.1.2600 Service Pack 3 (Safe Mode) <br/>Internet Explorer 8.0.6001.18702 <br/> <br/>21/11/2010 18:17:28 <br/>mbam-log-2010-11-21 (18-17-28).txt <br/> <br/>Scan type: Full scan (C:\|) <br/>Objects scanned: 186833 <br/>Time elapsed: 26 minute(s), 53 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 161 <br/>Registry Values Infected: 10 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 24 <br/>Files Infected: 153 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\2867078 (Trojan.SCTool.Gen) -> Quarantined and deleted successfully. <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/> <br/>Files Infected: <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\ScreenSaver\Images\008711D1.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\001CA6A7.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\00016E64 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\00017A2C (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0001847D (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\00018E21 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0001FC3D (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0005069F (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\00051804.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0008E911.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0008E9EB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\001AE495 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\001AECB3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\001AED3F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\001AED9D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\001AEDFB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0024CC49.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0024D041.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0024D13B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\0024D273 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\00F59979.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\02DFE24A (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\user\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. <br/>C:\Documents and Settings\user\Local Settings\Application Data\2867078.exe (Trojan.SCTool.Gen) -> Quarantined and deleted successfully. <br/> <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 18:22:37, on 21/11/2010 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/>Boot mode: Safe mode with network support <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\CCleaner\CCleaner.exe <br/>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe <br/>C:\WINDOWS\system32\NOTEPAD.EXE <br/>C:\WINDOWS\system32\notepad.exe <br/>C:\WINDOWS\system32\notepad.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521 <br/>R3 - URLSearchHook: (no name) - - (no file) <br/>R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll <br/>R3 - URLSearchHook: (no name) - {339a0dff-d9af-439b-92bc-636220fb3dae} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll <br/>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) <br/>O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll <br/>O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll <br/>O2 - BHO: Toolbar BHO - {55cde9e7-696c-47c4-8e21-7210b8aeb103} - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbar.dll <br/>O2 - BHO: Online Oryte Games Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnl2.dll <br/>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) <br/>O2 - BHO: Search Assistant BHO - {5ed22e89-62fa-47ec-bd8d-374d849d436c} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll <br/>O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll <br/>O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll <br/>O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O2 - BHO: FBLayouts Plugin - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\FBLayouts\fblayouts.dll <br/>O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll <br/>O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll <br/>O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) <br/>O3 - Toolbar: Online Oryte Games Toolbar - {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - C:\Program Files\Online_Games_Bar\tbOnl2.dll <br/>O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll <br/>O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll <br/>O3 - Toolbar: SmileyCentral - {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - C:\Program Files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll <br/>O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" <br/>O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE CANYON CN-WCAM23 PC-Camera <br/>O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun <br/>O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent <br/>O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe <br/>O4 - HKLM\..\Run: [SmileyCentralIE_1w Browser Plugin Loader] C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbrmon.exe <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript <br/>O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent <br/>O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [HPOwlCluster] C:\Program Files\Desktop Owl\skinkers.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') <br/>O4 - Startup: IMVU.lnk = C:\Documents and Settings\user\Application Data\IMVUClient\IMVUQualityAgent.exe <br/>O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe <br/>O4 - Global Startup: McAfee Security Scan Plus.lnk = ? <br/>O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\user\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm <br/>O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\user\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll <br/>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab <br/>O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab <br/>O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab <br/>O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab <br/>O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab <br/>O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab <br/>O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab <br/>O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab <br/>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe <br/>O23 - Service: Google Update Service (gupdate1c9eea42f70050c) (gupdate1c9eea42f70050c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe <br/>O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe <br/>O23 - Service: SmileyCentral Service (SmileyCentralIE_1wService) - SmileyCentral - C:\PROGRA~1\SMILEY~2\bar\1.bin\1wbarsvc.exe <br/> <br/>-- <br/>End of file - 12612 bytes <br/> <br/> <br/> <br/>DDS (Ver_10-11-10.01) - NTFSx86 NETWORK <br/>Run by user at 18:20:42.06 on 21/11/2010 <br/>Internet Explorer: 8.0.6001.18702 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.596 [GMT 0:00] <br/> <br/>AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/> <br/>============== Running Processes =============== <br/> <br/>C:\WINDOWS\system32\svchost -k DcomLaunch <br/>svchost.exe <br/>C:\WINDOWS\system32\svchost.exe -k netsvcs <br/>svchost.exe <br/>svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\internet explorer\iexplore.exe <br/>C:\Program Files\CCleaner\CCleaner.exe <br/>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe <br/>C:\WINDOWS\system32\NOTEPAD.EXE <br/>C:\Documents and Settings\user\My Documents\dds.scr <br/> <br/>============== Pseudo HJT Report =============== <br/> <br/>uStart Page = hxxp://www.facebook.com/ <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mStart Page = hxxp://home.sweetim.com <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521 <br/>uURLSearchHooks: H - No File <br/>uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll <br/>uURLSearchHooks: N/A: {339a0dff-d9af-439b-92bc-636220fb3dae} - c:\program files\smileycentralie_1w\bar\1.bin\1wSrcAs.dll <br/>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File <br/>BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll <br/>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll <br/>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll <br/>BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll <br/>BHO: Toolbar BHO: {55cde9e7-696c-47c4-8e21-7210b8aeb103} - c:\progra~1\smiley~2\bar\1.bin\1wbar.dll <br/>BHO: Online Oryte Games Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnl2.dll <br/>BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File <br/>BHO: Search Assistant BHO: {5ed22e89-62fa-47ec-bd8d-374d849d436c} - c:\program files\smileycentralie_1w\bar\1.bin\1wSrcAs.dll <br/>BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll <br/>BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll <br/>BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll <br/>BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll <br/>BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll <br/>BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll <br/>BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll <br/>BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll <br/>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll <br/>BHO: FBLayouts Plugin: {ff4e1d1d-705b-4379-ab33-22d98c1abf55} - c:\program files\fblayouts\fblayouts.dll <br/>TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0621.0\msneshellx.dll <br/>TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll <br/>TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll <br/>TB: Online Oryte Games Toolbar: {5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1} - c:\program files\online_games_bar\tbOnl2.dll <br/>TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll <br/>TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll <br/>TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVD2.dll <br/>TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll <br/>TB: SmileyCentral: {d3ca5551-fc2e-4d09-8ece-263607acf9fc} - c:\program files\smileycentralie_1w\bar\1.bin\1wbar.dll <br/>TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File <br/>TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File <br/>uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" <br/>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe <br/>uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" <br/>uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background <br/>uRun: [HPOwlCluster] c:\program files\desktop owl\skinkers.exe <br/>mRun: [igfxtray] c:\windows\system32\igfxtray.exe <br/>mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe <br/>mRun: [igfxpers] c:\windows\system32\igfxpers.exe <br/>mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" <br/>mRun: [BigDogPath] c:\windows\VM_STI.EXE CANYON CN-WCAM23 PC-Camera <br/>mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun <br/>mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent <br/>mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui <br/>mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot <br/>mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe <br/>mRun: [SmileyCentralIE_1w Browser Plugin Loader] c:\progra~1\smiley~2\bar\1.bin\1wbrmon.exe <br/>mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" <br/>mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" <br/>mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime <br/>mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" <br/>mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript <br/>mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent <br/>dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE <br/>StartupFolder: c:\docume~1\user\startm~1\programs\startup\imvu.lnk - c:\documents and settings\user\application data\imvuclient\IMVUQualityAgent.exe <br/>StartupFolder: c:\docume~1\user\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe <br/>StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe <br/>IE: &Search <br/>IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>IE: Free YouTube Download - c:\documents and settings\user\application data\dvdvideosoftiehelpers\youtubedownload.htm <br/>IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\application data\dvdvideosoftiehelpers\youtubetomp3.htm <br/>IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\start menu\programs\imvu\Run IMVU.lnk <br/>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe <br/>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll <br/>DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab <br/>DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab <br/>DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://launcher.station.sony.com/weblauncher/plugin/1.0.3.93/SOEWebInstaller.cab <br/>DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab <br/>DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab <br/>DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab <br/>DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab <br/>DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab <br/>DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab <br/>DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab <br/>DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab <br/>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>Notify: igfxcui - igfxdev.dll <br/>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll <br/> <br/>============= SERVICES / DRIVERS =============== <br/> <br/>S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-4 165584] <br/>S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-4 17744] <br/>S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384] <br/>S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-24 54752] <br/>S2 gupdate1c9eea42f70050c;Google Update Service (gupdate1c9eea42f70050c);c:\program files\google\update\GoogleUpdate.exe [2009-6-16 133104] <br/>S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-9-29 583640] <br/>S2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\smiley~2\bar\1.bin\1wbarsvc.exe [2010-10-23 28766] <br/>S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384] <br/>S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-4 40384] <br/>S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] <br/>S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-5-21 87936] <br/>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-21 38224] <br/>S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] <br/>S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904] <br/>SUnknown MyWebSearchService;MyWebSearchService; [x] <br/> <br/>=============== Created Last 30 ================ <br/> <br/>2010-11-21 18:17:49 54016 ----a-w- c:\windows\system32\drivers\vywfx.sys <br/>2010-11-21 17:47:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-11-21 17:47:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-11-21 17:39:02 -------- d-----w- c:\program files\CCleaner <br/>2010-11-14 11:57:18 -------- d-----w- c:\docume~1\user\locals~1\applic~1\ConduitEngine <br/>2010-11-14 11:57:06 0 ----a-w- c:\windows\system32\ConduitEngine.tmp <br/>2010-11-14 11:57:06 -------- d-----w- c:\program files\ConduitEngine <br/>2010-11-07 14:28:54 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Amazon <br/>2010-11-07 14:28:38 -------- d-----w- c:\program files\Amazon <br/>2010-11-06 11:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll <br/>2010-10-29 22:18:49 73728 ----a-w- c:\windows\system32\javacpl.cpl <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll <br/>2010-10-29 22:16:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll <br/>2010-10-23 13:15:05 -------- d-----w- c:\program files\SmileyCentralIE_1w <br/>2010-10-23 13:14:43 -------- d-----w- c:\program files\SmileyCentral_1vEI <br/> <br/>==================== Find3M ==================== <br/> <br/>2010-10-29 22:18:19 472808 ----a-w- c:\windows\system32\deployJava1.dll <br/>2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll <br/>2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll <br/>2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll <br/>2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll <br/>2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll <br/>2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr <br/>2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll <br/>2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys <br/>2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll <br/>2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll <br/>2010-04-02 08:41:39 716320 ----a-w- c:\program files\PSISetup.exe <br/> <br/>============= FINISH: 18:21:08.39 =============== <br/> <br/> <br/> <br/> <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/> <br/>DDS (Ver_10-11-10.01) <br/> <br/>Microsoft Windows XP Professional <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 21/05/2008 08:36:29 <br/>System Uptime: 21/11/2010 17:27:43 (1 hours ago) <br/> <br/>Motherboard: Dell Inc. | | <br/>Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz <br/> <br/>==== Disk Partitions ========================= <br/> <br/>C: is FIXED (NTFS) - 37 GiB total, 20.014 GiB free. <br/> <br/>==== Disabled Device Manager Items ============= <br/> <br/>==== System Restore Points =================== <br/> <br/>RP362: 20/10/2010 15:35:26 - System Checkpoint <br/>RP363: 21/10/2010 17:53:39 - System Checkpoint <br/>RP364: 22/10/2010 20:22:47 - System Checkpoint <br/>RP365: 23/10/2010 20:25:42 - System Checkpoint <br/>RP366: 24/10/2010 23:56:02 - System Checkpoint <br/>RP367: 26/10/2010 00:54:17 - System Checkpoint <br/>RP368: 29/10/2010 20:13:58 - System Checkpoint <br/>RP369: 29/10/2010 23:14:15 - Installed QuickTime <br/>RP370: 29/10/2010 23:17:24 - Removed Java(TM) 6 Update 20 <br/>RP371: 29/10/2010 23:18:07 - Installed Java(TM) 6 Update 22 <br/>RP372: 31/10/2010 01:52:49 - System Checkpoint <br/>RP373: 01/11/2010 01:20:46 - System Checkpoint <br/>RP374: 02/11/2010 19:26:23 - System Checkpoint <br/>RP375: 04/11/2010 17:24:47 - System Checkpoint <br/>RP376: 05/11/2010 17:46:25 - System Checkpoint <br/>RP377: 06/11/2010 21:23:04 - System Checkpoint <br/>RP378: 08/11/2010 18:46:54 - System Checkpoint <br/>RP379: 10/11/2010 16:55:01 - System Checkpoint <br/>RP380: 11/11/2010 09:05:32 - Software Distribution Service 3.0 <br/>RP381: 12/11/2010 18:30:12 - System Checkpoint <br/>RP382: 15/11/2010 07:53:48 - System Checkpoint <br/>RP383: 17/11/2010 15:42:21 - System Checkpoint <br/> <br/>==== Installed Programs ====================== <br/> <br/>Adobe AIR <br/>Adobe Flash Player 10 ActiveX <br/>Adobe Reader 9.4.1 <br/>Adobe Shockwave Player 11.5 <br/>ALOT Toolbar <br/>Amazon Kindle For PC v1.1 <br/>Apple Application Support <br/>Apple Software Update <br/>avast! Free Antivirus <br/>BAMZOOKi v3.1 (build 115.158) <br/>C-Major Audio <br/>CANYON CN-WCAM23 PC-Camera <br/>CCleaner <br/>Classic Sudoku (remove only) <br/>Conexant D110 MDC V.92 Modem <br/>Critical Update for Windows Media Player 11 (KB959772) <br/>Desktop Owl <br/>DVD Shrink 3.2 <br/>DVDFab 7.0.4.0 (15/04/2010) <br/>DVDVideoSoftTB Toolbar <br/>Free Studio version 4.8 <br/>Free YouTube to MP3 Converter version 3.2 <br/>Google Toolbar for Internet Explorer <br/>Google Update Helper <br/>Highlight Viewer (Windows Live Toolbar) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) <br/>Hotfix for Windows Media Format 11 SDK (KB929399) <br/>Hotfix for Windows Media Player 11 (KB939683) <br/>Hotfix for Windows XP (KB2158563) <br/>Hotfix for Windows XP (KB952287) <br/>Hotfix for Windows XP (KB954550-v5) <br/>Hotfix for Windows XP (KB954708) <br/>Hotfix for Windows XP (KB961118) <br/>Hotfix for Windows XP (KB970653-v3) <br/>Hotfix for Windows XP (KB976002-v5) <br/>Hotfix for Windows XP (KB976098-v2) <br/>Hotfix for Windows XP (KB979306) <br/>Hotfix for Windows XP (KB981793) <br/>Intel(R) Graphics Media Accelerator Driver for Mobile <br/>Java Auto Updater <br/>Java(TM) 6 Update 22 <br/>Junk Mail filter update <br/>LightScribe 1.4.136.1 <br/>Malwarebytes' Anti-Malware <br/>Map Button (Windows Live Toolbar) <br/>McAfee Security Scan Plus <br/>Microsoft .NET Framework 2.0 Service Pack 2 <br/>Microsoft .NET Framework 3.0 Service Pack 2 <br/>Microsoft .NET Framework 3.5 SP1 <br/>Microsoft Application Error Reporting <br/>Microsoft Choice Guard <br/>Microsoft Compression Client Pack 1.0 for Windows XP <br/>Microsoft Internationalized Domain Names Mitigation APIs <br/>Microsoft National Language Support Downlevel APIs <br/>Microsoft Search Enhancement Pack <br/>Microsoft SQL Server 2005 Compact Edition [ENU] <br/>Microsoft Sync Framework Runtime Native v1.0 (x86) <br/>Microsoft Sync Framework Services Native v1.0 (x86) <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0 <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 <br/>Microsoft Windows Journal Viewer <br/>MS Access 97 SP2 <br/>MSN Toolbar <br/>MSVCRT <br/>Norton Security Scan <br/>NVIDIA PhysX <br/>Online_Games_Bar Toolbar <br/>Photodex Presenter <br/>PowerDVD <br/>QuickTime <br/>RealPlayer <br/>RealUpgrade 1.0 <br/>Registry Mechanic 10.0 <br/>Secunia PSI <br/>Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) <br/>Security Update for Windows Internet Explorer 7 (KB938127-v2) <br/>Security Update for Windows Internet Explorer 7 (KB938127) <br/>Security Update for Windows Internet Explorer 7 (KB956390) <br/>Security Update for Windows Internet Explorer 7 (KB958215) <br/>Security Update for Windows Internet Explorer 7 (KB960714) <br/>Security Update for Windows Internet Explorer 7 (KB961260) <br/>Security Update for Windows Internet Explorer 7 (KB963027) <br/>Security Update for Windows Internet Explorer 8 (KB2183461) <br/>Security Update for Windows Internet Explorer 8 (KB2360131) <br/>Security Update for Windows Internet Explorer 8 (KB969897) <br/>Security Update for Windows Internet Explorer 8 (KB971961) <br/>Security Update for Windows Internet Explorer 8 (KB972260) <br/>Security Update for Windows Internet Explorer 8 (KB974455) <br/>Security Update for Windows Internet Explorer 8 (KB976325) <br/>Security Update for Windows Internet Explorer 8 (KB978207) <br/>Security Update for Windows Internet Explorer 8 (KB981332) <br/>Security Update for Windows Internet Explorer 8 (KB982381) <br/>Security Update for Windows Media Player (KB2378111) <br/>Security Update for Windows Media Player (KB952069) <br/>Security Update for Windows Media Player (KB954155) <br/>Security Update for Windows Media Player (KB968816) <br/>Security Update for Windows Media Player (KB973540) <br/>Security Update for Windows Media Player (KB975558) <br/>Security Update for Windows Media Player (KB978695) <br/>Security Update for Windows Media Player 11 (KB936782) <br/>Security Update for Windows Media Player 11 (KB954154) <br/>Security Update for Windows XP (KB2079403) <br/>Security Update for Windows XP (KB2115168) <br/>Security Update for Windows XP (KB2121546) <br/>Security Update for Windows XP (KB2160329) <br/>Security Update for Windows XP (KB2229593) <br/>Security Update for Windows XP (KB2259922) <br/>Security Update for Windows XP (KB2279986) <br/>Security Update for Windows XP (KB2286198) <br/>Security Update for Windows XP (KB2296011) <br/>Security Update for Windows XP (KB2347290) <br/>Security Update for Windows XP (KB2360937) <br/>Security Update for Windows XP (KB2387149) <br/>Security Update for Windows XP (KB923561) <br/>Security Update for Windows XP (KB938464-v2) <br/>Security Update for Windows XP (KB938464) <br/>Security Update for Windows XP (KB941569) <br/>Security Update for Windows XP (KB946648) <br/>Security Update for Windows XP (KB950762) <br/>Security Update for Windows XP (KB950974) <br/>Security Update for Windows XP (KB951066) <br/>Security Update for Windows XP (KB951376-v2) <br/>Security Update for Windows XP (KB951698) <br/>Security Update for Windows XP (KB951748) <br/>Security Update for Windows XP (KB952004) <br/>Security Update for Windows XP (KB952954) <br/>Security Update for Windows XP (KB954211) <br/>Security Update for Windows XP (KB954459) <br/>Security Update for Windows XP (KB954600) <br/>Security Update for Windows XP (KB955069) <br/>Security Update for Windows XP (KB956391) <br/>Security Update for Windows XP (KB956572) <br/>Security Update for Windows XP (KB956744) <br/>Security Update for Windows XP (KB956802) <br/>Security Update for Windows XP (KB956803) <br/>Security Update for Windows XP (KB956841) <br/>Security Update for Windows XP (KB956844) <br/>Security Update for Windows XP (KB957095) <br/>Security Update for Windows XP (KB957097) <br/>Security Update for Windows XP (KB958215) <br/>Security Update for Windows XP (KB958644) <br/>Security Update for Windows XP (KB958687) <br/>Security Update for Windows XP (KB958690) <br/>Security Update for Windows XP (KB958869) <br/>Security Update for Windows XP (KB959426) <br/>Security Update for Windows XP (KB960225) <br/>Security Update for Windows XP (KB960714) <br/>Security Update for Windows XP (KB960715) <br/>Security Update for Windows XP (KB960803) <br/>Security Update for Windows XP (KB960859) <br/>Security Update for Windows XP (KB961371) <br/>Security Update for Windows XP (KB961373) <br/>Security Update for Windows XP (KB961501) <br/>Security Update for Windows XP (KB968537) <br/>Security Update for Windows XP (KB969059) <br/>Security Update for Windows XP (KB969898) <br/>Security Update for Windows XP (KB969947) <br/>Security Update for Windows XP (KB970238) <br/>Security Update for Windows XP (KB970430) <br/>Security Update for Windows XP (KB971468) <br/>Security Update for Windows XP (KB971486) <br/>Security Update for Windows XP (KB971557) <br/>Security Update for Windows XP (KB971633) <br/>Security Update for Windows XP (KB971657) <br/>Security Update for Windows XP (KB972270) <br/>Security Update for Windows XP (KB973346) <br/>Security Update for Windows XP (KB973354) <br/>Security Update for Windows XP (KB973507) <br/>Security Update for Windows XP (KB973525) <br/>Security Update for Windows XP (KB973869) <br/>Security Update for Windows XP (KB973904) <br/>Security Update for Windows XP (KB974112) <br/>Security Update for Windows XP (KB974318) <br/>Security Update for Windows XP (KB974392) <br/>Security Update for Windows XP (KB974571) <br/>Security Update for Windows XP (KB975025) <br/>Security Update for Windows XP (KB975467) <br/>Security Update for Windows XP (KB975560) <br/>Security Update for Windows XP (KB975561) <br/>Security Update for Windows XP (KB975562) <br/>Security Update for Windows XP (KB975713) <br/>Security Update for Windows XP (KB977165) <br/>Security Update for Windows XP (KB977816) <br/>Security Update for Windows XP (KB977914) <br/>Security Update for Windows XP (KB978037) <br/>Security Update for Windows XP (KB978251) <br/>Security Update for Windows XP (KB978262) <br/>Security Update for Windows XP (KB978338) <br/>Security Update for Windows XP (KB978542) <br/>Security Update for Windows XP (KB978601) <br/>Security Update for Windows XP (KB978706) <br/>Security Update for Windows XP (KB979309) <br/>Security Update for Windows XP (KB979482) <br/>Security Update for Windows XP (KB979559) <br/>Security Update for Windows XP (KB979683) <br/>Security Update for Windows XP (KB979687) <br/>Security Update for Windows XP (KB980195) <br/>Security Update for Windows XP (KB980218) <br/>Security Update for Windows XP (KB980232) <br/>Security Update for Windows XP (KB980436) <br/>Security Update for Windows XP (KB981322) <br/>Security Update for Windows XP (KB981852) <br/>Security Update for Windows XP (KB981957) <br/>Security Update for Windows XP (KB981997) <br/>Security Update for Windows XP (KB982132) <br/>Security Update for Windows XP (KB982214) <br/>Security Update for Windows XP (KB982665) <br/>Security Update for Windows XP (KB982802) <br/>Segoe UI <br/>Smart Menus (Windows Live Toolbar) <br/>SmileyCentral <br/>Solitaire Master 3 <br/>SweetIM for Messenger 3.2 <br/>SweetIM Toolbar for Internet Explorer 3.9 <br/>Uninstall 1.0.0.1 <br/>Update for Microsoft .NET Framework 3.5 SP1 (KB963707) <br/>Update for Windows Internet Explorer 8 (KB968220) <br/>Update for Windows Internet Explorer 8 (KB976662) <br/>Update for Windows Internet Explorer 8 (KB976749) <br/>Update for Windows Internet Explorer 8 (KB980182) <br/>Update for Windows XP (KB2141007) <br/>Update for Windows XP (KB2345886) <br/>Update for Windows XP (KB951978) <br/>Update for Windows XP (KB955759) <br/>Update for Windows XP (KB955839) <br/>Update for Windows XP (KB961503) <br/>Update for Windows XP (KB967715) <br/>Update for Windows XP (KB968389) <br/>Update for Windows XP (KB971737) <br/>Update for Windows XP (KB973687) <br/>Update for Windows XP (KB973815) <br/>WebFldrs XP <br/>Windows Genuine Advantage Notifications (KB905474) <br/>Windows Internet Explorer 7 <br/>Windows Internet Explorer 8 <br/>Windows Live Call <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live Family Safety <br/>Windows Live Favorites for Windows Live Toolbar <br/>Windows Live Mail <br/>Windows Live Messenger <br/>Windows Live Photo Gallery <br/>Windows Live Sign-in Assistant <br/>Windows Live Sync <br/>Windows Live Toolbar <br/>Windows Live Toolbar Extension (Windows Live Toolbar) <br/>Windows Live Upload Tool <br/>Windows Live Writer <br/>Windows Media Format 11 runtime <br/>Windows Media Player 11 <br/>Windows XP Service Pack 3 <br/> <br/>==== Event Viewer Messages From Past Week ======== <br/> <br/>21/11/2010 17:29:44, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm <br/>21/11/2010 17:28:41, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>16/11/2010 21:00:56, error: Dhcp [1002] - The IP address lease 10.0.0.102 for the Network Card with network address 0014A5043289 has been denied by the DHCP server 10.0.0.200 (The DHCP Server sent a DHCPNACK message). <br/> <br/>==== End Of File =========================== <br/> <br/> <br/>cheers, banksy.
Posted 11/22/2010 5:05 AM
#90101
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile: <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-bidi-font-family: Tahoma; mso-ansi-language: EN-GB" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Please download combofix:<SPAN style="mso-spacerun: yes"> <SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff>Here</FONT>[/url]<SPAN]<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Save it to Desktop.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>There are details for disabling many programmes: <SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB><FONT color=#0000ff>Here[/color]<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Now, please make sure no other programs are running, close all other windows.<o:p></o:p> <br/> <br/><SPAN style="COLOR: black" lang=EN-GB> <br/>Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. <br/>Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. <br/>It may take a while to complete scanning and this is normal. <br/> <br/>You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. <br/> <br/>Combofix will create a logfile and display it after your computer has rebooted. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB>Usually located in c:\combofix.txt, please post it to your next reply<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-bidi-font-family: 'Times New Roman'; mso-ansi-language: EN; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: AR-SA; mso-bidi-language: AR-SA" lang=EN>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/22/2010 8:54 PM
#90114
User avatar

banksy Advanced member

Date Joined Nov 2016
Total Posts: 50
ComboFix 10-11-22.01 - user 22/11/2010 20:14:56.2.1 - x86 NETWORK <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.800 [GMT 0:00] <br/>Running from: c:\documents and settings\user\My Documents\ComboFix.exe <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\documents and settings\Guest\Application Data\alot <br/>c:\documents and settings\Guest\Application Data\PriceGong <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\1.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\a.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\b.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\c.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\d.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\e.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\f.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\g.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\h.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\i.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\J.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\k.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\l.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\m.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\mru.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\n.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\o.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\p.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\q.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\r.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\s.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\t.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\u.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\v.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\w.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\x.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\y.xml <br/>c:\documents and settings\Guest\Application Data\PriceGong\Data\z.xml <br/>c:\documents and settings\user\Application Data\alot <br/>c:\documents and settings\user\Application Data\alot\BrowserSearch\BrowserSearch.xml <br/>c:\documents and settings\user\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_0\Button_0.xml <br/>c:\documents and settings\user\Application Data\alot\Button_0\Button_0.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_1\Button_1.xml <br/>c:\documents and settings\user\Application Data\alot\Button_1\Button_1.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_2\Button_2.xml <br/>c:\documents and settings\user\Application Data\alot\Button_2\Button_2.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_3\Button_3.xml <br/>c:\documents and settings\user\Application Data\alot\Button_3\Button_3.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_4\Button_4.xml <br/>c:\documents and settings\user\Application Data\alot\Button_4\Button_4.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_5\Button_5.xml <br/>c:\documents and settings\user\Application Data\alot\Button_5\Button_5.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_6\Button_6.xml <br/>c:\documents and settings\user\Application Data\alot\Button_6\Button_6.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_7\Button_7.xml <br/>c:\documents and settings\user\Application Data\alot\Button_7\Button_7.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_8\Button_8.xml <br/>c:\documents and settings\user\Application Data\alot\Button_8\Button_8.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Button_9\Button_9.xml <br/>c:\documents and settings\user\Application Data\alot\Button_9\Button_9.xml.backup <br/>c:\documents and settings\user\Application Data\alot\configurator\configurator.xml <br/>c:\documents and settings\user\Application Data\alot\configurator\configurator.xml.backup <br/>c:\documents and settings\user\Application Data\alot\contextMenu\contextMenu.xml <br/>c:\documents and settings\user\Application Data\alot\contextMenu\contextMenu.xml.backup <br/>c:\documents and settings\user\Application Data\alot\ErrorSearch\ErrorSearch.xml <br/>c:\documents and settings\user\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup <br/>c:\documents and settings\user\Application Data\alot\postInstallLayout\postInstallLayout.xml <br/>c:\documents and settings\user\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup <br/>c:\documents and settings\user\Application Data\alot\products\products.xml <br/>c:\documents and settings\user\Application Data\alot\products\products.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html <br/>c:\documents and settings\user\Application Data\alot\Resources\BrowserSearch\images\favicon.ico <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_0\images\alot_logo_button.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_image_search.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_news_search.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_search_button.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_shop_search.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_videos_search.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_1\images\alot_web_search.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_2\images\alot_configure.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_2\images\alot_configure.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_3\images\4678_icon.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_3\images\4678_icon.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_8\images\4675_icon.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_8\images\4675_icon.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_9\images\4680_icon.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Button_9\images\4680_icon.png <br/>c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_icon.png <br/>c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\domains.dat <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\alot_brand.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\alot_splitter.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\discover.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\intro_popup.png <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\spinner.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_bottom.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_caption.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_close.bmp <br/>c:\documents and settings\user\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp <br/>c:\documents and settings\user\Application Data\alot\SiteMetrics\SiteMetrics.xml <br/>c:\documents and settings\user\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup <br/>c:\documents and settings\user\Application Data\alot\TimerManager\TimerManager.xml <br/>c:\documents and settings\user\Application Data\alot\TimerManager\TimerManager.xml.backup <br/>c:\documents and settings\user\Application Data\alot\toolbar.xml <br/>c:\documents and settings\user\Application Data\alot\toolbar.xml.backup <br/>c:\documents and settings\user\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml <br/>c:\documents and settings\user\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup <br/>c:\documents and settings\user\Application Data\alot\ToolbarSearch\ToolbarSearch.xml <br/>c:\documents and settings\user\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup <br/>c:\documents and settings\user\Application Data\alot\Updater\Updater.xml <br/>c:\documents and settings\user\Application Data\alot\Updater\Updater.xml.backup <br/>c:\documents and settings\user\Application Data\inst.exe <br/>c:\documents and settings\user\Application Data\PriceGong <br/>c:\documents and settings\user\Application Data\PriceGong\Data\1.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\a.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\b.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\c.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\d.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\e.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\f.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\g.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\h.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\i.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\J.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\k.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\l.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\m.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\n.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\o.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\p.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\q.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\r.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\s.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\t.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\u.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\v.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\w.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\x.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\y.xml <br/>c:\documents and settings\user\Application Data\PriceGong\Data\z.xml <br/>c:\documents and settings\user\My Documents\Internet Explorer.lnk <br/>c:\windows\Downloaded Program Files\f3initialsetup1.0.1.4.inf <br/> <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>-------\Legacy_MYWEBSEARCHSERVICE <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2010-11-21 18:22 . 2010-11-21 18:22 -------- d-----w- c:\program files\Trend Micro <br/>2010-11-21 17:47 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2010-11-21 17:47 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2010-11-21 17:39 . 2010-11-21 18:39 -------- d-----w- c:\program files\CCleaner <br/>2010-11-14 16:32 . 2010-11-14 16:32 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\ConduitEngine <br/>2010-11-14 11:57 . 2010-11-14 13:26 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ConduitEngine <br/>2010-11-14 11:57 . 2010-11-14 11:57 -------- d-----w- c:\program files\ConduitEngine <br/>2010-11-14 11:57 . 2010-11-14 11:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp <br/>2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\documents and settings\user\Application Data\Amazon <br/>2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Amazon <br/>2010-11-07 14:28 . 2010-11-07 14:28 -------- d-----w- c:\program files\Amazon <br/>2010-11-06 11:37 . 2010-11-06 11:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll <br/>2010-10-29 22:19 . 2010-10-29 22:19 -------- d-----w- c:\program files\Common Files\Java <br/>2010-10-29 22:18 . 2010-10-29 22:18 73728 ----a-w- c:\windows\system32\javacpl.cpl <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll <br/>2010-10-29 22:16 . 2010-10-29 22:16 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll <br/>2010-10-29 22:15 . 2010-10-29 22:16 -------- d-----w- c:\program files\QuickTime <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2010-10-29 22:18 . 2010-04-26 14:40 472808 ----a-w- c:\windows\system32\deployJava1.dll <br/>2010-09-18 11:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll <br/>2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll <br/>2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll <br/>2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll <br/>2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll <br/>2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll <br/>2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx <br/>2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts <br/>2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll <br/>2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys <br/>2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll <br/>2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys <br/>2010-08-26 12:52 . 2009-04-15 08:49 5120 ----a-w- c:\windows\system32\xpsp4res.dll <br/>2010-04-02 08:41 . 2010-04-02 08:41 716320 ----a-w- c:\program files\PSISetup.exe <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552] <br/>"{339a0dff-d9af-439b-92bc-636220fb3dae}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll" [2010-10-23 53248] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{339a0dff-d9af-439b-92bc-636220fb3dae}] <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] <br/>2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55cde9e7-696c-47c4-8e21-7210b8aeb103}] <br/>2010-10-23 13:15 675840 ----a-w- c:\progra~1\SMILEY~2\bar\1.bin\1wbar.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] <br/>2010-10-18 10:26 3908192 ----a-w- c:\program files\Online_Games_Bar\tbOnl2.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ed22e89-62fa-47ec-bd8d-374d849d436c}] <br/>2010-10-23 13:15 53248 ----a-w- c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] <br/>2010-10-18 10:26 3908192 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD2.dll <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] <br/>2010-06-13 16:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}"= "c:\program files\Online_Games_Bar\tbOnl2.dll" [2010-10-18 3908192] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520] <br/>"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192] <br/>"{d3ca5551-fc2e-4d09-8ece-263607acf9fc}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-10-23 675840] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{5BD40C9F-1248-4A8F-8B23-E7861C1AD7A1}"= "c:\program files\Online_Games_Bar\tbOnl2.dll" [2010-10-18 3908192] <br/>"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520] <br/>"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD2.dll" [2010-10-18 3908192] <br/>"{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-10-23 675840] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{5bd40c9f-1248-4a8f-8b23-e7861c1ad7a1}] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] <br/>[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] <br/>[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 68856] <br/>"HPOwlCluster"="c:\program files\Desktop Owl\skinkers.exe" [2002-11-19 347648] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] <br/>"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] <br/>"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] <br/>"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] <br/>"BigDogPath"="c:\windows\VM_STI.EXE" [2004-08-20 40960] <br/>"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-29 68592] <br/>"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] <br/>"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-26 202256] <br/>"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928] <br/>"SmileyCentralIE_1w Browser Plugin Loader"="c:\progra~1\SMILEY~2\bar\1.bin\1wbrmon.exe" [2010-10-23 20480] <br/>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] <br/>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] <br/>"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] <br/>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] <br/> <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= <br/>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"= <br/>"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\E Games\\Solitaire Master 3\\master.exe"= <br/> <br/>R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [21/05/2008 13:09 87936] <br/>R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 14:05 14904] <br/>S2 gupdate1c9eea42f70050c;Google Update Service (gupdate1c9eea42f70050c);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2009 17:02 133104] <br/>S2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [23/10/2010 13:15 28766] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2010-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] <br/> <br/>2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 17:01] <br/> <br/>2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 17:01] <br/> <br/>2010-11-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1957994488-1958367476-839522115-1003.job <br/>- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] <br/> <br/>2010-11-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1957994488-1958367476-839522115-1003.job <br/>- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.facebook.com/ <br/>uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 <br/>mStart Page = hxxp://home.sweetim.com <br/>uInternet Connection Wizard,ShellNext = iexplore <br/>uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=5EFBB28001CB6E000072ED43&src_id=11649&camp_id=1500&tb_version=2.5.15000.521 <br/>IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx <br/>IE: Free YouTube Download - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm <br/>IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm <br/>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html <br/>IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk <br/>DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) <br/>HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>AddRemove-MS Access 97 SP2 - c:\program files\Microsoft Office\setup\setup.exe <br/> <br/> <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2010-11-22 20:43 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] <br/>"Enabled"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker4" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/> <br/>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(3428) <br/>c:\windows\system32\WININET.dll <br/>c:\progra~1\SMILEY~2\bar\1.bin\1wbrstub.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\webcheck.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\System32\SCardSvr.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\program files\Common Files\LightScribe\LSSrvc.exe <br/>c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\windows\system32\rundll32.exe <br/>c:\windows\system32\igfxsrvc.exe <br/>c:\program files\Secunia\PSI\psi.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2010-11-22 20:47:27 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2010-11-22 20:47 <br/> <br/>Pre-Run: 21,726,339,072 bytes free <br/>Post-Run: 21,810,130,944 bytes free <br/> <br/>- - End Of File - - AE538515B39E32B56CF807CFE4495369 <br/> <br/> <br/>cheers, banksy.
Posted 11/23/2010 4:49 AM
#90119
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Please run: <SPAN style="FONT-FAMILY: Verdana">[color=#222222][3]http://www.superantispyware.com/onlinescan.html[/3][/color]<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB><SPAN style="mso-spacerun: yes"> Follow the instructions on the site. When downloaded, click on – Check for updates – Button.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Configuration and Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>, click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> button. <br/>Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanning Control<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> tab. <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanner Options<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> make sure the following are checked:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Close browsers before scanning <br/>Scan for tracking cookies <br/>Terminate memory threats before quarantining. <br/>Ignore System Restore/Volume Information on ME and XP <br/>Please leave the others unchecked.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>On the main screen, under Scan for Harmful Software click Scan your computer. <br/>On the left check C:\Fixed Drive. <br/>On the right, under Complete Scan, choose Perform Complete Scan. <br/>Click Next to start the scan. Please be patient while it scans your computer. <br/>After the scan is complete a summary box will appear. Click OK. <br/>Make sure everything in the white box has a check next to it, then click Next. <br/>It will quarantine what it found and if it asks if you want to reboot, click <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: red; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>NO.<SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB> <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>When the scan have finished -><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> . Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Statistics/Logs tab<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> . <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Scanner Logs<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> , double-click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>SUPERAntiSpyware Scan Log<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB> . <br/>It will open in your default text editor (such as Notepad/Wordpad).<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Symbol; COLOR: #222222; FONT-SIZE: 10pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB" lang=EN-GB>·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Save the logfile to desktop<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Symbol; COLOR: #222222; FONT-SIZE: 10pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB" lang=EN-GB>·<SPAN style="FONT: 7pt 'Times New Roman'"> <SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Click close and close again to exit the program.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt" lang=EN-GB>Reboot, if needed.<o:p></o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-bidi-font-family: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: AR-SA; mso-bidi-language: AR-SA" lang=EN-GB>Post Superantispyware log in next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/23/2010 10:13 PM
#90125
User avatar

banksy Advanced member

Date Joined Nov 2016
Total Posts: 50
SUPERAntiSpyware Scan Log <br/>http://www.superantispyware.com <br/>Generated 11/23/2010 at 09:56 PM <br/> <br/>Application Version : 4.46.1000 <br/> <br/>Core Rules Database Version : 5907 <br/>Trace Rules Database Version: 3719 <br/> <br/>Scan type : Complete Scan <br/>Total Scan Time : 00:41:46 <br/> <br/>Memory items scanned : 445 <br/>Memory threats detected : 0 <br/>Registry items scanned : 5605 <br/>Registry threats detected : 16 <br/>File items scanned : 39484 <br/>File threats detected : 193 <br/> <br/>Adware.Tracking Cookie <br/> C:\Documents and Settings\user\Cookies\user@www.googleadservices[1].txt <br/> C:\Documents and Settings\user\Cookies\user@imrworldwide[2].txt <br/> C:\Documents and Settings\user\Cookies\user@surveymonkey.122.2o7[1].txt <br/> C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt <br/> C:\Documents and Settings\user\Cookies\user@adecn[1].txt <br/> C:\Documents and Settings\user\Cookies\user@invitemedia[1].txt <br/> C:\Documents and Settings\user\Cookies\user@adbrite[1].txt <br/> C:\Documents and Settings\user\Cookies\user@adviva[1].txt <br/> C:\Documents and Settings\user\Cookies\user@content.yieldmanager[3].txt <br/> C:\Documents and Settings\user\Cookies\user@adtech[1].txt <br/> C:\Documents and Settings\user\Cookies\user@pro-market[1].txt <br/> C:\Documents and Settings\user\Cookies\user@ru4[2].txt <br/> C:\Documents and Settings\user\Cookies\user@apmebf[2].txt <br/> C:\Documents and Settings\user\Cookies\user@yieldmanager[1].txt <br/> C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[2].txt <br/> C:\Documents and Settings\user\Cookies\user@revsci[3].txt <br/> C:\Documents and Settings\user\Cookies\user@ads.raasnet[1].txt <br/> C:\Documents and Settings\user\Cookies\user@content.yieldmanager[1].txt <br/> C:\Documents and Settings\user\Cookies\user@media6degrees[2].txt <br/> C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt <br/> C:\Documents and Settings\user\Cookies\user@atdmt[3].txt <br/> C:\Documents and Settings\user\Cookies\user@collective-media[1].txt <br/> C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt <br/> C:\Documents and Settings\user\Cookies\user@user.lucidmedia[1].txt <br/> C:\Documents and Settings\user\Cookies\user@zedo[1].txt <br/> C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt <br/> C:\Documents and Settings\user\Cookies\user@mediaplex[3].txt <br/> C:\Documents and Settings\user\Cookies\user@specificclick[1].txt <br/> C:\Documents and Settings\user\Cookies\user@advertising[1].txt <br/> cdn4.specificclick.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> gw.callingbanners.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> ia.media-imdb.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> media.mtvnservices.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> s0.2mdn.net [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> secure-us.imrworldwide.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> spe.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\7PBEFZKR ] <br/> C:\Documents and Settings\Guest\Cookies\guest@112.2o7[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@122.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@247realmedia[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[4].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adbrite[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adecn[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adecn[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adinterax[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs.ticketmaster[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ads.pubmatic[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ads.raasnet[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ads.skiddle[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ads.telegraph.co[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adtech[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adtech[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@advertising[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adviva[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adviva[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adxpose[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@adxpose[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@apmebf[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@apmebf[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@at.atwola[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@at.atwola[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@atdmt[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@chitika[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@clickfuse[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@collective-media[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@collective-media[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[4].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[5].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[6].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@content.yieldmanager[7].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@doubleclick[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@doubleclick[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6aekoolajwbo.stats.esomniture[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfkowhcjsgq.stats.esomniture[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfmyupdzkcq.stats.esomniture[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgk4qndjsgp.stats.esomniture[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgk4qndjsgp.stats.esomniture[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjkouhcpclp.stats.esomniture[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wjmyand5gdp.stats.esomniture[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wnkocidzebp.stats.esomniture[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@eas.apm.emediate[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ehg-tfl.hitbox[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@fastclick[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@hitbox[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@in.getclicky[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@indoormedia.co[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@interclick[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@invitemedia[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@kantarmedia[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@liveperson[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@liveperson[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@liveperson[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@lovefilm.db.advertising[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@media.adfrontiers[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@media6degrees[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@mediaforge[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@mediaplex[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@mediaplex[4].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@myonlineaccounts2.abbeynational.co[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@mywebsearch[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@nationalmediamuseum.org[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@newlook.112.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@nextag.co[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@onlineadtracker.co[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@paypal.112.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@premiumtv.122.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@pro-market[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@riverisland.122.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ru4[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@server.iad.liveperson[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@server.lon.liveperson[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@server.lon.liveperson[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@serving-sys[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@serving-sys[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@specificclick[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@statcounter[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@stats.mytraveline[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@stats.paypal[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@statsadv.dadapro[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@steelhousemedia[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tacoda[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@track.adform[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@track.omguk[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tracking.adjug[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tracking.dc-storm[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tradedoubler[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@user.lucidmedia[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@vdwp.solution.weborama[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@videoegg.adbureau[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@virginmediapeople[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@virginmedia[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@w00tpublishers.wootmedia[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@warnerbros.112.2o7[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@weborama[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@ww251.smartadserver[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[10].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[11].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[3].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[4].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[5].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[6].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[7].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[8].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.googleadservices[9].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.nationalmediamuseum.org[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.nationalmediamuseum.org[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www.virginmedia[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@www3.smartadserver[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@yieldmanager[2].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt <br/> C:\Documents and Settings\Guest\Cookies\guest@zedo[3].txt <br/> secure-uk.imrworldwide.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\RTYS9N9M ] <br/> C:\Documents and Settings\user\Cookies\user@apmebf[1].txt <br/> C:\Documents and Settings\user\Cookies\user@atdmt[2].txt <br/> C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt <br/> C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt <br/> C:\Documents and Settings\user\Cookies\user@revsci[1].txt <br/> <br/>Browser Hijacker.Deskbar <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10} <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0 <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0 <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32 <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS <br/> HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR <br/> HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A} <br/> HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid <br/> HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32 <br/> HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib <br/> HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version <br/> HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF} <br/> HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid <br/> HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32 <br/> HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib <br/> HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version <br/> <br/>Adware.MyWebSearch/FunWebProducts <br/> C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSIMG32.DLL <br/> <br/> <br/>cheers, banksy.
Posted 11/25/2010 6:34 AM
#90141
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/15/2010 7:16 PM
#90464
User avatar

banksy Advanced member

Date Joined Nov 2016
Total Posts: 50
sorry about the length of time since my last reply. <br/> <br/>things seem ok :confused:
Posted 12/18/2010 3:40 AM
#90480
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
No problem :smile: <br/> <br/> <br/> <br/> <br/> <br/>[code] <br/>things seem ok <br/> <br/>It doesn´t sound you are absolutely sure ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 9, 2016, 8:28 PM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,969 registered members. Please welcome our newest member, Heisenberg.
There are currently no users on-line.