Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Problem removing MyWebSearch Leftovers

  1. #1
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default Problem removing MyWebSearch Leftovers

    I am having a problem removing what is left at MyWebSearch screen saver at
    start up.

    I've done an uninstall and removed the folders and when I do a search with Spybot and also Super Anti-Spyware it removes registration entries and also other leftover files.

    But every time that I restart the computer I get an error message box that says the following:

    RunDLL (The title of the box the message is in)

    Error Loading

    C:\PROGRA~1\MYWEBS~1\bar\M3PLUGIN.DLL
    The specified module could not be found.

    The program is not there but SOMETHING at start up is putting the registry entries back along with some other files.

    Anyone got any idea what is going on and what I need to remove to kill this malware totally?

    Thanks

    Al

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default Sorry did not work.



    Well it didn't work. The start up error is still there. I also ran Spybot after and it removed the same entries that it always finds and removes, (3 PUPS I believe). Also ran Super Spyware and it also removes some My Websearch entries. So there is still something there that puts all this crap back onto the system every time I reboot after using all the spy and maiware programs. The most useless one by the way is Webroot Spysweeper. It has not found anything in well over a year while all the other ones find different things. I'm thinking of of not renewing that one. Too bad there is not one program that will find everything.

    Let me see if I can attach the log. If not will cut and paste it in a new message.

    Al


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Alan at 21:22:48.85 on Thu 12/23/2010
    Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1334 [GMT -5:00]

    AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\brsvc01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\brss01a.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    c:\appl\fp\fplmservice.exe
    c:\hp\HPEZBTN\HPBtnSrv.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Spybot\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\DynDNS Updater\DynDNS.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\QUICKENW\qagent.exe
    C:\Program Files\Saitek\Software\Profiler.exe
    C:\Program Files\Saitek\Software\SaiSmart.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Windows\system32\mrtMngr.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe
    C:\Internet Download Manager\IDMan.exe
    C:\Weatherbug\WeatherBug\Weather.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Spybot\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\BOINC\boincmgr.exe
    C:\BOINC\boinc.exe
    C:\PROGRA~1\Webshots\315~1.761\webshots.scr
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\hp\kbd\kbd.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\mobsync.exe
    C:\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    E:\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://connecticut.cox.net/cci/home
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\internet download manager\IDMIECC.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - C:\wsbho2k0.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
    TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
    uRun: [PlaxoUpdate] "c:\users\alan\appdata\local\plaxo\3.24.0.119\PlaxoHelper_en.exe" -a
    uRun: [IDMan] "c:\internet download manager\IDMan.exe" /onboot
    uRun: [Weather] "c:\weatherbug\weatherbug\Weather.exe" 1
    uRun: [SpybotSD TeaTimer] "c:\spybot\TeaTimer.exe"
    uRun: [PlaxoSysTray] "c:\users\alan\appdata\local\plaxo\3.24.0.119\PlaxoSysTray.exe"
    uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
    uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    uRunOnce: [<NO NAME>] "c:\program files\internet explorer\iexplore.exe" http://www.symantec.com/techsupp/ser...000d4.00000264
    mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
    mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
    mRun: [QAGENT] "c:\program files\quickenw\QAGENT.EXE"
    mRun: [Profiler] "c:\program files\saitek\software\Profiler.exe"
    mRun: [SaiSmart] "c:\program files\saitek\software\SaiSmart.exe"
    mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\freeagentlauncher.exe" c:\program files\seagate\systemtray\StxMenuMgr.exe
    mRun: [<NO NAME>]
    mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
    mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Launcher] "%WINDIR%\SMINST\launcher.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /install /silent
    dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\boincm~1.lnk - c:\boinc\boincmgr.exe
    StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
    StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Webshots Photo Search - c:\program files\webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
    IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot\SDHelper.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: turbotax.com
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SecurityProviders: schannel.dll, credssp.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\cg1os9tz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
    FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\alan\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
    FF - plugin: c:\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\mozilla firefox\plugins\NPMGWRAP.DLL
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.21115.0.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\alan\appdata\roaming\idm\idmmzcc3

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-1-27 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-1-27 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-1-27 482432]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101222.001\IDSvix86.sys [2010-12-22 353912]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67656]
    R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-5-15 20480]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-3 172032]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-17 43912]
    R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
    R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2008-1-24 282694]
    R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-14 198240]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-12-9 84208]
    R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-1-7 34712]
    R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-27 117640]
    R2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2008-2-19 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-5-8 1201640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-20 102448]
    R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-1-27 48688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\google\update\GoogleUpdate.exe [2009-5-24 133104]
    S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-10 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-12-24 02:22:21 54016 ----a-w- c:\windows\system32\drivers\dewkpqwx.sys
    2010-12-24 02:13:24 -------- d-----w- c:\users\alan\appdata\roaming\Malwarebytes
    2010-12-24 02:13:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-24 02:13:17 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-24 02:13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-24 02:13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-24 02:01:36 -------- d-----w- c:\users\alan\appdata\roaming\Sammsoft
    2010-12-24 02:00:54 -------- d-----w- c:\program files\MemTurbo 4
    2010-12-24 02:00:08 -------- d-----w- c:\program files\Advanced Registry Optimizer
    2010-12-09 08:02:21 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    ==================== Find3M ====================

    2010-10-03 15:18:38 286720 ----a-w- c:\windows\iun507.exe
    2010-09-29 19:31:28 210272 ----a-w- c:\windows\system32\idmmbc.dll

    ============= FINISH: 21:24:27.58 ===============
    Last edited by ken545; 2010-12-26 at 01:18.

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I see many entries left from MyWebSearch, run this program , it should remove them.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default Sorry still no joy

    Nothing, still the same. Guess this one is buried real deep some where.

    Wish that I could paste that box in that I get a start up. Here's the log from Combofix.





    Quote Originally Posted by ken545 View Post
    Hi,

    I see many entries left from MyWebSearch, run this program , it should remove them.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

  6. #6
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default

    Well now I need help removing The ComboFix folder. I was able to delete most of the files in the Qoobox folder, but there is one folder that is called BakEnv that I can not access or delete. I don't like to keep these programs if there are not there for a purpose and this was just for the purpose of removal of the MyWeb Search junk.

    Can you tell me how to remove the Qoobox folder without having to install another program on my computer?

    Al


    Quote Originally Posted by Al N1API View Post
    Nothing, still the same. Guess this one is buried real deep some where.

    Wish that I could paste that box in that I get a start up. Here's the log from Combofix.

    ComboFix 10-12-24.01 - Alan 12/25/2010 11:49:59.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1696 [GMT -5:00]
    Running from: e:\desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    c:\windows\system32\jusched.exe
    L:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
    .

    2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
    2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
    2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-24 02:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-24 02:13 . 2010-12-24 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-24 02:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 08:02 . 2010-12-09 05:40 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-03 15:18 . 2008-01-09 02:56 286720 ----a-w- c:\windows\iun507.exe
    2010-09-29 19:31 . 2008-05-12 12:56 210272 ----a-w- c:\windows\system32\idmmbc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]

    [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    [HKEY_CLASSES_ROOT\agihelper.AGUtils]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-12-09 05:40 66144 ----a-w- c:\internet download manager\IDMShellExt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "PlaxoUpdate"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
    "IDMan"="c:\internet download manager\IDMan.exe" [2010-12-09 3253656]
    "Weather"="c:\weatherbug\WeatherBug\Weather.exe" [2007-08-29 1347584]
    "SpybotSD TeaTimer"="c:\spybot\TeaTimer.exe" [2009-03-05 2260480]
    "PlaxoSysTray"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
    "RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
    "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552]
    "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016]
    "StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]

    c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BOINC Manager.lnk - c:\boinc\boincmgr.exe [2007-11-13 4141056]
    Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-5-15 157088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-05 11:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders schannel.dll, credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2006-12-14 282694]
    R2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
    R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-31 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-09-26 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-09-26 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-09-26 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101224.001\IDSvix86.sys [2010-11-09 353912]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-31 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
    S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [2010-03-18 20480]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-03 172032]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-17 43912]
    S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 84208]
    S2 mrtRate;mrtRate; [x]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-09-26 117640]
    S2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
    S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-11-23 1201640]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-18 102448]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1443584]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-09-26 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]

    2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]

    2010-12-21 c:\windows\Tasks\HPCeeScheduleForAlan.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-14 23:55]

    2010-12-19 c:\windows\Tasks\wrSpySweeper_L99B22F575894403A956FC03491AA452A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-09 20:19]

    2010-12-19 c:\windows\Tasks\wrSpySweeper_L99B22F575894403A956FC03491AA452A.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-09 20:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://connecticut.cox.net/cci/home
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
    IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\cg1os9tz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
    FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Alan\AppData\Roaming\IDM\idmmzcc3
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-25 12:02
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):76,77,22,a5,a9,36,e2,5d,6b,0e,78,d9,6a,dd,16,3b,cc,25,1c,c1,d8,
    98,72,e4,5a,39,1b,19,3a,4f,07,65,8a,00,44,b8,d0,e3,9e,f7,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{f987e60d-f10d-4f1b-9801-3e61a91deb88}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000087
    "Therad"=dword:0000001d
    "MData"=hex(0):62,c6,31,63,c9,f1,31,73,e1,17,38,cf,82,2d,47,6a,08,78,ac,04,64,
    53,f6,e9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-12-25 12:05:54
    ComboFix-quarantined-files.txt 2010-12-25 17:05

    Pre-Run: 205,903,179,776 bytes free
    Post-Run: 205,834,223,616 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
    - - End Of File - - D9DAFA997C846A22A227E6A527A77E7E
    Last edited by ken545; 2010-12-26 at 01:11.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    When where done we will run a tool to remove Combofix and Qoobox, please don't remove anything on your own, what if by mistake Combofix removed a legit entry and we needed to reinstall it ?????????????

    Please copy and paste the reports in in lew of attaching them.

    Lets go over a few things.

    Advanced Registry Optimizer
    Unless your a windows expert you should not be using any registry cleaners, remove the wrong entries or entry and you could severely damage your system making it unbootable. You will see no difference in system performance by running this cleaner. I strongly suggest you remove it via add remove programs in the control panel.



    Ask.com Toolbar

    * It promotes its toolbars on sites targeted at kids.
    * It promotes its toolbars through ads that appear to be part of other companies' sites.
    * It promotes its toolbars through other companies' spyware.
    * It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
    * It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
    * It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.

    This program has no uninstall, if you want to remove it let me know.






    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::


    Code:
    DDS::
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default Nope - As I feared still no good



    I'm begining to think that I am going to have to live with this one for the rest of my life. It looks like all the spyware programs are finding all the different entries put back my the MYWeb Seach malware program but are not finding the root cause, the program or entry in the AutoBat or ConfigSys, or maybe installed program that puts the entries back on start up. We keep removing them, including the registry files, files in Firefox or IE, (which I do not use), DLLs, PUPS or what ever but the source program is never found. I just wonder if anyone has ever taken the MyWeb Search program apart, (reverse engineered), to find out where they hid all the parts of the program in the computer. Doesn't it have to be .COM or .EXE file that runs on startup to put all this stuff back? It wants to start the MyWeb Search program on start up but because the program folder has been completely removed the program is not going to start so the pop up box comes up saying the DLL is missing, but that program which is running is still putting entries back onto the system.

    Like I said, (and to review), Webroot Spy Sweeper runs automatically every Sunday evening and has found NOTHING in well over a year and I'm considering not renewing this and removing the program. SpyBot seems to find most if not all the entries Malwarebytes and ComboFix find, and Super Anti Virus finds them also. They get removed but all come back again at start up. By the way both Spybot and Super Anti Virus along with CCleaner and Defragger are all recommended by the place that does the actual physical repair on my systems and they use them when ever they take a machine in for work. They tell me that there is no one program that can remove all malware and spy ware and that is why they use a number of programs to scan a system.

    Here is the latest log:

    ComboFix 10-12-25.03 - Alan 12/26/2010 10:31:29.2.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1518 [GMT -5:00]
    Running from: e:\desktop\ComboFix.exe
    Command switches used :: e:\desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    L:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))
    .

    2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
    2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-25 20:45 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-12-25 20:45 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-12-25 20:45 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-12-25 20:44 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-12-25 20:44 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-12-25 20:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-12-25 20:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-12-25 20:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-12-25 20:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-12-25 20:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-12-25 20:43 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-25 20:43 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-12-25 20:42 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-25 20:42 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-25 20:42 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-12-25 20:42 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-12-25 20:42 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-12-25 20:41 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
    2010-12-25 20:40 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-25 20:38 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
    2010-12-25 20:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-12-25 20:38 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
    2010-12-25 20:38 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-12-25 20:38 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-25 20:36 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-12-25 20:36 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-12-25 20:34 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-12-25 20:34 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2010-12-25 20:34 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-12-25 20:34 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-12-25 20:34 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-25 20:34 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
    2010-12-25 20:34 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-25 20:34 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-12-25 20:34 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-12-25 20:34 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
    2010-12-25 20:34 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-12-25 20:33 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
    2010-12-25 20:33 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
    2010-12-25 20:33 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-25 20:33 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-25 20:33 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-25 20:33 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-25 20:33 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-25 20:33 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-25 20:32 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2010-12-25 20:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
    2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-24 02:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-24 02:13 . 2010-12-24 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-24 02:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-09 08:02 . 2010-12-09 05:40 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-27 08:59 . 2010-10-27 08:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-10-27 08:08 . 2010-10-27 08:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
    2010-10-27 07:55 . 2010-10-27 07:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-10-27 07:55 . 2010-10-27 07:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
    2010-10-27 07:52 . 2002-01-02 02:23 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-10-27 07:51 . 2009-11-03 23:25 393216 ----a-w- c:\windows\system32\atieclxx.exe
    2010-10-27 07:51 . 2009-11-03 23:25 176128 ----a-w- c:\windows\system32\atiesrxx.exe
    2010-10-27 07:50 . 2009-11-03 23:27 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-10-27 07:50 . 2009-11-03 23:27 356352 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-10-27 07:49 . 2010-10-27 07:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-10-27 07:49 . 2010-10-27 07:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
    2010-10-27 07:49 . 2010-10-27 07:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-10-27 07:46 . 2010-10-27 07:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
    2010-10-27 07:35 . 2010-10-27 07:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2010-10-27 07:35 . 2010-10-27 07:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2010-10-27 07:33 . 2010-10-27 07:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
    2010-10-27 07:28 . 2009-11-03 23:27 4094464 ----a-w- c:\windows\system32\atiumdag.dll
    2010-10-27 07:14 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
    2010-10-27 07:14 . 2009-11-03 23:24 249856 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-10-27 07:14 . 2010-10-27 07:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2010-10-27 07:14 . 2010-10-27 07:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
    2010-10-27 07:14 . 2010-10-27 07:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2010-10-27 07:13 . 2010-10-27 07:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
    2010-10-27 07:13 . 2010-10-27 07:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
    2010-10-27 07:13 . 2010-10-27 07:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll
    2010-10-27 07:12 . 2010-10-27 07:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-10-27 06:50 . 2009-11-03 23:27 3460096 ----a-w- c:\windows\system32\atiumdva.dll
    2010-10-27 06:37 . 2010-10-27 06:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
    2010-10-27 06:37 . 2010-10-27 06:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-10-03 15:18 . 2008-01-09 02:56 286720 ----a-w- c:\windows\iun507.exe
    2010-09-29 19:31 . 2008-05-12 12:56 210272 ----a-w- c:\windows\system32\idmmbc.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]

    [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    [HKEY_CLASSES_ROOT\agihelper.AGUtils]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-12-09 05:40 66144 ----a-w- c:\internet download manager\IDMShellExt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "PlaxoUpdate"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
    "IDMan"="c:\internet download manager\IDMan.exe" [2010-12-09 3253656]
    "Weather"="c:\weatherbug\WeatherBug\Weather.exe" [2007-08-29 1347584]
    "SpybotSD TeaTimer"="c:\spybot\TeaTimer.exe" [2009-03-05 2260480]
    "PlaxoSysTray"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
    "RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
    "Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552]
    "SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016]
    "StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
    "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]

    c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BOINC Manager.lnk - c:\boinc\boincmgr.exe [2007-11-13 4141056]
    Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-5-15 157088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-05 11:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders schannel.dll, credssp.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2006-12-14 282694]
    R2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
    R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-31 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-09-26 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-09-26 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-09-26 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101224.001\IDSvix86.sys [2010-11-09 353912]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-31 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
    S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [2010-03-18 20480]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-17 43912]
    S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 84208]
    S2 mrtRate;mrtRate; [x]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-09-26 117640]
    S2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2009-01-26 1153368]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
    S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-11-23 1201640]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-18 102448]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1443584]
    S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-09-26 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]

    2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]

    2010-12-21 c:\windows\Tasks\HPCeeScheduleForAlan.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-14 23:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://connecticut.cox.net/cci/home
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
    IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\cg1os9tz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
    FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Alan\AppData\Roaming\IDM\idmmzcc3
    FF - user.js: yahoo.homepage.dontask - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-26 10:43
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):76,77,22,a5,a9,36,e2,5d,6b,0e,78,d9,6a,dd,16,3b,cc,25,1c,c1,d8,
    98,72,e4,5a,39,1b,19,3a,4f,07,65,8a,00,44,b8,d0,e3,9e,f7,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{f987e60d-f10d-4f1b-9801-3e61a91deb88}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000087
    "Therad"=dword:0000001d
    "MData"=hex(0):62,c6,31,63,c9,f1,31,73,e1,17,38,cf,82,2d,47,6a,08,78,ac,04,64,
    53,f6,e9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-12-26 10:46:14
    ComboFix-quarantined-files.txt 2010-12-26 15:46

    Pre-Run: 205,301,223,424 bytes free
    Post-Run: 205,277,777,920 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
    - - End Of File - - 6B8AA11CC26BA8D804B07D73B2ABF7BF







    Quote Originally Posted by ken545 View Post
    When where done we will run a tool to remove Combofix and Qoobox, please don't remove anything on your own, what if by mistake Combofix removed a legit entry and we needed to reinstall it ?????????????

    Please copy and paste the reports in in lew of attaching them.

    Lets go over a few things.

    Advanced Registry Optimizer
    Unless your a windows expert you should not be using any registry cleaners, remove the wrong entries or entry and you could severely damage your system making it unbootable. You will see no difference in system performance by running this cleaner. I strongly suggest you remove it via add remove programs in the control panel.



    Ask.com Toolbar

    * It promotes its toolbars on sites targeted at kids.
    * It promotes its toolbars through ads that appear to be part of other companies' sites.
    * It promotes its toolbars through other companies' spyware.
    * It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
    * It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
    * It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.

    This program has no uninstall, if you want to remove it let me know.






    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::


    Code:
    DDS::
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I'm begining to think that I am going to have to live with this one for the rest of my life.
    Not really, we will find it.

    Run this scanner


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Dec 2010
    Posts
    8

    Default Here is OTL.TXT

    [I highlighted the line in red. It is similar to the error message that I get at start up]


    OTL logfile created on: 12/26/2010 2:06:37 PM - Run 1
    OTL by OldTimer - Version 3.2.18.0 Folder = E:\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.99 Gb Total Space | 191.26 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
    Drive D: | 9.10 Gb Total Space | 0.88 Gb Free Space | 9.62% Space Free | Partition Type: NTFS
    Drive E: | 298.09 Gb Total Space | 215.75 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
    Drive F: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive L: | 465.76 Gb Total Space | 185.87 Gb Free Space | 39.91% Space Free | Partition Type: NTFS
    Drive W: | 76.69 Gb Total Space | 68.24 Gb Free Space | 88.99% Space Free | Partition Type: NTFS
    Drive X: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
    Drive Y: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
    Drive Z: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT

    Computer Name: N1API-MAIN | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - E:\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
    PRC - C:\Windows\System32\atieclxx.exe (AMD)
    PRC - C:\Windows\System32\atiesrxx.exe (AMD)
    PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
    PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
    PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)
    PRC - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
    PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Webshots\3.1.5.7617\Webshots.scr (Webshots.com)
    PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
    PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
    PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
    PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.exe (Webroot Software, Inc. (www.webroot.com))
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
    PRC - C:\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe (Space Sciences Laboratory)
    PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
    PRC - C:\BOINC\boinc.exe (Space Sciences Laboratory)
    PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
    PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
    PRC - C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
    PRC - c:\Appl\fp\fplmservice.exe ()
    PRC - C:\DynDNS Updater\DynDNS.exe (Kana Solution)
    PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd)
    PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
    PRC - C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
    PRC - C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
    PRC - C:\Program Files\QUICKENW\qagent.exe ()
    PRC - C:\Windows\System32\mrtMngr.exe (Marimba Inc.)


    ========== Modules (SafeList) ==========

    MOD - E:\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Internet Download Manager\idmmkb.dll (Tonec Inc.)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
    MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plx_hook.dll (Plaxo, Inc.)
    MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCR90.dll (Microsoft Corporation)
    MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCP90.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
    SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
    SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
    SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
    SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
    SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
    SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
    SRV - (fplm_service) -- c:\appl\fp\fplmservice.exe ()
    SRV - (DynDNS_Updater_Service) -- C:\DynDNS Updater\DynDNS.exe (Kana Solution)
    SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
    SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
    SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
    SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
    SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
    SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
    SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
    SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
    DRV - (catchme) -- C:\Users\Alan\AppData\Local\Temp\catchme.sys File not found
    DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101225.007\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101225.007\NAVENG.SYS (Symantec Corporation)
    DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101224.001\IDSvix86.sys (Symantec Corporation)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
    DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
    DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
    DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
    DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
    DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
    DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
    DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
    DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
    DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
    DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
    DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
    DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
    DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
    DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
    DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
    DRV - (SaiNtHid) -- C:\Windows\System32\drivers\SaiNtHid.sys (Saitek)
    DRV - (SaiClass) -- C:\Windows\System32\drivers\SaiNtBus.sys (Saitek)
    DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
    DRV - (mrtRate) -- C:\Windows\System32\drivers\MrtRate.sys (Marimba, Inc.)
    DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://connecticut.cox.net/cci/home"
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..keyword.URL: "http://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:58:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2010/12/11 15:56:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2010/12/11 15:56:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Mozilla Thunderbird\components [2010/12/10 05:02:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Mozilla Thunderbird\plugins
    FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: E:\Netscape\Components [2010/12/07 04:31:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: E:\Netscape\Plugins [2010/12/07 04:31:27 | 000,000,000 | ---D | M]

    [2010/09/22 04:17:45 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions
    [2010/09/22 04:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/12/26 09:05:36 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions
    [2010/07/24 18:16:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/05/08 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\toolbar@ask.com

    O1 HOSTS File: ([2010/10/03 20:11:06 | 000,000,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
    O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
    O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
    O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe (Seagate Technology, LLC)
    O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [IDMan] C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
    O4 - HKCU..\Run: [PlaxoSysTray] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe (Plaxo, Inc.)
    O4 - HKCU..\Run: [PlaxoUpdate] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Weather] C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O4 - HKLM..\RunOnce: [Launcher] File not found
    O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
    O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/01/08 23:03:26 | 000,000,088 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2003/05/26 23:45:29 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2008/03/21 17:39:27 | 000,000,000 | ---D | M] - L:\AutoBackup -- [ NTFS ]
    O32 - AutoRun File - [2008/02/24 21:59:44 | 000,000,076 | ---- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/11/25 10:18:30 | 000,000,365 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ FAT ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/26 14:04:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
    [2010/12/26 10:46:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/26 10:27:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/25 16:38:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/12/25 15:46:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/12/25 15:46:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/12/25 15:46:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/12/25 15:46:32 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/12/25 15:46:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/12/25 15:46:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/12/25 15:46:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/12/25 15:46:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/12/25 15:46:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/12/25 15:46:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/12/25 15:46:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/12/25 15:46:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/12/25 15:46:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/12/25 15:46:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/12/25 15:46:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/12/25 15:46:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/12/25 15:46:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/12/25 15:45:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
    [2010/12/25 15:45:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2010/12/25 15:45:52 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2010/12/25 15:44:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
    [2010/12/25 15:44:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
    [2010/12/25 15:44:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
    [2010/12/25 15:43:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/12/25 15:42:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/12/25 15:42:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/12/25 15:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/12/25 15:40:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/12/25 15:38:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
    [2010/12/25 15:38:43 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
    [2010/12/25 15:38:35 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
    [2010/12/25 15:38:05 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2010/12/25 15:38:01 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2010/12/25 15:36:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2010/12/25 15:34:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
    [2010/12/25 15:34:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2010/12/25 15:34:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2010/12/25 15:33:26 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2010/12/25 15:33:25 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2010/12/25 15:33:22 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2010/12/25 15:16:27 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2010/12/25 11:45:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/25 11:45:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/25 11:45:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/25 11:45:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/25 11:44:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/23 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
    [2010/12/23 21:13:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/23 21:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/23 21:13:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/23 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/09 03:02:21 | 000,084,208 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/26 14:04:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
    [2010/12/26 14:03:14 | 000,000,987 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    [2010/12/26 13:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/26 13:00:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 13:00:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/26 11:01:12 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/12/26 11:00:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/26 11:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/26 10:22:50 | 003,998,560 | R--- | M] () -- E:\Desktop\ComboFix.exe
    [2010/12/25 16:55:03 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/12/25 16:55:03 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/12/25 16:47:41 | 000,447,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/25 12:36:19 | 000,002,487 | ---- | M] () -- E:\Desktop\Microsoft Word.lnk
    [2010/12/25 09:41:22 | 000,002,489 | ---- | M] () -- E:\Desktop\Microsoft Excel.lnk
    [2010/12/24 09:56:40 | 000,001,108 | ---- | M] () -- C:\Windows\QUICKEN.INI
    [2010/12/23 23:10:17 | 000,005,168 | ---- | M] () -- E:\Documents\cc_20101223_231011.reg
    [2010/12/23 22:11:57 | 000,005,700 | ---- | M] () -- C:\Windows\wininit.ini
    [2010/12/23 14:54:26 | 000,000,519 | ---- | M] () -- C:\Users\Alan\raccalbk.ini
    [2010/12/20 19:27:03 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlan.job
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/18 11:26:56 | 000,002,511 | ---- | M] () -- E:\Desktop\Microsoft Outlook.lnk
    [2010/12/18 10:26:15 | 000,004,096 | -H-- | M] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
    [2010/12/09 00:40:38 | 000,084,208 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
    [2010/11/29 18:30:47 | 000,006,668 | ---- | M] () -- E:\Documents\cc_20101129_183037.reg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/26 10:22:54 | 003,998,560 | R--- | C] () -- E:\Desktop\ComboFix.exe
    [2010/12/25 11:45:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/25 11:45:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/25 11:45:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/25 11:45:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/23 23:10:14 | 000,005,168 | ---- | C] () -- E:\Documents\cc_20101223_231011.reg
    [2010/11/29 18:30:44 | 000,006,668 | ---- | C] () -- E:\Documents\cc_20101129_183037.reg
    [2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
    [2009/10/10 11:46:46 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/10/10 11:46:45 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/10/06 19:33:59 | 000,000,122 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
    [2009/09/19 08:47:07 | 000,004,096 | -H-- | C] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/03/22 22:15:09 | 000,005,700 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/06/30 16:50:50 | 000,000,510 | ---- | C] () -- C:\Windows\wordpad.INI
    [2008/06/18 19:04:35 | 000,000,539 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2008/04/14 03:28:26 | 000,001,356 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
    [2008/03/29 15:44:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
    [2008/02/26 21:11:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008/02/23 10:26:53 | 000,000,046 | ---- | C] () -- C:\Windows\loginput.ini
    [2008/02/23 10:26:43 | 000,003,824 | ---- | C] () -- C:\Windows\System32\drivers\DXSOFTIO.SYS
    [2008/02/22 23:41:53 | 000,002,248 | ---- | C] () -- C:\Windows\DigiPan.INI
    [2008/02/09 19:25:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaiCfg.dll
    [2008/02/09 13:05:46 | 000,000,150 | ---- | C] () -- C:\Windows\BRVIDEO.INI
    [2008/02/09 13:05:46 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI
    [2008/02/09 13:05:46 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
    [2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\bw6050d.ini
    [2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
    [2008/02/09 13:05:31 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
    [2008/02/09 13:05:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL
    [2008/02/09 13:05:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL
    [2008/02/09 13:05:15 | 000,000,451 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2008/02/09 13:05:15 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2008/02/09 13:05:06 | 000,008,634 | ---- | C] () -- C:\Windows\HL-6050D_DN.INI
    [2008/01/13 09:48:22 | 000,005,120 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/01/09 21:01:46 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2008/01/09 18:57:42 | 000,000,067 | ---- | C] () -- C:\Windows\IDMan.INI
    [2008/01/09 05:20:54 | 000,023,909 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
    [2008/01/08 22:02:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\raccd32a.DLL
    [2008/01/08 19:22:45 | 000,000,092 | ---- | C] () -- C:\Users\Alan\AppData\Local\fusioncache.dat
    [2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QFN.ini
    [2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QDQICK.ini
    [2008/01/07 19:34:09 | 000,001,108 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2008/01/07 19:34:09 | 000,000,185 | ---- | C] () -- C:\Windows\intuprof.ini
    [2008/01/06 21:45:37 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/08/14 17:27:20 | 000,000,343 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2007/08/14 17:19:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
    [2007/08/14 17:11:30 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2007/08/14 17:11:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
    [2006/04/01 11:08:25 | 000,026,112 | ---- | C] () -- C:\Windows\System32\HamCal32.DLL
    [2005/12/12 13:18:54 | 000,041,472 | ---- | C] () -- C:\Windows\System32\winkeyVB.dll
    [2003/07/12 03:51:11 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
    [2002/03/04 10:07:44 | 000,064,512 | ---- | C] () -- C:\Windows\System32\QRZ32.dll
    [2001/12/31 23:29:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [1999/04/21 15:53:40 | 000,062,464 | ---- | C] () -- C:\Windows\System32\agwdll32.dll

    ========== LOP Check ==========

    [2009/09/26 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AGI
    [2010/12/25 17:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\BVS Solitaire Collection
    [2010/12/26 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\DMCache
    [2010/12/12 07:15:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\IDM
    [2009/07/05 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\iWin
    [2008/01/31 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Kana Solution
    [2008/10/02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\LimeWire
    [2008/01/06 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MSNInstaller
    [2008/01/09 05:20:54 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PeerNetworking
    [2008/01/05 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Snapfish
    [2009/09/26 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Temp
    [2009/10/06 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
    [2010/09/22 04:17:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Thunderbird
    [2010/12/22 09:55:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TrustedQSL
    [2008/01/14 20:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WeatherBug
    [2008/01/06 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Webshots
    [2010/05/13 04:25:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
    [2008/01/06 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WildTangent
    [2008/01/06 15:07:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinBatch
    [2010/12/26 10:57:26 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •