PDA

View Full Version : Help Please.



Help Me Please!
2010-01-08, 21:30
I have been told that my previous topic was not proper. Therefore I am making a new thread.

Hi, I just joined this forum due to the fact that I am desperately in need of help. My parent's computer seems to have been infected by multiple virus/malware and I am not quite that experienced within these sorts of field. So I have Downloaded Spybot S&D but when the scan finishes... I receive some kind of error notice such as: "unexpected error in fixing problems (cannot create file "C:\windows\system32/drivers\etc\hosts". Access is denied".

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:09:29 PM, on 1/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com (http://www.getantivirusplusnow.com)
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com (http://www.secure-plus-payments.com)
O1 - Hosts: 74.125.45.100 www.getavplusnow.com (http://www.getavplusnow.com)
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com (http://www.securesoftwarebill.com)
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com (http://www.google-analytics.com)
O1 - Hosts: 95.211.99.112 google.ae
O1 - Hosts: 95.211.99.112 google.as
O1 - Hosts: 95.211.99.112 google.at
O1 - Hosts: 95.211.99.112 google.az
O1 - Hosts: 95.211.99.112 google.ba
O1 - Hosts: 95.211.99.112 google.be
O1 - Hosts: 95.211.99.112 google.bg
O1 - Hosts: 95.211.99.112 google.bs
O1 - Hosts: 95.211.99.112 google.ca
O1 - Hosts: 95.211.99.112 google.cd
O1 - Hosts: 95.211.99.112 google.com.gh
O1 - Hosts: 95.211.99.112 google.com.hk
O1 - Hosts: 95.211.99.112 google.com.jm
O1 - Hosts: 95.211.99.112 google.com.mx
O1 - Hosts: 95.211.99.112 google.com.my
O1 - Hosts: 95.211.99.112 google.com.na
O1 - Hosts: 95.211.99.112 google.com.nf
O1 - Hosts: 95.211.99.112 google.com.ng
O1 - Hosts: 95.211.99.112 google.ch
O1 - Hosts: 95.211.99.112 google.com.np
O1 - Hosts: 95.211.99.112 google.com.pr
O1 - Hosts: 95.211.99.112 google.com.qa
O1 - Hosts: 95.211.99.112 google.com.sg
O1 - Hosts: 95.211.99.112 google.com.tj
O1 - Hosts: 95.211.99.112 google.com.tw
O1 - Hosts: 95.211.99.112 google.dj
O1 - Hosts: 95.211.99.112 google.de
O1 - Hosts: 95.211.99.112 google.dk
O1 - Hosts: 95.211.99.112 google.dm
O1 - Hosts: 95.211.99.112 google.ee
O1 - Hosts: 95.211.99.112 google.fi
O1 - Hosts: 95.211.99.112 google.fm
O1 - Hosts: 95.211.99.112 google.fr
O1 - Hosts: 95.211.99.112 google.ge
O1 - Hosts: 95.211.99.112 google.gg
O1 - Hosts: 95.211.99.112 google.gm
O1 - Hosts: 95.211.99.112 google.gr
O1 - Hosts: 95.211.99.112 google.ht
O1 - Hosts: 95.211.99.112 google.ie
O1 - Hosts: 95.211.99.112 google.im
O1 - Hosts: 95.211.99.112 google.in
O1 - Hosts: 95.211.99.112 google.it
O1 - Hosts: 95.211.99.112 google.ki
O1 - Hosts: 95.211.99.112 google.la
O1 - Hosts: 95.211.99.112 google.li
O1 - Hosts: 95.211.99.112 google.lv
O1 - Hosts: 95.211.99.112 google.ma
O1 - Hosts: 95.211.99.112 google.ms
O1 - Hosts: 95.211.99.112 google.mu
O1 - Hosts: 95.211.99.112 google.mw
O1 - Hosts: 95.211.99.112 google.nl
O1 - Hosts: 95.211.99.112 google.no
O1 - Hosts: 95.211.99.112 google.nr
O1 - Hosts: 95.211.99.112 google.nu
O1 - Hosts: 95.211.99.112 google.pl
O1 - Hosts: 95.211.99.112 google.pn
O1 - Hosts: 95.211.99.112 google.pt
O1 - Hosts: 95.211.99.112 google.ro
O1 - Hosts: 95.211.99.112 google.ru
O1 - Hosts: 95.211.99.112 google.rw
O1 - Hosts: 95.211.99.112 google.sc
O1 - Hosts: 95.211.99.112 google.se
O1 - Hosts: 95.211.99.112 google.sh
O1 - Hosts: 95.211.99.112 google.si
O1 - Hosts: 95.211.99.112 google.sm
O1 - Hosts: 95.211.99.112 google.sn
O1 - Hosts: 95.211.99.112 google.st
O1 - Hosts: 95.211.99.112 google.tl
O1 - Hosts: 95.211.99.112 google.tm
O1 - Hosts: 95.211.99.112 google.tt
O1 - Hosts: 95.211.99.112 google.us
O1 - Hosts: 95.211.99.112 google.vu
O1 - Hosts: 95.211.99.112 google.ws
O1 - Hosts: 95.211.99.112 google.co.ck
O1 - Hosts: 95.211.99.112 google.co.id
O1 - Hosts: 95.211.99.112 google.co.il
O1 - Hosts: 95.211.99.112 google.co.in
O1 - Hosts: 95.211.99.112 google.co.jp
O1 - Hosts: 95.211.99.112 google.co.kr
O1 - Hosts: 95.211.99.112 google.co.ls
O1 - Hosts: 95.211.99.112 google.co.ma
O1 - Hosts: 95.211.99.112 google.co.nz
O1 - Hosts: 95.211.99.112 google.co.tz
O1 - Hosts: 95.211.99.112 google.co.ug
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419.3 (KHTML, like Gecko) Safari/419.3
Accept-encode: (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)" -"http://www.miniclip.com/games/badaboom/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} (ReiEngine Class) - http://cdnrep.reimage.com/reix1212.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15306 bytes


Thank you for taking the time to read this.

If someone could help me it would be quite appreciated...

Dakeyras
2010-01-11, 16:30
Hi,

I apologise for the delay, the forum is very busy.

If you still require assistance post a new HijackThis Log please, thank you.

Help Me Please!
2010-01-11, 22:18
Thank you for responding to my post. I am home from college for winter break and I am trying to fix my parents computer before I leave once again.

When I do start the HJT program, something pops up and says the following:

For Some reason you system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\WINDOWS\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HiJackThis, right click on the HiJackThis icon, choose 'Run as administrator'.

And so I click OK, but I am also technologically challenged unfortunately and I do not want to do something that would impair the chance of fixing this computer, and the following pops up:

You have an particularly large amount of hijacked domains. It's probaby better to delete the file itself then to fix each item (and create a backup)

If you see the same IP address in all the reported O1 items, consider deleting your Hosts file, which is located at C:\WINDOWS\System32\drivers\etc\hosts.

Then I click OK once more and the following notepad document pops up:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:16:35 PM, on 1/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 95.211.99.112 google.ae
O1 - Hosts: 95.211.99.112 google.as
O1 - Hosts: 95.211.99.112 google.at
O1 - Hosts: 95.211.99.112 google.az
O1 - Hosts: 95.211.99.112 google.ba
O1 - Hosts: 95.211.99.112 google.be
O1 - Hosts: 95.211.99.112 google.bg
O1 - Hosts: 95.211.99.112 google.bs
O1 - Hosts: 95.211.99.112 google.ca
O1 - Hosts: 95.211.99.112 google.cd
O1 - Hosts: 95.211.99.112 google.com.gh
O1 - Hosts: 95.211.99.112 google.com.hk
O1 - Hosts: 95.211.99.112 google.com.jm
O1 - Hosts: 95.211.99.112 google.com.mx
O1 - Hosts: 95.211.99.112 google.com.my
O1 - Hosts: 95.211.99.112 google.com.na
O1 - Hosts: 95.211.99.112 google.com.nf
O1 - Hosts: 95.211.99.112 google.com.ng
O1 - Hosts: 95.211.99.112 google.ch
O1 - Hosts: 95.211.99.112 google.com.np
O1 - Hosts: 95.211.99.112 google.com.pr
O1 - Hosts: 95.211.99.112 google.com.qa
O1 - Hosts: 95.211.99.112 google.com.sg
O1 - Hosts: 95.211.99.112 google.com.tj
O1 - Hosts: 95.211.99.112 google.com.tw
O1 - Hosts: 95.211.99.112 google.dj
O1 - Hosts: 95.211.99.112 google.de
O1 - Hosts: 95.211.99.112 google.dk
O1 - Hosts: 95.211.99.112 google.dm
O1 - Hosts: 95.211.99.112 google.ee
O1 - Hosts: 95.211.99.112 google.fi
O1 - Hosts: 95.211.99.112 google.fm
O1 - Hosts: 95.211.99.112 google.fr
O1 - Hosts: 95.211.99.112 google.ge
O1 - Hosts: 95.211.99.112 google.gg
O1 - Hosts: 95.211.99.112 google.gm
O1 - Hosts: 95.211.99.112 google.gr
O1 - Hosts: 95.211.99.112 google.ht
O1 - Hosts: 95.211.99.112 google.ie
O1 - Hosts: 95.211.99.112 google.im
O1 - Hosts: 95.211.99.112 google.in
O1 - Hosts: 95.211.99.112 google.it
O1 - Hosts: 95.211.99.112 google.ki
O1 - Hosts: 95.211.99.112 google.la
O1 - Hosts: 95.211.99.112 google.li
O1 - Hosts: 95.211.99.112 google.lv
O1 - Hosts: 95.211.99.112 google.ma
O1 - Hosts: 95.211.99.112 google.ms
O1 - Hosts: 95.211.99.112 google.mu
O1 - Hosts: 95.211.99.112 google.mw
O1 - Hosts: 95.211.99.112 google.nl
O1 - Hosts: 95.211.99.112 google.no
O1 - Hosts: 95.211.99.112 google.nr
O1 - Hosts: 95.211.99.112 google.nu
O1 - Hosts: 95.211.99.112 google.pl
O1 - Hosts: 95.211.99.112 google.pn
O1 - Hosts: 95.211.99.112 google.pt
O1 - Hosts: 95.211.99.112 google.ro
O1 - Hosts: 95.211.99.112 google.ru
O1 - Hosts: 95.211.99.112 google.rw
O1 - Hosts: 95.211.99.112 google.sc
O1 - Hosts: 95.211.99.112 google.se
O1 - Hosts: 95.211.99.112 google.sh
O1 - Hosts: 95.211.99.112 google.si
O1 - Hosts: 95.211.99.112 google.sm
O1 - Hosts: 95.211.99.112 google.sn
O1 - Hosts: 95.211.99.112 google.st
O1 - Hosts: 95.211.99.112 google.tl
O1 - Hosts: 95.211.99.112 google.tm
O1 - Hosts: 95.211.99.112 google.tt
O1 - Hosts: 95.211.99.112 google.us
O1 - Hosts: 95.211.99.112 google.vu
O1 - Hosts: 95.211.99.112 google.ws
O1 - Hosts: 95.211.99.112 google.co.ck
O1 - Hosts: 95.211.99.112 google.co.id
O1 - Hosts: 95.211.99.112 google.co.il
O1 - Hosts: 95.211.99.112 google.co.in
O1 - Hosts: 95.211.99.112 google.co.jp
O1 - Hosts: 95.211.99.112 google.co.kr
O1 - Hosts: 95.211.99.112 google.co.ls
O1 - Hosts: 95.211.99.112 google.co.ma
O1 - Hosts: 95.211.99.112 google.co.nz
O1 - Hosts: 95.211.99.112 google.co.tz
O1 - Hosts: 95.211.99.112 google.co.ug
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419.3 (KHTML, like Gecko) Safari/419.3
Accept-encode: (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)" -"http://www.miniclip.com/games/badaboom/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} (ReiEngine Class) - http://cdnrep.reimage.com/reix1212.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15105 bytes

Dakeyras
2010-01-12, 00:23
Hi. :)


Thank you for responding to my post. I am home from college for winter break and I am trying to fix my parents computer before I leave once again.You're welcome and I will do my up-most to try and remedy your parents computer problems.

Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:

I have a fair few tasks for your good self to complete below, just take your time and all should go well. :bigthumb:

Custom Batch File:

Open Notepad.
Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Go to File >> Save As
Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
Change Save as Type to All Files and save the file to your Desktop.
It should look like this: http://i223.photobucket.com/albums/dd202/Dakeyras_album/Dakeyras.jpg
Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Next:

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with RSIT:

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!

Right-click on RSIT.exe and select Run as Administrator. to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

How is your parents computer performing now, any further symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

Help Me Please!
2010-01-14, 03:12
Malwarebytes' Anti-Malware 1.44
Database version: 3556
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/13/2010 7:04:43 PM
mbam-log-2010-01-13 (19-04-43).txt

Scan type: Quick Scan
Objects scanned: 186043
Time elapsed: 2 hour(s), 27 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Help Me Please!
2010-01-14, 03:13
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-13 19:07:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (23%) free of 57 GB
Total RAM: 767 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:53 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 95.211.99.112 google.ae
O1 - Hosts: 95.211.99.112 google.as
O1 - Hosts: 95.211.99.112 google.at
O1 - Hosts: 95.211.99.112 google.az
O1 - Hosts: 95.211.99.112 google.ba
O1 - Hosts: 95.211.99.112 google.be
O1 - Hosts: 95.211.99.112 google.bg
O1 - Hosts: 95.211.99.112 google.bs
O1 - Hosts: 95.211.99.112 google.ca
O1 - Hosts: 95.211.99.112 google.cd
O1 - Hosts: 95.211.99.112 google.com.gh
O1 - Hosts: 95.211.99.112 google.com.hk
O1 - Hosts: 95.211.99.112 google.com.jm
O1 - Hosts: 95.211.99.112 google.com.mx
O1 - Hosts: 95.211.99.112 google.com.my
O1 - Hosts: 95.211.99.112 google.com.na
O1 - Hosts: 95.211.99.112 google.com.nf
O1 - Hosts: 95.211.99.112 google.com.ng
O1 - Hosts: 95.211.99.112 google.ch
O1 - Hosts: 95.211.99.112 google.com.np
O1 - Hosts: 95.211.99.112 google.com.pr
O1 - Hosts: 95.211.99.112 google.com.qa
O1 - Hosts: 95.211.99.112 google.com.sg
O1 - Hosts: 95.211.99.112 google.com.tj
O1 - Hosts: 95.211.99.112 google.com.tw
O1 - Hosts: 95.211.99.112 google.dj
O1 - Hosts: 95.211.99.112 google.de
O1 - Hosts: 95.211.99.112 google.dk
O1 - Hosts: 95.211.99.112 google.dm
O1 - Hosts: 95.211.99.112 google.ee
O1 - Hosts: 95.211.99.112 google.fi
O1 - Hosts: 95.211.99.112 google.fm
O1 - Hosts: 95.211.99.112 google.fr
O1 - Hosts: 95.211.99.112 google.ge
O1 - Hosts: 95.211.99.112 google.gg
O1 - Hosts: 95.211.99.112 google.gm
O1 - Hosts: 95.211.99.112 google.gr
O1 - Hosts: 95.211.99.112 google.ht
O1 - Hosts: 95.211.99.112 google.ie
O1 - Hosts: 95.211.99.112 google.im
O1 - Hosts: 95.211.99.112 google.in
O1 - Hosts: 95.211.99.112 google.it
O1 - Hosts: 95.211.99.112 google.ki
O1 - Hosts: 95.211.99.112 google.la
O1 - Hosts: 95.211.99.112 google.li
O1 - Hosts: 95.211.99.112 google.lv
O1 - Hosts: 95.211.99.112 google.ma
O1 - Hosts: 95.211.99.112 google.ms
O1 - Hosts: 95.211.99.112 google.mu
O1 - Hosts: 95.211.99.112 google.mw
O1 - Hosts: 95.211.99.112 google.nl
O1 - Hosts: 95.211.99.112 google.no
O1 - Hosts: 95.211.99.112 google.nr
O1 - Hosts: 95.211.99.112 google.nu
O1 - Hosts: 95.211.99.112 google.pl
O1 - Hosts: 95.211.99.112 google.pn
O1 - Hosts: 95.211.99.112 google.pt
O1 - Hosts: 95.211.99.112 google.ro
O1 - Hosts: 95.211.99.112 google.ru
O1 - Hosts: 95.211.99.112 google.rw
O1 - Hosts: 95.211.99.112 google.sc
O1 - Hosts: 95.211.99.112 google.se
O1 - Hosts: 95.211.99.112 google.sh
O1 - Hosts: 95.211.99.112 google.si
O1 - Hosts: 95.211.99.112 google.sm
O1 - Hosts: 95.211.99.112 google.sn
O1 - Hosts: 95.211.99.112 google.st
O1 - Hosts: 95.211.99.112 google.tl
O1 - Hosts: 95.211.99.112 google.tm
O1 - Hosts: 95.211.99.112 google.tt
O1 - Hosts: 95.211.99.112 google.us
O1 - Hosts: 95.211.99.112 google.vu
O1 - Hosts: 95.211.99.112 google.ws
O1 - Hosts: 95.211.99.112 google.co.ck
O1 - Hosts: 95.211.99.112 google.co.id
O1 - Hosts: 95.211.99.112 google.co.il
O1 - Hosts: 95.211.99.112 google.co.in
O1 - Hosts: 95.211.99.112 google.co.jp
O1 - Hosts: 95.211.99.112 google.co.kr
O1 - Hosts: 95.211.99.112 google.co.ls
O1 - Hosts: 95.211.99.112 google.co.ma
O1 - Hosts: 95.211.99.112 google.co.nz
O1 - Hosts: 95.211.99.112 google.co.tz
O1 - Hosts: 95.211.99.112 google.co.ug
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/419.3 (KHTML, like Gecko) Safari/419.3
Accept-encode: (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)" -"http://www.miniclip.com/games/badaboom/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ? ????? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} (ReiEngine Class) - http://cdnrep.reimage.com/reix1212.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown owner - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15030 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (OWNER-BRPY82EID-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-0fsp).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-1).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-abc).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-aejt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ahrew).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-am).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ane).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-aq).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-asi).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-atq).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-aw).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-awgge).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-awq).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-Bb2l).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-bes yahoo).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-cgm).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-cpoe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dffb).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dku).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dmteovero).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dmtz yahoo).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-doi675).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dsp).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dtyk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-du).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-dzn).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-eath).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-edt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-eg).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-egs).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ehj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-eowhite).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-fgh).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-fuyouyf).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-gv).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-gze).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-h).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-haer).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-haet).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-hde).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-hea).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-hereh).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-heta).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-hrwae).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-htae).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-If).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ista).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jdt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jhetd).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jhvjhv).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jrrtj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jrt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jta).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jtes).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jtsea).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jtszr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-jtze).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kelly kim).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-Kelly R Kim).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kelly).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kevinkim).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-klt6).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kr6s).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kry).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ksr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kstu).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-kyt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-lb).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-lf).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-lffy).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-lmzt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ltud).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-lw).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-mb).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-metspam).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-Michelle Kim).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-mjk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-mnb).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-msr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-nbm).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-nd).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-nnnewhite).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-nzdtge).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-p).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-pio).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-plo).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-pmo protection).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-psai).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-qe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-qw).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-qwe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-reg).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rewe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rewg).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rhaew).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rhdx).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rhts).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rjmr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rjtx).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rkjst).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rky).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rsh).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rte).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rtjstj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rwbh).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ryj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ryjs).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ryk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ryrk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ryskj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-rzjt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-sjrs).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-sjrt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-sjtr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-srht).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-srtj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tajter).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tbsza yahoo).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tbtr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-td).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tdn).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-teja).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-th).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjd).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjjrt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjjtr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjn).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjrdjtrd).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjt4).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tjxf).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tlu).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tor).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-trjjtstj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-trjtx).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-trssrtj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-try).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tryu).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tu).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tuld).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ty).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tye).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tyj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tyk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tzhed).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-tzkrj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-u2d).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-u2m).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ubes spam).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ubm).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-umn).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-up2m oo).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-utk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-uty).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-uyt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-vbm).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-vn).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-vte white).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-vuwhite).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-wef).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-wer).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-wqe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-wret).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-wt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-xtyj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ykjyk).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ykr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ykrm).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-yrks).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ytu).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-yul).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-z').job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-z).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zcs).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zdfbz).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zdgmt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zfg).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zher).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zjte).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zjztr).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-znte).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zrhe).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zrjt).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zs).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ztdj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-ztj).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zx).job
C:\WINDOWS\tasks\McAfee.com Update Check (OWNER-BRPY82EID-zxc).job
C:\WINDOWS\tasks\Norton PC Checkup Setup.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{297CA128-8625-40F0-866D-756308C4F29F}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B71AB70B-D1B1-4C62-A30B-C37ED636C629}.job
C:\WINDOWS\tasks\wwyzfblp.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-03 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-24 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll [2004-08-13 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-03 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll [2004-08-13 282624]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
Locked
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-03 256112]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"ALYac"=C:\Program Files\ESTsoft\ALYac\AYUpdate.exe [2009-05-26 79304]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"symPCCheckup"=C:\WINDOWS\system32\Adobe\Shockwave 11\symcheckupstub.exe [2008-08-22 234872]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-03 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE [2008-12-05 460216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0078570d]
C:\WINDOWS\system32\bozuneyi.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
C:\Program Files\ESTsoft\ALYac\AYUpdate.exe [2009-05-26 79304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM034b6491]
c:\windows\system32\jobavito.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imekrmig]
C:\IME\IMKR\imekrmig.exe [2001-01-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-09-03 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-03-07 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2005-03-07 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-05-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NVMCTRAY.DLL [2003-10-06 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReimageAgent]
C:\Program Files\Reimage\rei_agent.exe [2008-12-29 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2008-02-06 1036640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe /AUTORUN []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yuyofafeta]
C:\WINDOWS\system32\duyagawe.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
C:\PROGRA~1\TRUESW~1\TRUEWI~1.EXE -TA []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\pmnOGwuU
"notification packages"=scecli
C:\Documents and Settings\All Users\Application Data\zitakihu\zitakihu.dll
C:\WINDOWS\system32\vuyugije.dll
C:\WINDOWS\system32\filokinu.dll
C:\WINDOWS\system32\fomowipi.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\p3bvsvr.exe"="C:\WINDOWS\system32\p3bvsvr.exe:*:Enabled:Bugs Music VoD Control"
"C:\Program Files\iMesh\iMesh5\iMesh.exe"="C:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5"
"C:\Program Files\Diablo II\Game.exe"="C:\Program Files\Diablo II\Game.exe:*:Enabled:Diablo II"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows¢ç NetMeeting¢ç"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\pdrtvsvr.exe"="C:\WINDOWS\system32\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Warcraft III\AI Scripts\nwt\D2Loader-1.11b.exe"="C:\Program Files\Warcraft III\AI Scripts\nwt\D2Loader-1.11b.exe:*:Enabled:Diablo II"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\WINDOWS\system32\prunnet.exe"="C:\WINDOWS\system32\prunnet.exe:*:Enabled:prunnet"
"F:\Warcraft III\Warcraft III.exe"="F:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"G:\Warcraft III\Warcraft III.exe"="G:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye"="C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye:*:Enabled:AYServiceNt"
"C:\Program Files\tintinyproxyy\tinyproxy.exe"="C:\Program Files\tintinyproxyy\tinyproxy.exe:*:Enabled:tinyproxy"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe"="C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe:*:Enabled:dvpapi"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"="C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe:*:Enabled:aawservice"
"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"="C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe:*:Enabled:mdm"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"G:\Kevin\Warcraft III\Warcraft III.exe"="G:\Kevin\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"F:\Kevin\Warcraft III\Warcraft III.exe"="F:\Kevin\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Application Data\b469fcc\WSb469.exe"="C:\Documents and Settings\All Users\Application Data\b469fcc\WSb469.exe:*:Enabled:System Defender"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3859f308-47aa-11de-99c4-0007e97d5f5a}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3859f309-47aa-11de-99c4-0007e97d5f5a}]
shell\AutoRun\command - G:\EXPLORER.EXE
shell\explore\command - G:\EXPLORER.EXE
shell\open\command - G:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5ed01c6-7cf5-11db-9a73-0007e97d5f5a}]
shell\AutoRun\command - F:\xsdelect.com
shell\explore\command - F:\xsdelect.com
shell\open\command - F:\xsdelect.com


======List of files/folders created in the last 1 months======

2010-01-13 19:07:59 ----D---- C:\Program Files\trend micro
2010-01-13 19:07:55 ----D---- C:\rsit
2010-01-12 22:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-12 22:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-09 18:44:20 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2010-01-09 18:39:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-08 13:04:50 ----D---- C:\Program Files\TrendMicro
2010-01-08 13:02:58 ----D---- C:\WINDOWS\ERDNT
2010-01-08 13:02:25 ----D---- C:\Program Files\ERUNT
2010-01-07 21:04:58 ----D---- C:\Program Files\Ad-Aware
2010-01-04 19:30:36 ----SHD---- C:\Documents and Settings\All Users\Application Data\WSPTNVD_APDM
2010-01-04 19:29:10 ----SHD---- C:\Documents and Settings\All Users\Application Data\b469fcc
2010-01-04 19:15:59 ----A---- C:\WINDOWS\system32\xa.tmp
2009-12-18 19:02:10 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla

======List of files/folders modified in the last 1 months======

2010-01-13 19:08:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-13 19:07:59 ----AD---- C:\Program Files
2010-01-13 18:58:19 ----D---- C:\WINDOWS\Temp
2010-01-13 16:29:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 16:29:05 ----D---- C:\WINDOWS\system32\drivers
2010-01-13 16:24:40 ----D---- C:\WINDOWS\Prefetch
2010-01-13 16:23:08 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-01-13 16:22:44 ----SD---- C:\WINDOWS\Tasks
2010-01-13 16:03:04 ----D---- C:\WINDOWS
2010-01-13 16:02:19 ----D---- C:\WINDOWS\AppPatch
2010-01-12 22:31:02 ----HD---- C:\WINDOWS\inf
2010-01-12 22:30:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-12 22:30:55 ----D---- C:\WINDOWS\$hf_mig$
2010-01-12 22:30:51 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 22:30:45 ----D---- C:\WINDOWS\system32
2010-01-12 22:29:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-12 21:22:31 ----D---- C:\Program Files\Mozilla Firefox
2010-01-12 20:29:58 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-09 19:50:43 ----D---- C:\Program Files\Common Files
2010-01-09 19:30:42 ----SHD---- C:\WINDOWS\Installer
2010-01-09 19:30:39 ----D---- C:\Config.Msi
2010-01-09 19:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-08 13:04:53 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2010-01-07 22:19:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-07 22:19:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-05 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB893066$
2010-01-04 20:24:25 ----D---- C:\Documents and Settings\Owner\Application Data\skypePM
2010-01-04 18:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-18 17:54:22 ----D---- C:\Documents and Settings
2009-12-18 17:53:47 ----D---- C:\Downloads
2009-12-18 17:38:45 ----D---- C:\Program Files\VideoLAN
2009-12-18 17:37:32 ----D---- C:\Program Files\Google
2009-12-18 17:37:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2002-09-03 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-04 839880]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AYDrvNT_ALYAC;AYDrvNT_ALYAC; \??\C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2008-12-17 41752]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys []
S2 GdFsHook;McAfee Privacy Service File Guardian; \??\C:\WINDOWS\System32\Drivers\GDFSHK.SYS []
S2 GdTdi;McAfee Privacy Service Transport Filter; \??\C:\WINDOWS\System32\Drivers\GDTDI.SYS []
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC; \??\C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz128;cpuz128; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz_x32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-12-17 23832]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-12-17 6364440]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiFiltr;NaiFiltr; C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALYac_PZSrv;ALYac_PZSrv; C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye [2009-08-16 890104]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-04-04 177672]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-10-06 81920]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
S2 GuardDogEXE;McAfee Privacy Service; C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE /SERVICE []
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe []
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-03-07 245760]
S3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe []
S3 Radialpoint Security Services;Radialpoint Security Services; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
S3 RPSUpdaterR;Radialpoint Unicorn Update Service; C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Help Me Please!
2010-01-14, 03:14
info.txt logfile of random's system information tool 1.06 2010-01-13 19:08:58

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{983DD781-10DA-4C25-8706-9E152DFCEF90}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe¢ç Photoshop¢ç Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\Setup.exe" -l0x9 -uninst
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
BugsVoD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C735A5C5-5F9A-41FA-8035-0316A7EEB8DE}\Setup.exe" -l0x12
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Cooolsoft Power MP3 WMA Converter v1.11-->C:\PROGRA~1\powconv\UNWISE.EXE C:\PROGRA~1\powconv\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Flying Scorchio Screen Saver-->sstunst2.exe Flying Scorchio
Free Mp3 Wma Converter V 1.6.3-->"C:\Program Files\Free Audio Pack\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Korean Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall
LCP 5.04-->MsiExec.exe /I{1EFAF492-9A3B-48C3-9349-234B146FDA46}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Global IME for Office XP (Korean)-->MsiExec.exe /X{A9CA9E18-F14C-4875-83A5-2CC40340FA95}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar(01.02.3000.1001)-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
My.Freeze.com NetAssistant-->"C:\Program Files\My.Freeze.com NetAssistant\settings_uninstall_app.exe" --uninstall
Nero 7 Essentials-->MsiExec.exe /I{6FF8F60F-FD1F-4B15-B0EC-194861AD1033}
Nero PhotoShow Express 4-->"C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe"
NVIDIA Display Driver-->C:\WINDOWS\system32\nvudisp.exe Uninstall C:\WINDOWS\system32\nvdisp.nvu,NVIDIA Display Driver
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Confidential 2008-->"C:\Program Files\Winferno\PC Confidential\unins000.exe"
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
Reimage real-time monitor-->C:\Program Files\Reimage\rei_agent.exe /uninstall
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Search Settings 1.1-->MsiExec.exe /X{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype¢â 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Sims Superstar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.exe" -l0009
Uninstall-->"C:\Program Files\GRETECH\GomSearch\uninstall.exe"
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Verizon PC Security Checkup-->C:\Program Files\InstallShield Installation Information\{F092D1A4-ED8C-47ED-AE72-45B80D7C0543}\setup.exe -runfromtemp -l0x0409
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Winee-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E430B6E-9927-4818-BD00-0EA2071FC997}\Setup.exe" -l0x12
WineeRecorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B527AB4-283A-44B0-906D-63D1252A7452}\Setup.exe" -l0x12
Winferno Registry Power Cleaner-->"C:\Program Files\Winferno\RegistryPowerCleaner\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
¾Ë¾à-->"C:\Program Files\ESTsoft\ALYac\uninst00.aye"
¾ËÁý-->C:\Program Files\ESTsoft\ALZip\unins000.exe

======Hosts File======

localhost 127.0.0.1
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com

======Security center information======

AV: System Defender
AV: ¾Ë¾à
FW: System Defender

======System event log======

Computer Name: OWNER-BRPY82EID
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
MPFIREWL

Record Number: 165722
Source Name: Service Control Manager
Time Written: 20091218121946.000000-360
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 7000
Message: The McAfee.com VirusScan Online Realtime Engine service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 165721
Source Name: Service Control Manager
Time Written: 20091218121926.000000-360
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 7000
Message: The McAfee Privacy Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 165720
Source Name: Service Control Manager
Time Written: 20091218121926.000000-360
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 7000
Message: The McAfee Privacy Service Transport Filter service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 165719
Source Name: Service Control Manager
Time Written: 20091218121926.000000-360
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 7000
Message: The McAfee Privacy Service File Guardian service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 165718
Source Name: Service Control Manager
Time Written: 20091218121926.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-BRPY82EID
Event Code: 1001
Message: Fault bucket 1180947459.

Record Number: 11736
Source Name: Application Hang
Time Written: 20090603095101.000000-300
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 11735
Source Name: Application Hang
Time Written: 20090603095041.000000-300
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 11734
Source Name: Application Hang
Time Written: 20090603095040.000000-300
Event Type: error
User:

Computer Name: OWNER-BRPY82EID
Event Code: 1517
Message: Windows saved user OWNER-BRPY82EID\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11704
Source Name: Userenv
Time Written: 20090531205240.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-BRPY82EID
Event Code: 1517
Message: Windows saved user OWNER-BRPY82EID\kelly kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11588
Source Name: Userenv
Time Written: 20090521224435.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared;C:\Program Files\ESTsoft\ALZip
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Help Me Please!
2010-01-14, 03:21
If someone could combine this with my last post that would be much appreciated.

So I have done as you have said and everything went well until I ran Random's System Information Tool. It started up the HiJackThis program, but the same error came up:

For Some reason you system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\WINDOWS\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HiJackThis, right click on the HiJackThis icon, choose 'Run as administrator'.

And so I click OK, but I am also technologically challenged unfortunately and I do not want to do something that would impair the chance of fixing this computer, and the following pops up:

You have an particularly large amount of hijacked domains. It's probaby better to delete the file itself then to fix each item (and create a backup)

If you see the same IP address in all the reported O1 items, consider deleting your Hosts file, which is located at C:\WINDOWS\System32\drivers\etc\hosts.

And so I pressed okay and the program continued its procedure... So as you can see I posted the logs but I don't think anything was solved.

Furthermore, when I go to google.com it relocates me to google.nl and i have no idea as to why it's doing this. I used both the Internet Explorer and Mozilla Firefox browser, and in both cases, I am redirected from google.com to google.nl.

Dakeyras
2010-01-14, 13:50
Hi. :)


So I have done as you have said and everything went well until I ran Random's System Information Tool. It started up the HiJackThis program, but the same error came up:OK thanks for the update and not a problem. We will merely try a different approach. Please bare in mind what I mentioned in a prior post:-

The process is not instant. Please continue to review my answers until I tell you your machine is clear.I will also add it would be prudent for the time being not to use the infected machine at all online if possible apart from checking email notifications for this topic/physically checking and or following my advice etc. This way it will lesson the chance the machine will become more infected, thank you.

Download/Run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)


Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next:

Please download RpsUU.exe (http://radialpoint.fileburst.com/radialpoint/tools/UninstallUtility/8/RpsUU.exe) to the Desktop.

Double click RpsUU.exe to run it.
Click Yes to confirm that you want to uninstall.
Restart the computer when prompted.
Next:

Run RKill again.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0 <-- We will update this in due course.
BugsVoD
My.Freeze.com NetAssistant
Verizon PC Security Checkup
Winferno Registry Power Cleaner
¾Ë¾à
¾ËÁý

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

If you were prompted to reboot the computer after the above uninstalltions. Please run Rkill again before proceeding any further.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cplClick on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset because you have the McAfee Personal Firewall.

Scan with GMER:

Please download GMER Rootkit Scanner from here (http://www.gmer.net/download.php).

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

When completed the above, please post back the following:

GMER Log.

Help Me Please!
2010-01-15, 03:27
Thank you Dakeyras for responding to my thread once again :).

For some reason on my parent's computer it may say that the McAfee Firewall is present but I do not see it anywhere within the computer.

I have disconnected the computer from the internet and am instead using my personal laptop to download all the files you have told me to download and transferring them via flash drive. But when you said that my parent's computer has the firewall, I am quite certain that my parent's computer has no firewall.

But here is the log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-14 19:25:48
Windows 5.1.2600 Service Pack 3
Running: vfuoerlh.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afrdyfow.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 83B6B618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe?Photoshop?Album Starter Edition 3.2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe?Photoshop?Album Starter Edition 3.2@SlowInfoCache 0x28 0x02 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Adobe?Photoshop?Album Starter Edition 3.2@Changed 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@DisplayName Adobe? Photoshop? Album Starter Edition 3.2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@URLUpdateInfo http://www.adobe.com/products/photoshopelwin/main.html
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@URLInfoAbout http://www.adobe.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@UninstallString MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@Size
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@Readme C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\readme.txt
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@Publisher http://www.adobe.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@InstallDate
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@HelpTelephone
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@HelpLink
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@DisplayVersion 3.2.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@Contact
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@Comments
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@AuthorizedCDFPrefix
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@RegEulaAccepted 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@PSASEVersion 3.2.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@SEOEMName
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@PSASEVersionUpdate 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@DisplayIcon C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\Photoshop Album Starter Edition.exe,-111
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@InstallLocation C:\Program Files\Adobe\Photoshop Album Starter Edition\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe?Photoshop?Album Starter Edition 3.2@InstallPath C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\ProgID@ DAO.User.36

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Help Me Please!
2010-01-15, 06:27
Again if someone could combine this with my last post that would be much appreciated:

There were some issues with uninstalling some of these programs:

Adobe Reader 7.0: Uninstalled

BugsVoD: Uninstalled

My.Freeze.com NetAssistant: It said it was already uninstalled and asked if I wanted to remove from list, so i clicked yes

Verizon PC Security Checkup: I could not find it within the Programs List

Winferno Registry Power Cleaner: Uninstalled

¾Ë¾à: Uninstalled

¾ËÁý: Uninstalled

Dakeyras
2010-01-15, 12:57
Hi. :)


Thank you Dakeyras for responding to my thread once again :).You're welcome!


For some reason on my parent's computer it may say that the McAfee Firewall is present but I do not see it anywhere within the computer.
It is a integral part of the actual McAfee SecurityCenter installation.


I have disconnected the computer from the internet and am instead using my personal laptop to download all the files you have told me to download and transferring them via flash drive.I do not mean to alarm you unduly but by doing this you may have compromised your own computer in turn. Do not connect any Flash Drives you may have again to the infected computer, we can disinfect it(them) in due course and when I am satisfied your parents computer is indeed malware free I will check your laptop for you.

For the time being update whatever Anti-Virus you have installed on your laptop and run a full scan and have it remove anything found. If anything is found save the log-file/report for my review to a convenient location and then post the aforementioned when I ask for it OK. Do not post it in your next reply as it is somewhat difficult trying to work on two different computers logs in the same topic simultaneously, thank you. :bigthumb:

So it is OK to use the infected machine for reading my instructions as I post them/download anything I advise etc. I apologise if you misunderstood what I posted prior:-

I will also add it would be prudent for the time being not to use the infected machine at all online if possible apart from checking email notifications for this topic/physically checking and or following my advice etc. This way it will lesson the chance the machine will become more infected, thank you.

There were some issues with uninstalling some of these programs:

Verizon PC Security Checkup: I could not find it within the Programs ListOK not a problem and I will check this out in due course.

Next:

Please run RKill again.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.


Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Note: If you have uninstalled ERUNT, please inform myself before proceeding any further.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: when prompted do you want to replace the copy of ComboFix you currently have on the desktop, please do so.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.
Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)

Next, select never for "When to re-enable real time scanning"
and click OK.
For further info on disabling and re-enabling McAfee, click here (http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820).
Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper

Note: Do not forget to re-enable McAfee after running ComboFix.

When completed the above, please post back the following in the order asked for:

How is your parents computer performing now, any other symptoms and or problems encountered?
ComboFix Log.

Help Me Please!
2010-01-15, 18:12
Again thank you so much for taking so much of your time to help me.

I am addressing the problem with the McAfee Program. It someone may say that it is installed on this computer. But I cannot find any folder or anything. My father installed it but when he did not like the program and tried to uninstall I guess McAfee did not uninstall properly or something happened. So as of now we do not have any sort of anti-virus and therefore i turned the windows firewall on again.

And I did a scan on my laptop and you are right, I have many infected problems on this laptop now. But this will be addressed later.

So I have followed the instructions as posted. But ComboFix seems to be stuck of something. It currently says:

Preparing Log Report.

Do not run any programs until ComboFix has finished

Its been like this for over a hour and I do not know what to do.

Dakeyras
2010-01-15, 18:30
Hi. :)

OK no problem we can address the McAfee issue and install a new Anti-Virus in due course.


And I did a scan on my laptop and you are right, I have many infected problems on this laptop now. But this will be addressed later.Thats a shame, not to worry after we have finished the malware removal process with your parents computer I will address your laptop's issues.

Next:

Re ComboFix, leave it for say another 15/20 minutes. If no apparent change please carry out the following:-

Open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

When completed the above, please post back the following in the order asked for:

How is your parents computer performing now, any other symptoms and or problems encountered?
ComboFix Log. <-- It can be located at C:\ComboFix.txt

Help Me Please!
2010-01-15, 19:34
Re ComboFix, leave it for say another 15/20 minutes. If no apparent change please carry out the following:-

Open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

So after the computer re-booted and once it said it is Preparing Log Report

I attempted to cancel the swreg but immediately it disappeared and none of the other processes are showing up...

Help Me Please!
2010-01-15, 19:43
Thank you for your patience. Somehow this time the program worked and produced this log:

ComboFix 10-01-14.07 - Owner 5/2010 Fri 11:24:38.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.767.416 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-14 01:07 . 2010-01-14 01:08 -------- d-----w- c:\program files\trend micro
2010-01-14 01:07 . 2010-01-14 01:08 -------- d-----w- C:\rsit
2010-01-13 03:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 00:39 . 2010-01-10 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:04 . 2010-01-08 19:04 -------- d-----w- c:\program files\TrendMicro
2010-01-08 19:02 . 2010-01-15 14:42 -------- d-----w- c:\program files\ERUNT
2010-01-08 03:04 . 2010-01-08 03:05 -------- d-----w- c:\program files\Ad-Aware
2010-01-05 02:26 . 2010-01-05 02:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-05 01:34 . 2010-01-05 01:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 01:30 . 2010-01-05 01:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSPTNVD_APDM
2010-01-05 01:29 . 2010-01-08 04:08 -------- d-sh--w- c:\documents and settings\All Users\Application Data\b469fcc
2009-12-19 01:02 . 2009-12-19 01:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:32 . 2009-09-04 04:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-01-14 21:04 . 2008-12-26 22:48 -------- d-----w- c:\documents and settings\Owner\Application Data\EstSoft
2010-01-14 21:04 . 2008-12-26 22:46 -------- d-----w- c:\program files\ESTsoft
2010-01-14 21:04 . 2008-12-26 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
2010-01-14 20:52 . 2007-11-13 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2010-01-13 22:29 . 2009-03-23 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 01:30 . 2008-12-30 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-08 19:04 . 2010-01-08 19:04 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-08 04:19 . 2008-12-25 22:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-08 04:19 . 2005-05-14 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-07 22:07 . 2009-03-23 03:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-23 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 18:02 . 2009-09-04 01:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-07 18:02 . 2009-09-04 01:12 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-05 19:19 . 2010-01-05 19:19 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 02:24 . 2009-09-04 05:05 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-18 23:38 . 2009-04-27 20:23 -------- d-----w- c:\program files\VideoLAN
2009-12-18 23:37 . 2007-08-27 03:07 -------- d-----w- c:\program files\Google
2009-12-13 02:26 . 2009-12-13 02:26 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-13 01:25 . 2009-12-13 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-13 01:23 . 2009-12-13 01:23 -------- d-----w- c:\program files\Pando Networks
2009-12-13 00:56 . 2009-11-14 00:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-02 15:13 . 2009-12-02 15:13 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-02 14:17 . 2010-01-05 01:30 457688 ----a-w- c:\documents and settings\All Users\Application Data\b469fcc\sqlite3.dll
2009-12-02 14:17 . 2010-01-05 01:30 722392 ----a-w- c:\documents and settings\All Users\Application Data\b469fcc\mozcrt19.dll
2009-11-29 02:45 . 2008-03-08 22:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 05:55 . 2009-09-04 01:49 -------- d-----w- c:\program files\Winferno
2009-11-04 18:46 . 2009-11-04 18:46 1421449 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_Monopoly\IAF.dll
2009-10-29 07:45 . 2005-02-18 21:19 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"symPCCheckup"="c:\windows\system32\Adobe\Shockwave 11\symcheckupstub.exe" [2008-08-22 234872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0078570d]
c:\windows\system32\bozuneyi.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 17:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
c:\program files\ESTsoft\ALYac\AYUpdate.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-06-01 19:32 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM034b6491]
c:\windows\system32\jobavito.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imekrmig]
2001-01-09 18:01 44544 ----a-w- c:\ime\IMKR\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-09-03 16:24 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 03:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 18:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2005-03-07 20:05 278528 ----a-w- c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2005-03-07 20:07 180224 ----a-w- c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 03:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-10-06 19:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-10-06 19:16 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-10-06 19:16 741376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 03:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 03:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReimageAgent]
2008-12-30 02:04 258048 ----a-w- c:\program files\reimage\rei_agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
c:\program files\Verizon\VSP\VerizonServicepoint.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
c:\program files\Verizon\McciTrayApp.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yuyofafeta]
c:\windows\system32\duyagawe.dll [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/17/2007 10:05 AM 24652]
S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\System32\Drivers\GDFSHK.SYS --> c:\windows\System32\Drivers\GDFSHK.SYS [?]
S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\System32\Drivers\GDTDI.SYS --> c:\windows\System32\Drivers\GDTDI.SYS [?]
S2 GuardDogEXE;McAfee Privacy Service;"c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE --> c:\program files\McAfee\McAfee Privacy Service\GUARDDOG.EXE [?]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\DRIVERS\NaiFiltr.sys --> c:\windows\system32\DRIVERS\NaiFiltr.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2010-01-15 c:\windows\Tasks\Norton PC Checkup Setup.job
- c:\windows\system32\Adobe\Shockwave 11\symcheckupstub.exe [2008-08-22 15:09]

2009-01-05 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-25 20:59]

2010-01-15 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-09-04 19:10]

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{297CA128-8625-40F0-866D-756308C4F29F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{B71AB70B-D1B1-4C62-A30B-C37ED636C629}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {10ECCE17-29B5-4880-A8F5-EAD298611484} - hxxp://cdnrep.reimage.com/reix1212.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} - hxxp://comic.daum.net/download/ToonsXDaum2.cab
DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} - hxxp://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} - hxxp://img.yahoo.co.kr/ycabinet/cab/YahooCabinet.cab
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/mv/XTools.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\em47iz8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellExecuteHooks-{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5} - (no file)
AddRemove-Free Mp3 Wma Converter_is1 - c:\program files\Free Audio Pack\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7232)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\PENUSA.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Winferno\PC Confidential\PCCBHO.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-01-15 11:41:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-15 17:41

Pre-Run: 18,295,918,592 bytes free
Post-Run: 18,254,704,640 bytes free

- - End Of File - - B10CD3AA9EA4194EEBFF4C599DEA9228

Help Me Please!
2010-01-15, 19:46
One of the most noticeable problems is when I go to google.com on this computer, this shows up:

We're sorry...

... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
To continue searching, please type the characters you see below:

Dakeyras
2010-01-15, 21:27
Hi. :)

Thanks for the update, unfortunately it is not ideal no active Anti-Virus at present but until we have rectified the underlying problems installing one at this time will probably create more problems than actually do any good. Just bare in mind my prior advice about limiting online activity with the infected machine for the time being, thank you.

Lets proceed as follows shall we:-

Please run Rkill again.

McaFee Cleanup:

You have some leftovers from a Mcafee product, If you don't use any Mcafee programs you can run this uninstaller.


Please download the McAfee Removal Tool (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe).
Double click on MCPR.exe to launch it, then click Run.
A window should appear and disappear, this is normal.
A new window should popup and begin the uninstall. When prompted to reboot your computer type Y.
Next:

Run Rkill again.

Next:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
atapi.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Help Me Please!
2010-01-16, 00:00
Once again I must thank you for taking the time out of your busy day to help me.

Here is the log that you asked for:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:56 on 15/01/2010 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [23:40 27/09/2008] [03:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [15:17 15/01/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [04:33 05/06/2005] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [16:27 03/09/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [16:27 03/09/2002] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Dakeyras
2010-01-16, 12:48
Hi. :)


Once again I must thank you for taking the time out of your busy day to help me.You're welcome!

Take your time with the below please any problems encountered what so ever inform myself straight away, thank you. :bigthumb:

Next

Run RKill please.

Please delete the current copy of ComboFix you have on the desktop.

Now please download the following to the desktop but do not use any until asked:-

A fresh copy of ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe). <-- Make sure this is saved to the Desktop.
Download HostsXpert (http://majorgeeks.com/Hoster_d4626.html)and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location EG: C:\
Download just one only of the three free anti-virus programs installers listed below please:-

AntiVir Free. (http://www.free-av.com/)
Avast Home Edition. (http://download.cnet.com/Avast-Home-Edition-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button)
Microsoft Security Essentials (http://www.microsoft.com/Security_Essentials/).
Do not use whichever of the above downloaded yet!


Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


FCOPY::
C:\WINDOWS\system32\dllcache\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys

Driver::
lvuvc
logiflt

File::
C:\Program.exe
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
C:\WINDOWS\system32\vuyugije.dll
C:\WINDOWS\system32\filokinu.dll
C:\WINDOWS\system32\fomowipi.dll
C:\WINDOWS\tasks\wwyzfblp.job
c:\windows\Tasks\PCConfidential.job
C:\WINDOWS\System32\drivers\etc\hosts

Folder::
c:\program files\Ad-Aware
c:\program files\ESTsoft
c:\program files\Winferno
c:\documents and settings\Owner\Application Data\EstSoft
c:\documents and settings\All Users\Application Data\b469fcc
c:\documents and settings\All Users\Application Data\ESTsoft
c:\documents and settings\All Users\Application Data\Verizon
c:\documents and settings\All Users\Application Data\Lavasoft
C:\Documents and Settings\All Users\Application Data\zitakihu

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BA52B914-B692-46c4-B683-905236F6F655}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALYac"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ne: http://*.update.microsoft.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{458F5FA5-E8F8-4D7B-96FA-43419A71B5A7}]
[-HKEY_CLASSES_ROOT\CLSID\{458F5FA5-E8F8-4D7B-96FA-43419A71B5A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{575594D5-8974-4AFE-9919-8FE4AA687DEF}]
[-HKEY_CLASSES_ROOT\CLSID\{575594D5-8974-4AFE-9919-8FE4AA687DEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{97745861-F1A6-45B2-8AD1-0C17334550E6}]
[-HKEY_CLASSES_ROOT\CLSID\{97745861-F1A6-45B2-8AD1-0C17334550E6}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3859f308-47aa-11de-99c4-0007e97d5f5a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3859f309-47aa-11de-99c4-0007e97d5f5a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5ed01c6-7cf5-11db-9a73-0007e97d5f5a}]
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Next:

Double click on HostsXpert.exe to launch the programme.
When prompted with:

HOSTS file does not exist, press OK to create HOSTS file, Cancel to quit.


Select OK.
Check to see if top button on left hand side says Make Writable?

If it does. click on it then proceed to next instruction.
If not, just proceed to next instruction

Click on Restore MS Hosts File to restore your Hosts file to its default condition
When prompted to confirm, click OK.
Click on the Download button (lower left hand side)

Click on MVPs Hosts... button.
Click on Replace button.
Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)

When finished.

Click on File Handling button.
Click on Make Read Only? to secure it against infection.

Exit the programme.
Next:

Now which ever Anti-Virus installer you downloaded to the Desktop:-

Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any other symptoms and or problems encountered?
ComboFix Log.
A new HijackThis Log.

Help Me Please!
2010-01-16, 18:53
Thank you so much for helping me out with my parent's computer. You have the thanks of our family. :rockon:

Initially when I started the computer and logged onto my father's account, there was a Norton PC Checkup. I did not know who installed it and when I asked around no one had touched the computer but me. So i basically just clicked uninstall and for now it seems to be gone.

Here is the log that you have asked for, and may I say again. THANK YOU SO MUCH!

ComboFix 10-01-15.05 - Owner 6/2010 Sat 10:22:34.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.767.409 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"C:\Program.exe"
"c:\windows\System32\drivers\etc\hosts"
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
"c:\windows\system32\filokinu.dll"
"c:\windows\system32\fomowipi.dll"
"c:\windows\system32\vuyugije.dll"
"c:\windows\Tasks\PCConfidential.job"
"c:\windows\tasks\wwyzfblp.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\b469fcc
c:\documents and settings\All Users\Application Data\b469fcc\BackUp\IMVU.lnk
c:\documents and settings\All Users\Application Data\b469fcc\mozcrt19.dll
c:\documents and settings\All Users\Application Data\b469fcc\sqlite3.dll
c:\documents and settings\All Users\Application Data\b469fcc\WSD_APDM.ico
c:\documents and settings\All Users\Application Data\b469fcc\WSDDSys\vd952342.bd
c:\documents and settings\All Users\Application Data\ESTsoft
c:\documents and settings\All Users\Application Data\ESTsoft\ALCM\ALCMUpdate.exe
c:\documents and settings\All Users\Application Data\ESTsoft\ALToolbar\Common.ini
c:\documents and settings\All Users\Application Data\ESTsoft\ALYac\LicenseInfo.ini
c:\documents and settings\All Users\Application Data\Lavasoft
c:\documents and settings\All Users\Application Data\Lavasoft\License\adaware.da2
c:\documents and settings\All Users\Application Data\Lavasoft\MiniMessage\2
c:\documents and settings\All Users\Application Data\Verizon
c:\documents and settings\All Users\Application Data\Verizon\VSP\SharedProperties.xml
c:\documents and settings\All Users\Application Data\zitakihu
c:\documents and settings\Owner\Application Data\EstSoft
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\0302_pv_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\080609_DefMM02_106.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\081009_seeMaker_default.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090130_seeMakerEnd_default.GIF
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090130_seeMakerIng_default.GIF
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090305_all_cabal.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090306_all_seeWhite.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090313_ftp_aig.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090313_pass_aig1.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090313_see_aig.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090313_zip_aig.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090316_all_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090316_ftp_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090316_pass_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090316_see_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090316_zip_pudding.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090323_ftp_kimyoung.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090323_pass_kimyoung.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090323_see_kimyoung.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090323_zip_kimyoung.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090324_alpass_hanafos.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\090324_alzip_hanafos.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\20090323_all_biz.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\505_90.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\alyacpc_ch_080327.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\log.dat
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091015_pop_toolbarOn1.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091015_pop_toolbarOn2.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091214_pop_hk.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091216_pop_dongyang2.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091218_pop_hcardM.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091221_pop_cabal.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\091230_pop_gmarket.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\100104_pop_dongyang2.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\100108_pop_bizhard.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\100108_pop_hs.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\100111_pop_dongyang2.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\PopSkin\pslog.dat
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_alyac23057_ocu.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_alzip23057_ocu.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_yac23057_scau2.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_zip23057_ktshow.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_zip23057_scau2.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_zip23057_sejong.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0104_zip23057ing_ktshow.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0105_yac23057_scau3.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0105_zip23057_scau3.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\0106_zip23057_sejong2.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091015_all23057_toolbarOn4.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091102_all23057_alzip10th.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091217_yac23057_sec002.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091221_yac23057_cabal.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091221_zip23057_cabal.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091230_yac23057_hs.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\091230_zip23057_hs.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\100107_yac23057_hs_pixed.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\100107_zip23057_autoinside.jpg
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\100107_zip23057_hs_pixed.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\100107_zip23057ing_autoinside.jpg
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\100108_all23057_bizhard.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\20100112_yac23057_scau.gif
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\bg_type21.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\CommonInfo1016_93.xml
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_01.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_012.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_02.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_022.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_03.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_032.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_04.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_042.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_05.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_052.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_06.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_062.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_07.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\img_072.bmp
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\KIMYOUNG_091228_ing230_57.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALBanner\ver6\KIMYOUNG_091228_m230_57.swf
c:\documents and settings\Owner\Application Data\EstSoft\ALCM\cmulog.dat
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20081230.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20081231.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090102.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090103.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090104.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090105.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090109.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090110.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090112.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090113.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090116.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090122.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090123.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090124.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090130.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090203.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090206.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090207.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090215.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090220.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090224.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090227.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090228.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090304.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090305.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090306.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090313.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090315.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090316.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090318.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090320.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090321.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090322.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090323.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090324.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090325.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090326.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090327.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090328.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090329.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090403.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090404.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090405.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090408.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090410.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090411.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090412.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090413.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090414.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090415.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090416.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090417.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090419.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090420.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090421.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090425.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090426.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090427.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090428.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090429.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090502.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090503.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090505.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090506.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090507.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090510.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090511.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090512.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090513.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090515.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090516.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090517.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090523.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090524.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090525.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090527.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090528.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090530.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090531.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090602.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090603.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090605.log
c:\documents and settings\Owner\Application Data\EstSoft\ALToolBar\Log\20090606.log
c:\documents and settings\Owner\Application Data\EstSoft\ALX\alxupdate.exe
c:\program files\Ad-Aware
c:\program files\Ad-Aware\AAWAdmin.exe
c:\program files\Ad-Aware\aawapi.dll
c:\program files\Ad-Aware\AAWService.exe
c:\program files\Ad-Aware\AAWTray.exe
c:\program files\Ad-Aware\AAWWSC.exe
c:\program files\Ad-Aware\Ad-Aware.exe
c:\program files\Ad-Aware\Ad-Aware_manual_DE.chm
c:\program files\Ad-Aware\Ad-Aware_manual_EN.chm
c:\program files\Ad-Aware\Ad-Aware_manual_FR.chm
c:\program files\Ad-Aware\Ad-Aware_manual_JA.chm
c:\program files\Ad-Aware\Ad-AwareAdmin.exe
c:\program files\Ad-Aware\Ad-AwareAdmin.exe.14086.aawbak
c:\program files\Ad-Aware\Ad-AwareCommand.exe
c:\program files\Ad-Aware\aebb.dll
c:\program files\Ad-Aware\aecore.dll
c:\program files\Ad-Aware\aeemu.dll
c:\program files\Ad-Aware\aegen.dll
c:\program files\Ad-Aware\aehelp.dll
c:\program files\Ad-Aware\aeheur.dll
c:\program files\Ad-Aware\aeoffice.dll
c:\program files\Ad-Aware\aepack.dll
c:\program files\Ad-Aware\aerdl.dll
c:\program files\Ad-Aware\aescn.dll
c:\program files\Ad-Aware\aescript.dll
c:\program files\Ad-Aware\aeset.dat
c:\program files\Ad-Aware\aevdf.dll
c:\program files\Ad-Aware\AutoLaunch.exe
c:\program files\Ad-Aware\avpal.dll
c:\program files\Ad-Aware\CEAPI.dll
c:\program files\Ad-Aware\dbghelp.dll
c:\program files\Ad-Aware\Download Guard for Internet Explorer.exe
c:\program files\Ad-Aware\Drivers\32\AAWDriverTool.exe
c:\program files\Ad-Aware\Drivers\32\DIFxAPI.dll
c:\program files\Ad-Aware\Drivers\32\lbd.cat
c:\program files\Ad-Aware\Drivers\32\lbd.inf
c:\program files\Ad-Aware\Drivers\32\lbd.sys
c:\program files\Ad-Aware\Drivers\64\AAWDriverTool.exe
c:\program files\Ad-Aware\Drivers\64\DIFxAPI.dll
c:\program files\Ad-Aware\Drivers\64\lbd.cat
c:\program files\Ad-Aware\Drivers\64\lbd.inf
c:\program files\Ad-Aware\Drivers\64\lbd.sys
c:\program files\Ad-Aware\Drivers\AAWDriverTool.exe
c:\program files\Ad-Aware\Drivers\DIFxAPI.dll
c:\program files\Ad-Aware\Drivers\lbd.cat
c:\program files\Ad-Aware\Drivers\lbd.inf
c:\program files\Ad-Aware\Drivers\lbd.sys
c:\program files\Ad-Aware\Drivers\sbapifs.cat
c:\program files\Ad-Aware\Drivers\sbapifsl.cat
c:\program files\Ad-Aware\Drivers\sbapx64.cat
c:\program files\Ad-Aware\Extras\Threat Work\ThreatWork.exe
c:\program files\Ad-Aware\GenoType.ows
c:\program files\Ad-Aware\hbedv.key
c:\program files\Ad-Aware\Languages\resource_de-DE.xml
c:\program files\Ad-Aware\Languages\resource_en-US.xml
c:\program files\Ad-Aware\Languages\resource_es-ES.xml
c:\program files\Ad-Aware\Languages\resource_fr-FR.xml
c:\program files\Ad-Aware\Languages\resource_it-IT.xml
c:\program files\Ad-Aware\Languages\resource_ja-JP.xml
c:\program files\Ad-Aware\Languages\resource_nl-NL.xml
c:\program files\Ad-Aware\Languages\resource_pt-PT.xml
c:\program files\Ad-Aware\Languages\resource_sv-SE.xml
c:\program files\Ad-Aware\Languages\resource_zh-CN.xml
c:\program files\Ad-Aware\Languages\resource_zh-TW.xml
c:\program files\Ad-Aware\Languages\ResourceAdmin.xml
c:\program files\Ad-Aware\lavalicense.dll
c:\program files\Ad-Aware\lavamessage.dll
c:\program files\Ad-Aware\Lavasoft Homepage.url
c:\program files\Ad-Aware\libapr-1.dll
c:\program files\Ad-Aware\libaprutil-1.dll
c:\program files\Ad-Aware\libavll.dll
c:\program files\Ad-Aware\lsdelete.exe
c:\program files\Ad-Aware\msvcp71.dll
c:\program files\Ad-Aware\msvcr71.dll
c:\program files\Ad-Aware\Neutralize.dll
c:\program files\Ad-Aware\pcre.dll
c:\program files\Ad-Aware\PrivacyClean.dll
c:\program files\Ad-Aware\Rebrand.dat
c:\program files\Ad-Aware\Resources.dll
c:\program files\Ad-Aware\Resources.dll.11281.aawbak
c:\program files\Ad-Aware\Resources\aa11.efp
c:\program files\Ad-Aware\Resources\aa14.efp
c:\program files\Ad-Aware\Resources\Carbon.eGL
c:\program files\Ad-Aware\Resources\Default.eGL
c:\program files\Ad-Aware\Resources\Gold.eGL
c:\program files\Ad-Aware\Resources\Orange.eGL
c:\program files\Ad-Aware\Resources\Sedona.eGL
c:\program files\Ad-Aware\Resources\wa11.efp
c:\program files\Ad-Aware\Resources\wa11b.efp
c:\program files\Ad-Aware\Resources\wa12.efp
c:\program files\Ad-Aware\Resources\wa12b.efp
c:\program files\Ad-Aware\Resources\wa14b.efp
c:\program files\Ad-Aware\Resources\wa14i.efp
c:\program files\Ad-Aware\Resources\wt12.efp
c:\program files\Ad-Aware\Resources\wt12b.efp
c:\program files\Ad-Aware\Resources\wt16b.efp
c:\program files\Ad-Aware\Resources\wt16bi.efp
c:\program files\Ad-Aware\Resources\wt20b.efp
c:\program files\Ad-Aware\Resources\wt20bi.efp
c:\program files\Ad-Aware\RPAPI.dll
c:\program files\Ad-Aware\savapi3.dll
c:\program files\Ad-Aware\savapi3client.dll
c:\program files\Ad-Aware\Savapibridge.dll
c:\program files\Ad-Aware\ShellExt.dll
c:\program files\Ad-Aware\threatwork.exe
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\AutoStart Manager.exe
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Settings.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gbottompicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\gtoppicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\skin.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Skins\grey\Thumbs.db
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\SO.dll
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\de.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\en.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\english.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\es.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\fr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\it.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\ja.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\nl.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\pr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\russian.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hans.xml
c:\program files\Ad-Aware\ToolBox\AutoStart Manager\Translations\zh-cmn-Hant.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\AutoStart Manager.exe
c:\program files\Ad-Aware\ToolBox\AutoStart\de.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\en.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\english.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\es.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\fr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\gbottompic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\gbottompicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\gbottompic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\gbottompicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\gtoppic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\gtoppicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\skin.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\grey\Thumbs.db
c:\program files\Ad-Aware\ToolBox\AutoStart\gtoppic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\gtoppicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\it.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\ja.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\nl.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\pr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\russian.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Settings.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\skin.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\gbottompic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\gbottompicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\gtoppic.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\gtoppicp.bmp
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\skin.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Skins\grey\Thumbs.db
c:\program files\Ad-Aware\ToolBox\AutoStart\SO.dll
c:\program files\Ad-Aware\ToolBox\AutoStart\Thumbs.db
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\de.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\en.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\english.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\es.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\fr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\it.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\ja.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\nl.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\pr.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\russian.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\zh-cmn-Hans.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\Translations\zh-cmn-Hant.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\zh-cmn-Hans.xml
c:\program files\Ad-Aware\ToolBox\AutoStart\zh-cmn-Hant.xml
c:\program files\Ad-Aware\ToolBox\LT\Extras.LGFF
c:\program files\Ad-Aware\ToolBox\LT\HostFileEditor.exe
c:\program files\Ad-Aware\ToolBox\LT\Lang\DE.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\EN.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\ES.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\FL.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\FR.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\IT.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\NL.lslang
c:\program files\Ad-Aware\ToolBox\LT\Lang\PT.lslang
c:\program files\Ad-Aware\ToolBox\LT\ProcessWatch.dll
c:\program files\Ad-Aware\ToolBox\LT\ProcessWatch.exe
c:\program files\Ad-Aware\unacev2.dll
c:\program files\Ad-Aware\unrar.dll
c:\program files\Ad-Aware\UpdateManager.dll
c:\program files\Ad-Aware\UpdateManager.dll.18090.aawbak
c:\program files\Ad-Aware\WSCUpdate.dll
c:\program files\ESTsoft
c:\program files\ESTsoft\Common\ALBNCollector.exe
c:\program files\ESTsoft\Common\ALSTSCollector.exe
c:\program files\Winferno
c:\program files\Winferno\PC Confidential\DeleteIndex.exe
c:\program files\Winferno\PC Confidential\Graphics\HandPoint.ico
c:\program files\Winferno\PC Confidential\PCCBHO.dll
c:\program files\Winferno\PC Confidential\PCCL.DLL
c:\program files\Winferno\PC Confidential\PCConfidential.chm
c:\program files\Winferno\PC Confidential\PCConfidential.exe
c:\program files\Winferno\PC Confidential\PCCST.exe
c:\program files\Winferno\PC Confidential\unins000.dat
c:\program files\Winferno\PC Confidential\unins000.exe
c:\program files\Winferno\PC Confidential\WinCMR.dll
c:\program files\Winferno\PC Confidential\WinfernoSoftware.url
c:\windows\System32\drivers\etc\hosts
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\Tasks\PCConfidential.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_LVUVC


((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2010-01-16 02:39 . 2010-01-16 02:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-14 01:07 . 2010-01-14 01:08 -------- d-----w- c:\program files\trend micro
2010-01-14 01:07 . 2010-01-14 01:08 -------- d-----w- C:\rsit
2010-01-13 03:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 00:39 . 2010-01-10 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:04 . 2010-01-08 19:04 -------- d-----w- c:\program files\TrendMicro
2010-01-08 19:02 . 2010-01-15 14:42 -------- d-----w- c:\program files\ERUNT
2010-01-05 02:26 . 2010-01-05 02:26 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-05 01:34 . 2010-01-05 01:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 01:30 . 2010-01-05 01:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSPTNVD_APDM
2009-12-19 01:02 . 2009-12-19 01:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 16:35 . 2009-09-04 04:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-01-13 22:29 . 2009-03-23 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 19:04 . 2010-01-08 19:04 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-08 04:19 . 2008-12-25 22:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-08 04:19 . 2005-05-14 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-07 22:07 . 2009-03-23 03:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-23 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 19:19 . 2010-01-05 19:19 5061519 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-05 02:24 . 2009-09-04 05:05 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-12-18 23:38 . 2009-04-27 20:23 -------- d-----w- c:\program files\VideoLAN
2009-12-18 23:37 . 2007-08-27 03:07 -------- d-----w- c:\program files\Google
2009-12-13 02:26 . 2009-12-13 02:26 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-13 01:25 . 2009-12-13 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-13 01:23 . 2009-12-13 01:23 -------- d-----w- c:\program files\Pando Networks
2009-12-13 00:56 . 2009-11-14 00:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-02 15:13 . 2009-12-02 15:13 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-29 02:45 . 2008-03-08 22:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-21 15:51 . 2002-09-03 16:26 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-04 18:46 . 2009-11-04 18:46 1421449 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_Monopoly\IAF.dll
2009-10-29 07:45 . 2005-02-18 21:19 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/17/2007 10:05 AM 24652]
S2 GdFsHook;McAfee Privacy Service File Guardian;\??\c:\windows\System32\Drivers\GDFSHK.SYS --> c:\windows\System32\Drivers\GDFSHK.SYS [?]
S2 GdTdi;McAfee Privacy Service Transport Filter;\??\c:\windows\System32\Drivers\GDTDI.SYS --> c:\windows\System32\Drivers\GDTDI.SYS [?]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]

2009-01-05 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-25 20:59]

2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{297CA128-8625-40F0-866D-756308C4F29F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{B71AB70B-D1B1-4C62-A30B-C37ED636C629}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} - hxxp://player.bugs.co.kr/install/mv/XTools.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\em47iz8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -

AddRemove-PCConfidential_is1 - c:\program files\Winferno\PC Confidential\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6628)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\PENUSA.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\conime.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-01-16 10:41:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-16 16:41
ComboFix2.txt 2010-01-15 17:41

Pre-Run: 18,141,184,000 bytes free
Post-Run: 18,037,776,384 bytes free

- - End Of File - - 682E08C44FFACA750E4FAF36F991E20A

Dakeyras
2010-01-16, 23:24
Hi. :)


Thank you so much for helping me out with my parent's computer. You have the thanks of our family :rockon:
Your good self and family are very welcome!


Initially when I started the computer and logged onto my father's account, there was a Norton PC Checkup. I did not know who installed it and when I asked around no one had touched the computer but me. So i basically just clicked uninstall and for now it seems to be gone.OK.

GooredFix:

Please download GooredFix from one of the locations below and save it to your Desktop.

Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)


Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform a Quick Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:

"%userprofile%\desktop\rsit.exe" /infoand click on OK

Click on Run and RSIT will start.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following:

How is your parents computer performing now? Any problems encountered and or any further symptoms?
GooredFix Log.
Malwarebytes Anti-Malware Log.
A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

Dakeyras
2010-01-21, 16:33
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.