PDA

View Full Version : Microsoft.Windows.RedirectedHosts & Fraud.WindowsProtectionSuite



romeomj
2010-05-04, 04:52
Per Tashi, I am pasting my DDS reports

DDS (Ver_10-03-17.01) - NTFSx86
Run by Romeo's at 21:39:00.34 on Mon 05/03/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3318.1642 [GMT -4:00]

AV: Windows Protection Suite *On-access scanning enabled* (Updated) {F4AA2796-2C26-4174-8E85-1DD11C7E962C}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Windows Protection Suite *enabled* {F9791210-4A47-49B2-BD8B-8EB4E7021CF7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\WinService.exe
C:\Windows\system32\dlbxcoms.exe
C:\Windows\System32\MediaButtons.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\TestUnitReady.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IEPro\MiniDM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Romeo's\AppData\Local\Temp\Low\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optimum.net/optonline
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\iepro\IEProRecorder.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
StartupFolder: c:\users\romeo's\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: google.com\www
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://nhlmail.nhl.com/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\bitsprxo2.dll,avgrsstx.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\romeo's\appdata\roaming\mozilla\firefox\profiles\fwlahj6u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\romeo's\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\romeo's\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-16 242896]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-25 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-25 308064]
R2 DELLODDSrv;DELLODDSrv;c:\windows\system32\WinService.exe [2008-12-22 65536]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-12-9 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-1-29 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-7 92008]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-26 24652]
R3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\drivers\DLACPI.sys [2008-12-22 14392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-25 369920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-1 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]

=============== Created Last 30 ================

2010-05-02 20:48:38 0 d-----w- c:\program files\Trend Micro
2010-05-02 20:43:13 0 d-----w- C:\HostsXpert
2010-05-02 17:29:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-02 17:29:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-02 17:29:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 11:47:37 0 d-----w- c:\program files\What You Own
2010-04-25 14:38:27 0 d-----w- c:\windows\MATS
2010-04-25 14:38:16 0 d-----w- c:\program files\Microsoft Fix it Center
2010-04-25 14:35:32 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2010-04-25 14:35:32 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2010-04-25 14:34:48 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
2010-04-25 14:34:48 3211264 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
2010-04-25 14:34:48 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
2010-04-25 14:15:54 0 d-----w- c:\programdata\avg9
2010-04-25 13:37:10 0 d-----w- c:\users\romeo's\appdata\roaming\GrabPro
2010-04-25 13:37:10 0 d-----w- C:\downloads
2010-04-25 13:37:07 0 d-----w- c:\users\romeo's\appdata\roaming\OpenCandy
2010-04-25 13:35:40 0 d-----w- c:\program files\IEPro
2010-04-24 19:31:01 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-24 19:30:58 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-24 19:30:58 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-24 19:30:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-24 19:30:51 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-24 19:30:51 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-24 19:30:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-24 19:30:27 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-24 19:30:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-24 19:30:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-24 19:28:06 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-24 19:28:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-24 19:28:05 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-24 18:01:10 0 d-----w- c:\programdata\IObit
2010-04-22 00:00:19 3276800 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-04-22 00:00:15 0 d-----w- c:\program files\Microsoft ATS
2010-04-21 02:11:47 0 d--h--w- c:\windows\msdownld.tmp
2010-04-21 02:10:49 0 d-----w- c:\program files\MSN Toolbar
2010-04-21 02:10:14 0 d-----w- c:\program files\Bing Bar Installer

==================== Find3M ====================

2010-05-04 00:44:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-04-29 07:00:59 71068 ----a-w- c:\windows\fonts\upcil.ttf
2010-04-29 07:00:59 209844 ----a-w- c:\windows\fonts\corbeli.ttf
2010-04-29 07:00:59 152872 ----a-w- c:\windows\fonts\verdanab.ttf
2010-04-29 07:00:59 100420 ----a-w- c:\windows\fonts\consolab.ttf
2010-04-29 07:00:59 100100 ----a-w- c:\windows\fonts\cordiaui.ttf
2010-04-25 14:18:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-25 14:18:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-25 14:18:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-25 19:07:42 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-25 19:07:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-25 19:07:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 08:19:45 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-12-26 16:59:52 53248 ----a-w- c:\windows\inf\i386\STBXPSTI.dll
2002-10-08 04:29:00 114688 ----a-w- c:\windows\inf\i386\XP100.dll
2002-10-08 04:27:00 36352 ----a-w- c:\windows\inf\i386\StbXpEXT.dll
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
1998-05-12 08:01:00 8944 ----a-w- c:\windows\inf\i386\Usbscan.sys
2010-01-21 18:26:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-10 14:56:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 21:40:31.24 ===============
DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/9/2008 2:38:57 AM
System Uptime: 5/3/2010 9:24:57 AM (12 hours ago)

Motherboard: Dell Inc. | | 0P096C
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU 1 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 218 GiB total, 130.053 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.155 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP548: 4/17/2010 2:24:55 PM - Scheduled Checkpoint
RP549: 4/18/2010 2:49:32 PM - Scheduled Checkpoint
RP550: 4/19/2010 1:00:43 PM - Windows Update
RP551: 4/20/2010 6:56:04 AM - Windows Update
RP552: 4/20/2010 10:49:48 PM - Scheduled Checkpoint
RP553: 4/21/2010 8:01:03 PM - Windows Update
RP554: 4/21/2010 8:22:47 PM - Installed AVG Free 9.0
RP556: 4/21/2010 8:44:44 PM - Avg Update
RP558: 4/21/2010 8:45:50 PM - Avg Update
RP559: 4/23/2010 12:00:12 AM - Scheduled Checkpoint
RP560: 4/23/2010 7:22:16 PM - Scheduled Checkpoint
RP561: 4/24/2010 1:44:57 PM - Removed AVG Free 9.0
RP562: 4/24/2010 1:46:47 PM - Installed AVG Free 9.0
RP563: 4/24/2010 2:17:34 PM - 10/1/2009
RP564: 4/24/2010 2:18:53 PM - 10/1/2009
RP565: 4/24/2010 2:21:39 PM - Restore Operation
RP566: 4/24/2010 3:24:46 PM - Windows Update
RP567: 4/24/2010 6:47:46 PM - Windows Update
RP568: 4/25/2010 10:15:45 AM - Installed AVG Free 9.0
RP569: 4/25/2010 10:35:43 AM - Windows Update
RP570: 4/26/2010 1:07:17 AM - Scheduled Checkpoint
RP571: 4/27/2010 12:07:47 AM - Scheduled Checkpoint
RP572: 4/28/2010 12:21:56 AM - Scheduled Checkpoint
RP573: 4/29/2010 12:22:14 AM - Scheduled Checkpoint
RP574: 4/29/2010 3:00:17 AM - Windows Update
RP575: 4/30/2010 7:38:57 AM - Scheduled Checkpoint
RP576: 5/1/2010 10:58:52 AM - Scheduled Checkpoint
RP577: 5/2/2010 3:09:01 AM - Scheduled Checkpoint
RP578: 5/2/2010 4:47:56 PM - Installed HiJackThis

==== Hosts File Hijack ======================

Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 64.86.17.32 google.ae
Hosts: 64.86.17.32 google.as
Hosts: 64.86.17.32 google.at
Hosts: 64.86.17.32 google.az
Hosts: 64.86.17.32 google.ba
Hosts: 64.86.17.32 google.be
Hosts: 64.86.17.32 google.bg
Hosts: 64.86.17.32 google.bs
Hosts: 64.86.17.32 google.ca
Hosts: 64.86.17.32 google.cd
Hosts: 64.86.17.32 google.com.gh
Hosts: 64.86.17.32 google.com.hk
Hosts: 64.86.17.32 google.com.jm
Hosts: 64.86.17.32 google.com.mx
Hosts: 64.86.17.32 google.com.my
Hosts: 64.86.17.32 google.com.na
Hosts: 64.86.17.32 google.com.nf
Hosts: 64.86.17.32 google.com.ng
Hosts: 64.86.17.32 google.ch
Hosts: 64.86.17.32 google.com.np
Hosts: 64.86.17.32 google.com.pr
Hosts: 64.86.17.32 google.com.qa
Hosts: 64.86.17.32 google.com.sg
Hosts: 64.86.17.32 google.com.tj
Hosts: 64.86.17.32 google.com.tw
Hosts: 64.86.17.32 google.dj
Hosts: 64.86.17.32 google.de
Hosts: 64.86.17.32 google.dk
Hosts: 64.86.17.32 google.dm
Hosts: 64.86.17.32 google.ee
Hosts: 64.86.17.32 google.fi
Hosts: 64.86.17.32 google.fm
Hosts: 64.86.17.32 google.fr
Hosts: 64.86.17.32 google.ge
Hosts: 64.86.17.32 google.gg
Hosts: 64.86.17.32 google.gm
Hosts: 64.86.17.32 google.gr
Hosts: 64.86.17.32 google.ht
Hosts: 64.86.17.32 google.ie
Hosts: 64.86.17.32 google.im
Hosts: 64.86.17.32 google.in
Hosts: 64.86.17.32 google.it
Hosts: 64.86.17.32 google.ki
Hosts: 64.86.17.32 google.la
Hosts: 64.86.17.32 google.li
Hosts: 64.86.17.32 google.lv
Hosts: 64.86.17.32 google.ma
Hosts: 64.86.17.32 google.ms
Hosts: 64.86.17.32 google.mu
Hosts: 64.86.17.32 google.mw
Hosts: 64.86.17.32 google.nl
Hosts: 64.86.17.32 google.no
Hosts: 64.86.17.32 google.nr
Hosts: 64.86.17.32 google.nu
Hosts: 64.86.17.32 google.pl
Hosts: 64.86.17.32 google.pn
Hosts: 64.86.17.32 google.pt
Hosts: 64.86.17.32 google.ro
Hosts: 64.86.17.32 google.ru
Hosts: 64.86.17.32 google.rw
Hosts: 64.86.17.32 google.sc
Hosts: 64.86.17.32 google.se
Hosts: 64.86.17.32 google.sh
Hosts: 64.86.17.32 google.si
Hosts: 64.86.17.32 google.sm
Hosts: 64.86.17.32 google.sn
Hosts: 64.86.17.32 google.st
Hosts: 64.86.17.32 google.tl
Hosts: 64.86.17.32 google.tm
Hosts: 64.86.17.32 google.tt
Hosts: 64.86.17.32 google.us
Hosts: 64.86.17.32 google.vu
Hosts: 64.86.17.32 google.ws
Hosts: 64.86.17.32 google.co.ck
Hosts: 64.86.17.32 google.co.id
Hosts: 64.86.17.32 google.co.il
Hosts: 64.86.17.32 google.co.in
Hosts: 64.86.17.32 google.co.jp
Hosts: 64.86.17.32 google.co.kr
Hosts: 64.86.17.32 google.co.ls
Hosts: 64.86.17.32 google.co.ma
Hosts: 64.86.17.32 google.co.nz
Hosts: 64.86.17.32 google.co.tz
Hosts: 64.86.17.32 google.co.ug
Hosts: 64.86.17.32 google.co.uk
Hosts: 64.86.17.32 google.co.za
Hosts: 64.86.17.32 google.co.zm
Hosts: 64.86.17.32 google.com
Hosts: 64.86.17.32 google.com.af
Hosts: 64.86.17.32 google.com.ag
Hosts: 64.86.17.32 google.com.ar
Hosts: 64.86.17.32 google.com.au
Hosts: 64.86.17.32 google.com.bn
Hosts: 64.86.17.32 google.com.br
Hosts: 64.86.17.32 google.com.by
Hosts: 64.86.17.32 google.com.bz
Hosts: 64.86.17.32 google.com.cu
Hosts: 64.86.17.32 google.com.ec
Hosts: 64.86.17.32 google.com.fj
Hosts: 64.86.17.32 www.google.ae
Hosts: 64.86.17.32 www.google.as
Hosts: 64.86.17.32 www.google.at
Hosts: 64.86.17.32 www.google.az
Hosts: 64.86.17.32 www.google.ba
Hosts: 64.86.17.32 www.google.be
Hosts: 64.86.17.32 www.google.bg
Hosts: 64.86.17.32 www.google.bs
Hosts: 64.86.17.32 www.google.ca
Hosts: 64.86.17.32 www.google.cd
Hosts: 64.86.17.32 www.google.com.gh
Hosts: 64.86.17.32 www.google.com.hk
Hosts: 64.86.17.32 www.google.com.jm
Hosts: 64.86.17.32 www.google.com.mx
Hosts: 64.86.17.32 www.google.com.my
Hosts: 64.86.17.32 www.google.com.na
Hosts: 64.86.17.32 www.google.com.nf
Hosts: 64.86.17.32 www.google.com.ng
Hosts: 64.86.17.32 www.google.ch
Hosts: 64.86.17.32 www.google.com.np
Hosts: 64.86.17.32 www.google.com.pr
Hosts: 64.86.17.32 www.google.com.qa
Hosts: 64.86.17.32 www.google.com.sg
Hosts: 64.86.17.32 www.google.com.tj
Hosts: 64.86.17.32 www.google.com.tw
Hosts: 64.86.17.32 www.google.dj
Hosts: 64.86.17.32 www.google.de
Hosts: 64.86.17.32 www.google.dk
Hosts: 64.86.17.32 www.google.dm
Hosts: 64.86.17.32 www.google.ee
Hosts: 64.86.17.32 www.google.fi
Hosts: 64.86.17.32 www.google.fm
Hosts: 64.86.17.32 www.google.fr
Hosts: 64.86.17.32 www.google.ge
Hosts: 64.86.17.32 www.google.gg
Hosts: 64.86.17.32 www.google.gm
Hosts: 64.86.17.32 www.google.gr
Hosts: 64.86.17.32 www.google.ht
Hosts: 64.86.17.32 www.google.ie
Hosts: 64.86.17.32 www.google.im
Hosts: 64.86.17.32 www.google.in
Hosts: 64.86.17.32 www.google.it
Hosts: 64.86.17.32 www.google.ki
Hosts: 64.86.17.32 www.google.la
Hosts: 64.86.17.32 www.google.li
Hosts: 64.86.17.32 www.google.lv
Hosts: 64.86.17.32 www.google.ma
Hosts: 64.86.17.32 www.google.ms
Hosts: 64.86.17.32 www.google.mu
Hosts: 64.86.17.32 www.google.mw
Hosts: 64.86.17.32 www.google.nl
Hosts: 64.86.17.32 www.google.no
Hosts: 64.86.17.32 www.google.nr
Hosts: 64.86.17.32 www.google.nu
Hosts: 64.86.17.32 www.google.pl
Hosts: 64.86.17.32 www.google.pn
Hosts: 64.86.17.32 www.google.pt
Hosts: 64.86.17.32 www.google.ro
Hosts: 64.86.17.32 www.google.ru
Hosts: 64.86.17.32 www.google.rw
Hosts: 64.86.17.32 www.google.sc
Hosts: 64.86.17.32 www.google.se
Hosts: 64.86.17.32 www.google.sh
Hosts: 64.86.17.32 www.google.si
Hosts: 64.86.17.32 www.google.sm
Hosts: 64.86.17.32 www.google.sn
Hosts: 64.86.17.32 www.google.st
Hosts: 64.86.17.32 www.google.tl
Hosts: 64.86.17.32 www.google.tm
Hosts: 64.86.17.32 www.google.tt
Hosts: 64.86.17.32 www.google.us
Hosts: 64.86.17.32 www.google.vu
Hosts: 64.86.17.32 www.google.ws
Hosts: 64.86.17.32 www.google.co.ck
Hosts: 64.86.17.32 www.google.co.id
Hosts: 64.86.17.32 www.google.co.il
Hosts: 64.86.17.32 www.google.co.in
Hosts: 64.86.17.32 www.google.co.jp
Hosts: 64.86.17.32 www.google.co.kr
Hosts: 64.86.17.32 www.google.co.ls
Hosts: 64.86.17.32 www.google.co.ma
Hosts: 64.86.17.32 www.google.co.nz
Hosts: 64.86.17.32 www.google.co.tz
Hosts: 64.86.17.32 www.google.co.ug
Hosts: 64.86.17.32 www.google.co.uk
Hosts: 64.86.17.32 www.google.co.za
Hosts: 64.86.17.32 www.google.co.zm
Hosts: 64.86.17.32 www.google.com
Hosts: 64.86.17.32 www.google.com.af
Hosts: 64.86.17.32 www.google.com.ag
Hosts: 64.86.17.32 www.google.com.ar
Hosts: 64.86.17.32 www.google.com.au
Hosts: 64.86.17.32 www.google.com.bn
Hosts: 64.86.17.32 www.google.com.br
Hosts: 64.86.17.32 www.google.com.by
Hosts: 64.86.17.32 www.google.com.bz
Hosts: 64.86.17.32 www.google.com.cu
Hosts: 64.86.17.32 www.google.com.ec
Hosts: 64.86.17.32 www.google.com.fj
Hosts: 64.86.17.32 google.com
Hosts: 64.86.17.32 www.google.com
Hosts: 64.86.17.32 bing.com
Hosts: 64.86.17.32 www.bing.com
Hosts: 64.86.17.32 search.yahoo.com
Hosts: 64.86.17.32 www.search.yahoo.com
Hosts: 64.86.17.32 search.live.com
Hosts: 64.86.17.32 search.msn.com

==== Installed Programs ======================

AAC Decoder
ABBYY FineReader 6.0 Sprint Plus
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
Bing Bar
Bing Bar Platform
Bonjour
Choice Guard
Citrix Presentation Server Client - Web Only
Dell Dock
Dell Driver Download Manager
Dell Photo AIO Printer 962
Dell Resource CD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
H.264 Decoder
HiJackThis
honestech VHS to DVD 3.0 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IE7Pro
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
MediaButtons 5.0.0.1T4
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Default Manager
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OneTouch Version 3.0
Pinnacle Hollywood FX for Studio
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype web features
Skype™ Beta 4.1
SmartSound Quicktracks Plugin
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Stamps.com
Stamps.com Address Book Support for Windows Contacts for Vista
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Word 2000-2007
Stamps.com support for Windows Contacts for Vista
Studio 10
Studio 10.8 Patch
Studio 9
TomTom HOME 2.7.0.1785
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
USB2.0 TVBOX
USB2.0 VIDBOX NW01
VC80CRTRedist - 8.0.50727.762
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
WD Diagnostics
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WYO Home Inventory 4.12

==== Event Viewer Messages From Past Week ========

5/2/2010 4:54:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif OMCI
5/2/2010 4:53:35 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Romeo's\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
5/2/2010 4:52:39 PM, Error: volmgr [46] - Crash dump initialization failed!
4/30/2010 7:03:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================

peku006
2010-05-08, 12:41
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

peku006
2010-05-16, 10:53
Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)