View Full Version : Problem removing MyWebSearch Leftovers
Al N1API
2010-12-20, 07:57
I am having a problem removing what is left at MyWebSearch screen saver at
start up.
I've done an uninstall and removed the folders and when I do a search with Spybot and also Super Anti-Spyware it removes registration entries and also other leftover files.
But every time that I restart the computer I get an error message box that says the following:
RunDLL (The title of the box the message is in)
Error Loading
C:\PROGRA~1\MYWEBS~1\bar\M3PLUGIN.DLL
The specified module could not be found.
The program is not there but SOMETHING at start up is putting the registry entries back along with some other files.
Anyone got any idea what is going on and what I need to remove to kill this malware totally?
Thanks
Al
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Al N1API
2010-12-24, 06:03
:sad:
Well it didn't work. The start up error is still there. I also ran Spybot after and it removed the same entries that it always finds and removes, (3 PUPS I believe). Also ran Super Spyware and it also removes some My Websearch entries. So there is still something there that puts all this crap back onto the system every time I reboot after using all the spy and maiware programs. The most useless one by the way is Webroot Spysweeper. It has not found anything in well over a year while all the other ones find different things. I'm thinking of of not renewing that one. Too bad there is not one program that will find everything.
Let me see if I can attach the log. If not will cut and paste it in a new message.
Al
DDS (Ver_10-12-12.02) - NTFSx86
Run by Alan at 21:22:48.85 on Thu 12/23/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1334 [GMT -5:00]
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Spy Sweeper *Enabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\brss01a.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\appl\fp\fplmservice.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Spybot\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\DynDNS Updater\DynDNS.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\QUICKENW\qagent.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\mrtMngr.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe
C:\Internet Download Manager\IDMan.exe
C:\Weatherbug\WeatherBug\Weather.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Spybot\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\BOINC\boincmgr.exe
C:\BOINC\boinc.exe
C:\PROGRA~1\Webshots\315~1.761\webshots.scr
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\mobsync.exe
C:\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://connecticut.cox.net/cci/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - C:\wsbho2k0.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {C17590D2-ECB4-4b15-8820-F58798DCC118} - No File
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [PlaxoUpdate] "c:\users\alan\appdata\local\plaxo\3.24.0.119\PlaxoHelper_en.exe" -a
uRun: [IDMan] "c:\internet download manager\IDMan.exe" /onboot
uRun: [Weather] "c:\weatherbug\weatherbug\Weather.exe" 1
uRun: [SpybotSD TeaTimer] "c:\spybot\TeaTimer.exe"
uRun: [PlaxoSysTray] "c:\users\alan\appdata\local\plaxo\3.24.0.119\PlaxoSysTray.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRunOnce: [<NO NAME>] "c:\program files\internet explorer\iexplore.exe" http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.5.40&build=Symantec&a=00000082.00000049.000000d3&b=00000082.00000096.000001da&c=00000082.000000d4.00000264
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
mRun: [QAGENT] "c:\program files\quickenw\QAGENT.EXE"
mRun: [Profiler] "c:\program files\saitek\software\Profiler.exe"
mRun: [SaiSmart] "c:\program files\saitek\software\SaiSmart.exe"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\freeagentlauncher.exe" c:\program files\seagate\systemtray\StxMenuMgr.exe
mRun: [<NO NAME>]
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] "%WINDIR%\SMINST\launcher.exe"
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /install /silent
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\boincm~1.lnk - c:\boinc\boincmgr.exe
StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Webshots Photo Search - c:\program files\webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: turbotax.com
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: schannel.dll, credssp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\cg1os9tz.default\
FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\alan\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.50106.0\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\alan\appdata\roaming\idm\idmmzcc3
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101222.001\IDSvix86.sys [2010-12-22 353912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 67656]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-5-15 20480]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-3 172032]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-17 43912]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2008-1-24 282694]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-14 198240]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-12-9 84208]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2008-1-7 34712]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2008-2-19 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-5-8 1201640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-20 102448]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-1-27 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\google\update\GoogleUpdate.exe [2009-5-24 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-12 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-24 02:22:21 54016 ----a-w- c:\windows\system32\drivers\dewkpqwx.sys
2010-12-24 02:13:24 -------- d-----w- c:\users\alan\appdata\roaming\Malwarebytes
2010-12-24 02:13:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 02:13:17 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-24 02:13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-24 02:13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 02:01:36 -------- d-----w- c:\users\alan\appdata\roaming\Sammsoft
2010-12-24 02:00:54 -------- d-----w- c:\program files\MemTurbo 4
2010-12-24 02:00:08 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-12-09 08:02:21 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-07 09:31:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-07 09:31:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
==================== Find3M ====================
2010-10-03 15:18:38 286720 ----a-w- c:\windows\iun507.exe
2010-09-29 19:31:28 210272 ----a-w- c:\windows\system32\idmmbc.dll
============= FINISH: 21:24:27.58 ===============
Hi,
I see many entries left from MyWebSearch, run this program , it should remove them.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Al N1API
2010-12-25, 19:52
Nothing, still the same. Guess this one is buried real deep some where.
Wish that I could paste that box in that I get a start up. Here's the log from Combofix.
Hi,
I see many entries left from MyWebSearch, run this program , it should remove them.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Al N1API
2010-12-25, 20:20
Well now I need help removing The ComboFix folder. I was able to delete most of the files in the Qoobox folder, but there is one folder that is called BakEnv that I can not access or delete. I don't like to keep these programs if there are not there for a purpose and this was just for the purpose of removal of the MyWeb Search junk.
Can you tell me how to remove the Qoobox folder without having to install another program on my computer?
Al
Nothing, still the same. Guess this one is buried real deep some where.
Wish that I could paste that box in that I get a start up. Here's the log from Combofix.
ComboFix 10-12-24.01 - Alan 12/25/2010 11:49:59.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1696 [GMT -5:00]
Running from: e:\desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\jusched.exe
L:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.
2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-25 17:02 . 2010-12-25 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\programdata\Malwarebytes
2010-12-24 02:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 02:13 . 2010-12-24 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 02:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 08:02 . 2010-12-09 05:40 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 15:18 . 2008-01-09 02:56 286720 ----a-w- c:\windows\iun507.exe
2010-09-29 19:31 . 2008-05-12 12:56 210272 ----a-w- c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40 66144 ----a-w- c:\internet download manager\IDMShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PlaxoUpdate"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
"IDMan"="c:\internet download manager\IDMan.exe" [2010-12-09 3253656]
"Weather"="c:\weatherbug\WeatherBug\Weather.exe" [2007-08-29 1347584]
"SpybotSD TeaTimer"="c:\spybot\TeaTimer.exe" [2009-03-05 2260480]
"PlaxoSysTray"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\boinc\boincmgr.exe [2007-11-13 4141056]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-5-15 157088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 11:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2006-12-14 282694]
R2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-31 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-09-26 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-09-26 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-09-26 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101224.001\IDSvix86.sys [2010-11-09 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-31 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [2010-03-18 20480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-03 172032]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-17 43912]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 84208]
S2 mrtRate;mrtRate; [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-09-26 117640]
S2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-11-23 1201640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-18 102448]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1443584]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-09-26 48688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]
2010-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]
2010-12-21 c:\windows\Tasks\HPCeeScheduleForAlan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-14 23:55]
2010-12-19 c:\windows\Tasks\wrSpySweeper_L99B22F575894403A956FC03491AA452A.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-09 20:19]
2010-12-19 c:\windows\Tasks\wrSpySweeper_L99B22F575894403A956FC03491AA452A.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-09 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://connecticut.cox.net/cci/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\cg1os9tz.default\
FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Alan\AppData\Roaming\IDM\idmmzcc3
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 12:02
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,77,22,a5,a9,36,e2,5d,6b,0e,78,d9,6a,dd,16,3b,cc,25,1c,c1,d8,
98,72,e4,5a,39,1b,19,3a,4f,07,65,8a,00,44,b8,d0,e3,9e,f7,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{f987e60d-f10d-4f1b-9801-3e61a91deb88}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000087
"Therad"=dword:0000001d
"MData"=hex(0):62,c6,31,63,c9,f1,31,73,e1,17,38,cf,82,2d,47,6a,08,78,ac,04,64,
53,f6,e9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-25 12:05:54
ComboFix-quarantined-files.txt 2010-12-25 17:05
Pre-Run: 205,903,179,776 bytes free
Post-Run: 205,834,223,616 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - D9DAFA997C846A22A227E6A527A77E7E
When where done we will run a tool to remove Combofix and Qoobox, please don't remove anything on your own, what if by mistake Combofix removed a legit entry and we needed to reinstall it ?????????????
Please copy and paste the reports in in lew of attaching them.
Lets go over a few things.
Advanced Registry Optimizer
Unless your a windows expert you should not be using any registry cleaners, remove the wrong entries or entry and you could severely damage your system making it unbootable. You will see no difference in system performance by running this cleaner. I strongly suggest you remove it via add remove programs in the control panel.
Ask.com Toolbar
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
This program has no uninstall, if you want to remove it let me know.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::
DDS::
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Al N1API
2010-12-26, 18:48
:hair:
I'm begining to think that I am going to have to live with this one for the rest of my life. It looks like all the spyware programs are finding all the different entries put back my the MYWeb Seach malware program but are not finding the root cause, the program or entry in the AutoBat or ConfigSys, or maybe installed program that puts the entries back on start up. We keep removing them, including the registry files, files in Firefox or IE, (which I do not use), DLLs, PUPS or what ever but the source program is never found. I just wonder if anyone has ever taken the MyWeb Search program apart, (reverse engineered), to find out where they hid all the parts of the program in the computer. Doesn't it have to be .COM or .EXE file that runs on startup to put all this stuff back? It wants to start the MyWeb Search program on start up but because the program folder has been completely removed the program is not going to start so the pop up box comes up saying the DLL is missing, but that program which is running is still putting entries back onto the system.
Like I said, (and to review), Webroot Spy Sweeper runs automatically every Sunday evening and has found NOTHING in well over a year and I'm considering not renewing this and removing the program. SpyBot seems to find most if not all the entries Malwarebytes and ComboFix find, and Super Anti Virus finds them also. They get removed but all come back again at start up. By the way both Spybot and Super Anti Virus along with CCleaner and Defragger are all recommended by the place that does the actual physical repair on my systems and they use them when ever they take a machine in for work. They tell me that there is no one program that can remove all malware and spy ware and that is why they use a number of programs to scan a system.
Here is the latest log:
ComboFix 10-12-25.03 - Alan 12/26/2010 10:31:29.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1518 [GMT -5:00]
Running from: e:\desktop\ComboFix.exe
Command switches used :: e:\desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
L:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-11-26 to 2010-12-26 )))))))))))))))))))))))))))))))
.
2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-26 15:43 . 2010-12-26 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-25 20:45 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-12-25 20:45 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-12-25 20:45 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-12-25 20:44 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-12-25 20:44 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-12-25 20:44 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-25 20:44 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-25 20:44 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-25 20:44 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-25 20:44 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-12-25 20:43 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 20:43 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-25 20:42 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-25 20:42 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-25 20:42 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-25 20:42 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-25 20:42 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-25 20:41 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-12-25 20:40 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-25 20:38 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-12-25 20:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-12-25 20:38 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-12-25 20:38 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-25 20:38 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-25 20:36 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-12-25 20:36 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-12-25 20:34 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-12-25 20:34 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-12-25 20:34 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-12-25 20:34 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-12-25 20:34 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-25 20:34 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-25 20:34 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-25 20:34 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-25 20:34 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-12-25 20:34 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-25 20:34 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-12-25 20:33 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-12-25 20:33 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-12-25 20:33 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-25 20:33 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-25 20:33 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-25 20:33 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-25 20:33 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-25 20:33 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-25 20:32 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-25 20:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2010-12-24 02:13 . 2010-12-24 02:13 -------- d-----w- c:\programdata\Malwarebytes
2010-12-24 02:13 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-24 02:13 . 2010-12-24 02:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-24 02:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 08:02 . 2010-12-09 05:40 84208 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-12-07 09:31 . 2010-12-07 09:31 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 08:59 . 2010-10-27 08:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 08:08 . 2010-10-27 08:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 07:55 . 2010-10-27 07:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 07:55 . 2010-10-27 07:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 07:52 . 2002-01-02 02:23 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 07:51 . 2009-11-03 23:25 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 07:51 . 2009-11-03 23:25 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 07:50 . 2009-11-03 23:27 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 07:50 . 2009-11-03 23:27 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 07:49 . 2010-10-27 07:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 07:49 . 2010-10-27 07:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 07:49 . 2010-10-27 07:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 07:46 . 2010-10-27 07:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 07:35 . 2010-10-27 07:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 07:35 . 2010-10-27 07:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 07:33 . 2010-10-27 07:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 07:28 . 2009-11-03 23:27 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 07:14 . 2010-10-27 07:14 52736 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 07:14 . 2009-11-03 23:24 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 07:14 . 2010-10-27 07:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 07:14 . 2010-10-27 07:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 07:14 . 2010-10-27 07:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 07:13 . 2010-10-27 07:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 07:13 . 2010-10-27 07:13 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 07:13 . 2010-10-27 07:13 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-27 07:12 . 2010-10-27 07:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 06:50 . 2009-11-03 23:27 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 06:37 . 2010-10-27 06:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 06:37 . 2010-10-27 06:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-03 15:18 . 2008-01-09 02:56 286720 ----a-w- c:\windows\iun507.exe
2010-09-29 19:31 . 2008-05-12 12:56 210272 ----a-w- c:\windows\system32\idmmbc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40 66144 ----a-w- c:\internet download manager\IDMShellExt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PlaxoUpdate"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
"IDMan"="c:\internet download manager\IDMan.exe" [2010-12-09 3253656]
"Weather"="c:\weatherbug\WeatherBug\Weather.exe" [2007-08-29 1347584]
"SpybotSD TeaTimer"="c:\spybot\TeaTimer.exe" [2009-03-05 2260480]
"PlaxoSysTray"="c:\users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2003-04-10 151552]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2003-04-10 86016]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\FreeAgentLauncher.exe" [2007-01-18 79416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BOINC Manager.lnk - c:\boinc\boincmgr.exe [2007-11-13 4141056]
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-5-15 157088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 11:18 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 fplm_service;fplm_service;c:\appl\fp\fplmservice.exe [2006-12-14 282694]
R2 gupdate1c9dc74c9fada22;Google Update Service (gupdate1c9dc74c9fada22);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-31 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-09-26 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-09-26 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-09-26 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101224.001\IDSvix86.sys [2010-11-09 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-31 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-31 67656]
S2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [2010-03-18 20480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-17 43912]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 84208]
S2 mrtRate;mrtRate; [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-09-26 117640]
S2 SBSDWSCService;SBSD Security Center Service;c:\spybot\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-11-23 1201640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-18 102448]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1443584]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2009-09-26 48688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]
2010-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 13:37]
2010-12-21 c:\windows\Tasks\HPCeeScheduleForAlan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-14 23:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://connecticut.cox.net/cci/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download All Links with IDM - c:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\cg1os9tz.default\
FF - prefs.js: browser.startup.homepage - hxxp://connecticut.cox.net/cci/home
FF - prefs.js: keyword.URL - hxxp://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\Alan\AppData\Roaming\IDM\idmmzcc3
FF - user.js: yahoo.homepage.dontask - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-26 10:43
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,77,22,a5,a9,36,e2,5d,6b,0e,78,d9,6a,dd,16,3b,cc,25,1c,c1,d8,
98,72,e4,5a,39,1b,19,3a,4f,07,65,8a,00,44,b8,d0,e3,9e,f7,00,00,00,00,00,00,\
[HKEY_USERS\S-1-5-21-2299670582-208884457-1818704479-1001_Classes\CLSID\{f987e60d-f10d-4f1b-9801-3e61a91deb88}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000087
"Therad"=dword:0000001d
"MData"=hex(0):62,c6,31,63,c9,f1,31,73,e1,17,38,cf,82,2d,47,6a,08,78,ac,04,64,
53,f6,e9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@=""
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-26 10:46:14
ComboFix-quarantined-files.txt 2010-12-26 15:46
Pre-Run: 205,301,223,424 bytes free
Post-Run: 205,277,777,920 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 6B8AA11CC26BA8D804B07D73B2ABF7BF
When where done we will run a tool to remove Combofix and Qoobox, please don't remove anything on your own, what if by mistake Combofix removed a legit entry and we needed to reinstall it ?????????????
Please copy and paste the reports in in lew of attaching them.
Lets go over a few things.
Advanced Registry Optimizer
Unless your a windows expert you should not be using any registry cleaners, remove the wrong entries or entry and you could severely damage your system making it unbootable. You will see no difference in system performance by running this cleaner. I strongly suggest you remove it via add remove programs in the control panel.
Ask.com Toolbar
* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.
This program has no uninstall, if you want to remove it let me know.
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DDS::
DDS::
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
I'm begining to think that I am going to have to live with this one for the rest of my life. Not really, we will find it.
Run this scanner
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Al N1API
2010-12-26, 21:44
[I highlighted the line in red. It is similar to the error message that I get at start up]
OTL logfile created on: 12/26/2010 2:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = E:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.99 Gb Total Space | 191.26 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive D: | 9.10 Gb Total Space | 0.88 Gb Free Space | 9.62% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 215.75 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive F: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.76 Gb Total Space | 185.87 Gb Free Space | 39.91% Space Free | Partition Type: NTFS
Drive W: | 76.69 Gb Total Space | 68.24 Gb Free Space | 88.99% Space Free | Partition Type: NTFS
Drive X: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Y: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Z: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Computer Name: N1API-MAIN | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)
PRC - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Webshots\3.1.5.7617\Webshots.scr (Webshots.com)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe (Space Sciences Laboratory)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
PRC - c:\Appl\fp\fplmservice.exe ()
PRC - C:\DynDNS Updater\DynDNS.exe (Kana Solution)
PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
PRC - C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
PRC - C:\Program Files\QUICKENW\qagent.exe ()
PRC - C:\Windows\System32\mrtMngr.exe (Marimba Inc.)
========== Modules (SafeList) ==========
MOD - E:\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plx_hook.dll (Plaxo, Inc.)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCR90.dll (Microsoft Corporation)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCP90.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (fplm_service) -- c:\appl\fp\fplmservice.exe ()
SRV - (DynDNS_Updater_Service) -- C:\DynDNS Updater\DynDNS.exe (Kana Solution)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Alan\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101225.007\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101225.007\NAVENG.SYS (Symantec Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101224.001\IDSvix86.sys (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SaiNtHid) -- C:\Windows\System32\drivers\SaiNtHid.sys (Saitek)
DRV - (SaiClass) -- C:\Windows\System32\drivers\SaiNtBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (mrtRate) -- C:\Windows\System32\drivers\MrtRate.sys (Marimba, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://connecticut.cox.net/cci/home"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2010/12/11 15:56:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2010/12/11 15:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Mozilla Thunderbird\components [2010/12/10 05:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: E:\Netscape\Components [2010/12/07 04:31:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: E:\Netscape\Plugins [2010/12/07 04:31:27 | 000,000,000 | ---D | M]
[2010/09/22 04:17:45 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions
[2010/09/22 04:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/26 09:05:36 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions
[2010/07/24 18:16:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\toolbar@ask.com
O1 HOSTS File: ([2010/10/03 20:11:06 | 000,000,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe (Seagate Technology, LLC)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [IDMan] C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
[B]O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
O4 - HKCU..\Run: [PlaxoSysTray] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Weather] C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Launcher] File not found
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 23:03:26 | 000,000,088 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/05/26 23:45:29 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/03/21 17:39:27 | 000,000,000 | ---D | M] - L:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/02/24 21:59:44 | 000,000,076 | ---- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/25 10:18:30 | 000,000,365 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/26 14:04:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2010/12/26 10:46:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/26 10:27:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/25 16:38:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/25 15:46:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/25 15:46:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/25 15:46:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/25 15:46:32 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/25 15:46:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/25 15:46:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/25 15:46:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/25 15:46:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/25 15:46:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/25 15:46:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/25 15:46:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/25 15:46:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/25 15:46:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/25 15:46:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:46:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/25 15:46:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/25 15:46:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/25 15:45:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/12/25 15:45:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/12/25 15:45:52 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/12/25 15:44:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/12/25 15:44:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/12/25 15:44:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/12/25 15:43:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/25 15:42:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/25 15:42:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/25 15:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/25 15:40:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/25 15:38:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/12/25 15:38:43 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/12/25 15:38:35 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/12/25 15:38:05 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/12/25 15:38:01 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/12/25 15:36:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/12/25 15:34:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/12/25 15:34:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/25 15:34:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/12/25 15:33:26 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/25 15:33:25 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/25 15:33:22 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/25 15:16:27 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/12/25 11:45:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/25 11:45:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/25 11:45:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/25 11:45:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/25 11:44:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/23 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2010/12/23 21:13:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/23 21:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/23 21:13:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/23 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/09 03:02:21 | 000,084,208 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/26 14:04:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2010/12/26 14:03:14 | 000,000,987 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2010/12/26 13:30:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/26 13:00:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 13:00:27 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/26 11:01:12 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/12/26 11:00:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/26 11:00:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/26 10:22:50 | 003,998,560 | R--- | M] () -- E:\Desktop\ComboFix.exe
[2010/12/25 16:55:03 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 16:55:03 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 16:47:41 | 000,447,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/25 12:36:19 | 000,002,487 | ---- | M] () -- E:\Desktop\Microsoft Word.lnk
[2010/12/25 09:41:22 | 000,002,489 | ---- | M] () -- E:\Desktop\Microsoft Excel.lnk
[2010/12/24 09:56:40 | 000,001,108 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/12/23 23:10:17 | 000,005,168 | ---- | M] () -- E:\Documents\cc_20101223_231011.reg
[2010/12/23 22:11:57 | 000,005,700 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/23 14:54:26 | 000,000,519 | ---- | M] () -- C:\Users\Alan\raccalbk.ini
[2010/12/20 19:27:03 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlan.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/18 11:26:56 | 000,002,511 | ---- | M] () -- E:\Desktop\Microsoft Outlook.lnk
[2010/12/18 10:26:15 | 000,004,096 | -H-- | M] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
[2010/12/09 00:40:38 | 000,084,208 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2010/11/29 18:30:47 | 000,006,668 | ---- | M] () -- E:\Documents\cc_20101129_183037.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/26 10:22:54 | 003,998,560 | R--- | C] () -- E:\Desktop\ComboFix.exe
[2010/12/25 11:45:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/25 11:45:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/25 11:45:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/25 11:45:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/23 23:10:14 | 000,005,168 | ---- | C] () -- E:\Documents\cc_20101223_231011.reg
[2010/11/29 18:30:44 | 000,006,668 | ---- | C] () -- E:\Documents\cc_20101129_183037.reg
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/10/10 11:46:46 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/10 11:46:45 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/06 19:33:59 | 000,000,122 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2009/09/19 08:47:07 | 000,004,096 | -H-- | C] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/22 22:15:09 | 000,005,700 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/30 16:50:50 | 000,000,510 | ---- | C] () -- C:\Windows\wordpad.INI
[2008/06/18 19:04:35 | 000,000,539 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/04/14 03:28:26 | 000,001,356 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2008/03/29 15:44:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/02/26 21:11:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/02/23 10:26:53 | 000,000,046 | ---- | C] () -- C:\Windows\loginput.ini
[2008/02/23 10:26:43 | 000,003,824 | ---- | C] () -- C:\Windows\System32\drivers\DXSOFTIO.SYS
[2008/02/22 23:41:53 | 000,002,248 | ---- | C] () -- C:\Windows\DigiPan.INI
[2008/02/09 19:25:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaiCfg.dll
[2008/02/09 13:05:46 | 000,000,150 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/02/09 13:05:46 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI
[2008/02/09 13:05:46 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\bw6050d.ini
[2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/02/09 13:05:31 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/02/09 13:05:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL
[2008/02/09 13:05:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL
[2008/02/09 13:05:15 | 000,000,451 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/02/09 13:05:15 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/02/09 13:05:06 | 000,008,634 | ---- | C] () -- C:\Windows\HL-6050D_DN.INI
[2008/01/13 09:48:22 | 000,005,120 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/09 21:01:46 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/01/09 18:57:42 | 000,000,067 | ---- | C] () -- C:\Windows\IDMan.INI
[2008/01/09 05:20:54 | 000,023,909 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2008/01/08 22:02:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\raccd32a.DLL
[2008/01/08 19:22:45 | 000,000,092 | ---- | C] () -- C:\Users\Alan\AppData\Local\fusioncache.dat
[2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QFN.ini
[2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QDQICK.ini
[2008/01/07 19:34:09 | 000,001,108 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/01/07 19:34:09 | 000,000,185 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/01/06 21:45:37 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/14 17:27:20 | 000,000,343 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/14 17:19:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/14 17:11:30 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/14 17:11:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/04/01 11:08:25 | 000,026,112 | ---- | C] () -- C:\Windows\System32\HamCal32.DLL
[2005/12/12 13:18:54 | 000,041,472 | ---- | C] () -- C:\Windows\System32\winkeyVB.dll
[2003/07/12 03:51:11 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/03/04 10:07:44 | 000,064,512 | ---- | C] () -- C:\Windows\System32\QRZ32.dll
[2001/12/31 23:29:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[1999/04/21 15:53:40 | 000,062,464 | ---- | C] () -- C:\Windows\System32\agwdll32.dll
========== LOP Check ==========
[2009/09/26 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\AGI
[2010/12/25 17:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\BVS Solitaire Collection
[2010/12/26 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\DMCache
[2010/12/12 07:15:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\IDM
[2009/07/05 19:27:24 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\iWin
[2008/01/31 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Kana Solution
[2008/10/02 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\LimeWire
[2008/01/06 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\MSNInstaller
[2008/01/09 05:20:54 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\PeerNetworking
[2008/01/05 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Snapfish
[2009/09/26 12:55:51 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Temp
[2009/10/06 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Template
[2010/09/22 04:17:33 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Thunderbird
[2010/12/22 09:55:16 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\TrustedQSL
[2008/01/14 20:20:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WeatherBug
[2008/01/06 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\Webshots
[2010/05/13 04:25:38 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WebshotsDailyFeatures.D47BD63EE77CC0AC7AE23BFA386A3F1EDA7C080D.1
[2008/01/06 23:02:51 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WildTangent
[2008/01/06 15:07:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\WinBatch
[2010/12/26 10:57:26 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >[B]
Al N1API
2010-12-26, 21:49
OTL Extras logfile created on: 12/26/2010 2:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = E:\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.99 Gb Total Space | 191.26 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive D: | 9.10 Gb Total Space | 0.88 Gb Free Space | 9.62% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 215.75 Gb Free Space | 72.38% Space Free | Partition Type: NTFS
Drive F: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.76 Gb Total Space | 185.87 Gb Free Space | 39.91% Space Free | Partition Type: NTFS
Drive W: | 76.69 Gb Total Space | 68.24 Gb Free Space | 88.99% Space Free | Partition Type: NTFS
Drive X: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Y: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Z: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Computer Name: N1API-MAIN | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C84EB4-6B1D-44D5-B623-38DA7CCD204C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0CD6C113-6956-4F45-828B-38046A6BECB5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20FE153E-7D06-4A30-AC11-D16A99C0B672}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{28FE0DDA-B460-46AD-9A2E-22C6290C14E9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2E4CF0A6-B44C-422B-BE98-558A028B7F13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38A94C7C-1103-4EBE-BCB3-EE891CA5525D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D045D20-C107-4EF1-9BC0-31BD1D92F53F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{64D300A0-65D3-42B4-B91D-C749F9CFEAE9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{84A0939C-9A8C-43D6-B299-62E7EF30DEB4}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A589A25B-AFF1-470A-B7E5-3FEFB68D3F7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1F045B1-1E04-400A-9FD9-6DA9B844CD4D}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{FE04C629-D4FB-453C-9D43-20AFE1E1D41D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03398A76-EEDF-4532-8882-FEBBF11FE594}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0CB1FFA2-9091-4CF0-9987-4B3A9F1AF9EF}" = protocol=6 | dir=in | app=c:\turbotax\deluxe 2007\32bit\ttax.exe |
"{33F949F9-3362-4AF6-942E-BE05352F2955}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3D33B468-5DAD-4A63-925D-2D4C95B4CFD7}" = protocol=6 | dir=in | app=c:\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{413B92FA-9DF1-49D4-A417-2F2B4A4F09DC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4BD6C2D8-A677-4913-871E-05AD73C3B7E2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4FF387C2-76C6-42D6-A15D-C85644083012}" = protocol=6 | dir=in | app=c:\limewire\limewire.exe |
"{58FFFED2-2FC4-49D9-BA44-40E513DA3001}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{644D8BBE-CF3C-4F98-AE45-A079E2691359}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{824A0A86-1334-4D28-927B-FBF83CF60748}" = protocol=6 | dir=in | app=c:\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{84AE41B5-2F96-405C-93E6-558D75531C11}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9CE41F03-4B67-4DD7-8922-6AD248B51F8C}" = protocol=17 | dir=in | app=c:\turbotax\deluxe 2007\32bit\ttax.exe |
"{A149B9AA-4660-4F6F-B82E-5A784D6A24F2}" = protocol=17 | dir=in | app=c:\limewire\limewire.exe |
"{A8D0FF25-8AD6-45A2-8FF4-C5B43D044E8F}" = protocol=17 | dir=in | app=c:\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{BC262328-6A4B-45DD-9F7C-417F166C7CF9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C91908A1-A5F6-4862-8FA6-456A114DF29A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D12E7BE3-CB8C-4748-B40B-03F6AF093BCB}" = protocol=6 | dir=in | app=c:\turbotax\deluxe 2007\32bit\ttax.exe |
"{E9C0889F-854B-4D9E-906D-179814C7BBDE}" = protocol=17 | dir=in | app=c:\turbotax\deluxe 2007\32bit\ttax.exe |
"{F1D74A6C-17D4-45AE-A067-8D4E21706986}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F3C9EF14-FD23-43C9-A050-D79BF7E5929D}" = protocol=17 | dir=in | app=c:\turbotax\deluxe 2007\32bit\updatemgr.exe |
"TCP Query User{05DF9085-318A-463F-8CC1-D984E86284B4}C:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\mozilla firefox\firefox.exe |
"TCP Query User{28B1D97C-F2A1-48F8-99B2-C3B29B17C751}C:\windows\lmi190d.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi190d.tmp\lmi_rescue.exe |
"TCP Query User{5AEA2F03-49F5-4CBC-93D9-7CDB35A1CCDD}C:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\mozilla firefox\firefox.exe |
"TCP Query User{992CCCF5-315D-47D2-9134-F4E4F07CC82F}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{1AB69579-B310-40D3-9186-BD4311A9195E}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{46BE6452-EB82-4BAB-828E-586E7BE24407}C:\windows\lmi190d.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi190d.tmp\lmi_rescue.exe |
"UDP Query User{C32E02AE-CF02-4F7E-A433-34F1FE90BE06}C:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\mozilla firefox\firefox.exe |
"UDP Query User{FF8871ED-3D1E-4641-AB0C-359954C0114E}C:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F429FF7-8C47-40D7-AF6F-D8B090233D04}" = Image Data Converter SR
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{214ED689-3F31-4ABC-A79D-870A73ECB086}" = TurboTax 2008 wctiper
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29CBFC23-05A7-4286-93B8-BABE29BC1033}" = Nero 7 Essentials
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{368AC670-EAA2-012B-AD34-000000000000}" = TurboTax 2009 wctiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39F9C9CD-1912-4E29-A52E-ADB73D2FC1D5}" = BOINC
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}" = Saitek NT Controller Drivers
"{3AB12F2A-C82C-93F1-21D1-01870EE1B86C}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B53087F-2AC3-F8B7-0DC7-AF0935A3448E}" = CCC Help German
"{5FCF4AF0-CA9E-F9C1-DE85-294E1595AE52}" = Skins
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8C110F-F815-1BEE-99AD-BC9D750904F3}" = Catalyst Control Center HydraVision Full
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA1FA82-635A-42C8-B2A2-C3DF50BDBCA3}" = Brother HL-6050D
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718F78AB-0D7E-B972-EB61-DB8A6D097783}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74715394-12F1-AC57-D25C-B36B66C29BE5}" = Catalyst Control Center Graphics Light
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775B9052-3517-47FA-817D-1BB28363D43A}" = muvee autoProducer 6.0
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C9EB4A6-7D14-BF2F-74F5-6188513048C2}" = Catalyst Control Center Graphics Previews Vista
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90126B79-C0D2-41A5-86B2-2F6666C446B9}" = Saitek Configuration Software
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DFC9A77-86B4-4139-A4CF-A5E774422D28}" = OLYMPUS USB Reader/Writer
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A851DD81-984E-4851-225A-A19C483C9C1C}" = ATI AVIVO Codecs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AFEEA324-EEFB-7549-4851-7EF34E238F09}" = ATI Catalyst Install Manager
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148E9DD-322E-CED2-CEA5-59AB922BD26E}" = Catalyst Control Center Core Implementation
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C8952541-4570-D6AE-C670-79F0F775FEC4}" = ccc-utility
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D035E55A-C84D-7CEF-A6BC-1BBEACF95D78}" = CCC Help Chinese Standard
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D50D3773-2F0E-7C99-330D-AEAD208CDBA5}" = Catalyst Control Center Graphics Full New
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC4C2876-768E-C1F6-116E-526581DE182E}" = Catalyst Control Center InstallProxy
"{DF3A5B95-2B4F-6E5A-AFD0-1CDF8607B292}" = Catalyst Control Center Localization All
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE36D747-B4D2-CC7C-4207-EC0C84462780}" = Catalyst Control Center Graphics Full Existing
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D22D86-9FCD-0540-D4FD-B429FFE1D3F3}" = CCC Help French
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9D650C7-4C2C-4FF3-A493-8ECC8CFF1A09}_is1" = Win1010 Version 3.3d Update
"{FC553697-F608-AD13-6D2B-2605ED1831A0}" = CCC Help Spanish
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audit Support Center" = Audit Support Center 1.0
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"BVSSOL_is1" = BVS Solitaire Collection version 7.0
"BVSSOLPP_is1" = BVS Solitaire Plus Pack
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CwType_is1" = CwType V1.70
"Defraggler" = Defraggler
"DynDNS Updater_is1" = DynDNS Updater 3.1
"filePro" = filepro
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FLV Player" = FLV Player 2.0 (build 25)
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{9DFC9A77-86B4-4139-A4CF-A5E774422D28}" = OLYMPUS USB Reader/Writer
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Internet Download Manager" = Internet Download Manager
"Java Web Start" = Java Web Start
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MARAC Logger Map_is1" = MARAC Logger Map 6.2.8
"MARAC Logger_is1" = MARAC Logger
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSNINST" = MSN
"N360" = Norton 360
"Netscape (7.2)" = Netscape (7.2)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Plaxo" = Plaxo Toolbar for Windows
"Product_Name" = WinIQ
"PROSet" = Intel(R) Network Connections Drivers
"Quicken 2002 Deluxe" = Quicken 2002 Deluxe
"Radio Amateur Callbook" = Radio Amateur Callbook
"Readerware" = Readerware
"Readerware x64" = Readerware x64
"Rhapsody" = Rhapsody
"RXCLUS" = RXCLUS 8.4b UPGRADE
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"ST5UNST #1" = Win1010
"ST6UNST #1" = MARAC Logger
"ST6UNST #3" = Win1010 (C:\Win1010\)
"SystemRequirementsLab" = System Requirements Lab
"TrustedQSL_is1" = TrustedQSL 1.13
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"W10_32UP.exe_is1" = Win1010 Version 3.2
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"ZTreeWin" = ZTreeWin (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Plaxo" = Plaxo Toolbar for Windows
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/26/2010 11:37:09 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:39:41 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:39:41 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:39:59 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:39:59 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:44:29 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:44:43 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 11:44:43 AM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 12:04:18 PM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
Error - 12/26/2010 12:05:08 PM | Computer Name = N1API-Main | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 6/3/2008 4:51:27 AM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 12/29/2008 10:54:23 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 1/11/2009 10:49:32 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/15/2009 10:37:50 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/29/2009 10:14:21 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/9/2009 4:14:24 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/27/2009 1:26:44 PM | Computer Name = N1API-Main | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
Error - 10/7/2009 6:11:15 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/7/2009 7:42:10 PM | Computer Name = N1API-Main | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/24/2009 12:43:29 AM | Computer Name = N1API-Main | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide
[ System Events ]
Error - 12/26/2010 11:30:39 AM | Computer Name = N1API-Main | Source = Service Control Manager | ID = 7030
Description =
Error - 12/26/2010 11:43:15 AM | Computer Name = N1API-Main | Source = Service Control Manager | ID = 7030
Description =
Error - 12/26/2010 11:53:33 AM | Computer Name = N1API-Main | Source = Service Control Manager | ID = 7002
Description =
Error - 12/26/2010 11:53:38 AM | Computer Name = N1API-Main | Source = netbt | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the interface
with IP address 192.168.1.139. The computer with the IP address 192.168.1.137 did
not allow the name to be claimed by this computer.
Error - 12/26/2010 11:53:51 AM | Computer Name = N1API-Main | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.140,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.
Error - 12/26/2010 11:57:25 AM | Computer Name = N1API-Main | Source = Service Control Manager | ID = 7016
Description =
Error - 12/26/2010 12:00:42 PM | Computer Name = N1API-Main | Source = Service Control Manager | ID = 7002
Description =
Error - 12/26/2010 12:00:47 PM | Computer Name = N1API-Main | Source = netbt | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the interface
with IP address 192.168.1.139. The computer with the IP address 192.168.1.137 did
not allow the name to be claimed by this computer.
Error - 12/26/2010 12:01:11 PM | Computer Name = N1API-Main | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.140,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.
Error - 12/26/2010 12:11:11 PM | Computer Name = N1API-Main | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.
< End of report >
Hi,
MyWebSearch is usually not that hard to remove. Lets see if this will do it.
First disable the TeaTimer in Spybot, it may be preventing fixes from taking.
Do this first...Important
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Post the log it created and then run OTL scan again and lets see if there gone
Al N1API
2010-12-27, 17:49
Well much to my amazement it finally may be dead. I think that I ran it as you said. And after two boots I don't see the start up message. I will watch it closely over the next week or so, and will probably run my normal scanners also over the next couple of days to see if it comes back, and to see if there is anything left over that Spybot or Super AntiSpyware can find.
I may have missed one log, (thought that you were asking for three but I only saw two).
Here is the first log that I saw I believe right after the scan / fix. Log name was 12272010_093927 it is short.
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Alan
->Temp folder emptied: 14545 bytes
->Temporary Internet Files folder emptied: 686797 bytes
->Java cache emptied: 72151733 bytes
->FireFox cache emptied: 81429515 bytes
->Flash cache emptied: 48552 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1963825 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2146901 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 151.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.18.0 log created on 12272010_093927
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETEC51.tmp not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
C:\Windows\temp\wbxtra_12272010_093328.wbt moved successfully.
Registry entries deleted on Reboot...
Here is the second log on scan after reboot. OTL.TXT
OTL logfile created on: 12/27/2010 10:23:57 AM - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = E:\Desktop\Cleanup & Virus Programs\Deep Scanner & File Readers - Reg Bakup Pgms
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.99 Gb Total Space | 191.15 Gb Free Space | 66.14% Space Free | Partition Type: NTFS
Drive D: | 9.10 Gb Total Space | 0.97 Gb Free Space | 10.69% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 215.62 Gb Free Space | 72.33% Space Free | Partition Type: NTFS
Drive F: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.76 Gb Total Space | 185.87 Gb Free Space | 39.91% Space Free | Partition Type: NTFS
Drive W: | 76.69 Gb Total Space | 68.19 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive X: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Y: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Drive Z: | 74.38 Gb Total Space | 74.32 Gb Free Space | 99.91% Space Free | Partition Type: FAT
Computer Name: N1API-MAIN | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Desktop\Cleanup & Virus Programs\Deep Scanner & File Readers - Reg Bakup Pgms\OTL.exe (OldTimer Tools)
PRC - C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
PRC - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plaxosystray.exe (Plaxo, Inc.)
PRC - C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Webshots\3.1.5.7617\Webshots.scr (Webshots.com)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Spy Sweeper\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - c:\hp\HPEZBTN\HPBtnSrv.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
PRC - c:\Appl\fp\fplmservice.exe ()
PRC - C:\DynDNS Updater\DynDNS.exe (Kana Solution)
PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
PRC - C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
PRC - C:\Program Files\QUICKENW\qagent.exe ()
PRC - C:\Windows\System32\mrtMngr.exe (Marimba Inc.)
========== Modules (SafeList) ==========
MOD - E:\Desktop\Cleanup & Virus Programs\Deep Scanner & File Readers - Reg Bakup Pgms\OTL.exe (OldTimer Tools)
MOD - C:\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\plx_hook.dll (Plaxo, Inc.)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCR90.dll (Microsoft Corporation)
MOD - C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\MSVCP90.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe (AG Interactive)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Spybot\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (fplm_service) -- c:\appl\fp\fplmservice.exe ()
SRV - (DynDNS_Updater_Service) -- C:\DynDNS Updater\DynDNS.exe (Kana Solution)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Alan\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101226.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101226.003\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101224.001\IDSvix86.sys (Symantec Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (SaiNtHid) -- C:\Windows\System32\drivers\SaiNtHid.sys (Saitek)
DRV - (SaiClass) -- C:\Windows\System32\drivers\SaiNtBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (mrtRate) -- C:\Windows\System32\drivers\MrtRate.sys (Marimba, Inc.)
DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://connecticut.cox.net/cci/home"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://wstb.search.imgag.com/?c=&sbs=1&sc=&f=web&vernum=3.1.5.7613&uid=&did={f8d4a70c-98e2-4081-901d-01bf93043ede}&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 14:58:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Mozilla Firefox\components [2010/12/11 15:56:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Mozilla Firefox\plugins [2010/12/11 15:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Mozilla Thunderbird\components [2010/12/10 05:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Components: E:\Netscape\Components [2010/12/07 04:31:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 7.2\Extensions\\Plugins: E:\Netscape\Plugins [2010/12/07 04:31:27 | 000,000,000 | ---D | M]
[2010/09/22 04:17:45 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions
[2010/09/22 04:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/27 09:11:56 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions
[2010/07/24 18:16:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Alan\AppData\Roaming\mozilla\Firefox\Profiles\cg1os9tz.default\extensions\toolbar@ask.com
O1 HOSTS File: ([2010/12/27 09:40:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe (Saitek)
O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\FreeAgentLauncher.exe (Seagate Technology, LLC)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [IDMan] C:\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoSysTray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Users\Alan\AppData\Local\Plaxo\3.24.0.119\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [Weather] C:\Weatherbug\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Launcher] File not found
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BOINC Manager.lnk = C:\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All Links with IDM - C:\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 23:03:26 | 000,000,088 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/05/26 23:45:29 | 000,000,042 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/03/21 17:39:27 | 000,000,000 | ---D | M] - L:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/02/24 21:59:44 | 000,000,076 | ---- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/25 10:18:30 | 000,000,365 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/26 10:46:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/26 10:27:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/25 16:38:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/25 15:46:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/25 15:46:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/25 15:46:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/25 15:46:32 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/25 15:46:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/25 15:46:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/25 15:46:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/25 15:46:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/25 15:46:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/25 15:46:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/25 15:46:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/25 15:46:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/25 15:46:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/25 15:46:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/25 15:46:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/25 15:46:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/25 15:46:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/25 15:45:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/12/25 15:45:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/12/25 15:45:52 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/12/25 15:44:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/12/25 15:44:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/12/25 15:44:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/12/25 15:43:12 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/25 15:42:52 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/25 15:42:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/25 15:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/25 15:40:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/25 15:38:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/12/25 15:38:43 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/12/25 15:38:35 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/12/25 15:38:05 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/12/25 15:38:01 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/12/25 15:36:48 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/12/25 15:34:11 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/12/25 15:34:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/25 15:34:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/12/25 15:33:26 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/25 15:33:25 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/25 15:33:22 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/25 15:16:27 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/12/25 11:45:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/25 11:45:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/25 11:45:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/25 11:45:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/25 11:44:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/23 21:13:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2010/12/23 21:13:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/23 21:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/23 21:13:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/23 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/23 14:00:32 | 000,084,720 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
========== Files - Modified Within 30 Days ==========
[2010/12/27 10:17:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/27 10:16:42 | 000,000,439 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/12/27 10:16:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 10:16:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/27 10:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/27 09:40:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/12/27 09:30:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/27 07:02:03 | 000,000,987 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2010/12/25 16:55:03 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/25 16:55:03 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/25 16:47:41 | 000,447,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/25 12:36:19 | 000,002,487 | ---- | M] () -- E:\Desktop\Microsoft Word.lnk
[2010/12/25 09:41:22 | 000,002,489 | ---- | M] () -- E:\Desktop\Microsoft Excel.lnk
[2010/12/24 09:56:40 | 000,001,108 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/12/23 23:10:17 | 000,005,168 | ---- | M] () -- E:\Documents\cc_20101223_231011.reg
[2010/12/23 22:11:57 | 000,005,700 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/23 14:54:26 | 000,000,519 | ---- | M] () -- C:\Users\Alan\raccalbk.ini
[2010/12/23 14:09:44 | 000,084,720 | ---- | M] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2010/12/20 19:27:03 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlan.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/18 11:26:56 | 000,002,511 | ---- | M] () -- E:\Desktop\Microsoft Outlook.lnk
[2010/12/18 10:26:15 | 000,004,096 | -H-- | M] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
[2010/11/29 18:30:47 | 000,006,668 | ---- | M] () -- E:\Documents\cc_20101129_183037.reg
========== Files Created - No Company Name ==========
[2010/12/25 11:45:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/25 11:45:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/25 11:45:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/25 11:45:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/23 23:10:14 | 000,005,168 | ---- | C] () -- E:\Documents\cc_20101223_231011.reg
[2010/11/29 18:30:44 | 000,006,668 | ---- | C] () -- E:\Documents\cc_20101129_183037.reg
[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2009/10/10 11:46:46 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/10 11:46:45 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/06 19:33:59 | 000,000,122 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\wklnhst.dat
[2009/09/19 08:47:07 | 000,004,096 | -H-- | C] () -- C:\Users\Alan\AppData\Local\keyfile3.drm
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/03/22 22:15:09 | 000,005,700 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/30 16:50:50 | 000,000,510 | ---- | C] () -- C:\Windows\wordpad.INI
[2008/06/18 19:04:35 | 000,000,539 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/04/14 03:28:26 | 000,001,356 | ---- | C] () -- C:\Users\Alan\AppData\Local\d3d9caps.dat
[2008/03/29 15:44:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/02/26 21:11:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/02/23 10:26:53 | 000,000,046 | ---- | C] () -- C:\Windows\loginput.ini
[2008/02/23 10:26:43 | 000,003,824 | ---- | C] () -- C:\Windows\System32\drivers\DXSOFTIO.SYS
[2008/02/22 23:41:53 | 000,002,248 | ---- | C] () -- C:\Windows\DigiPan.INI
[2008/02/09 19:25:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaiCfg.dll
[2008/02/09 13:05:46 | 000,000,150 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/02/09 13:05:46 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI
[2008/02/09 13:05:46 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\bw6050d.ini
[2008/02/09 13:05:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008/02/09 13:05:31 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/02/09 13:05:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL
[2008/02/09 13:05:22 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL
[2008/02/09 13:05:15 | 000,000,451 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/02/09 13:05:15 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/02/09 13:05:06 | 000,008,634 | ---- | C] () -- C:\Windows\HL-6050D_DN.INI
[2008/01/13 09:48:22 | 000,005,120 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/09 21:01:46 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/01/09 18:57:42 | 000,000,067 | ---- | C] () -- C:\Windows\IDMan.INI
[2008/01/09 05:20:54 | 000,023,909 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2008/01/08 22:02:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\raccd32a.DLL
[2008/01/08 19:22:45 | 000,000,092 | ---- | C] () -- C:\Users\Alan\AppData\Local\fusioncache.dat
[2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QFN.ini
[2008/01/07 20:58:33 | 000,000,000 | ---- | C] () -- C:\Windows\QDQICK.ini
[2008/01/07 19:34:09 | 000,001,108 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/01/07 19:34:09 | 000,000,185 | ---- | C] () -- C:\Windows\intuprof.ini
[2008/01/06 21:45:37 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/14 17:27:20 | 000,000,343 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/14 17:19:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/14 17:11:30 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/14 17:11:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 07:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/04/01 11:08:25 | 000,026,112 | ---- | C] () -- C:\Windows\System32\HamCal32.DLL
[2005/12/12 13:18:54 | 000,041,472 | ---- | C] () -- C:\Windows\System32\winkeyVB.dll
[2003/07/12 03:51:11 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/03/04 10:07:44 | 000,064,512 | ---- | C] () -- C:\Windows\System32\QRZ32.dll
[2001/12/31 23:29:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[1999/04/21 15:53:40 | 000,062,464 | ---- | C] () -- C:\Windows\System32\agwdll32.dll
< End of report >
Hi,
MyWebSearch is usually not that hard to remove. Lets see if this will do it.
First disable the TeaTimer in Spybot, it may be preventing fixes from taking.
[b]Do this first...Important
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
[b]Restart your computer.<--You need to do this for it to take effect
Please do not proceed until the TeaTimer is disabled
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Run OTL.exe
Copy/paste the following text written inside of the code box into the [b]Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
Post the log it created and then run OTL scan again and lets see if there gone
So thanks for helping me to, (I hope), finally get rid of this thing. Wonder where it was hidden? And why was it so hard to find and delete?
If this was it, I'll probably stop back in a week or so and post a "finally gone for good" message and would like to ask for help removing all the extra programs. But for the time being they are all in a folder off the desktop just in case.
Thanks again
Al
Hello Al,
Looks like its gone. Basically what happened is for example, lets say you mistakenly deleted a windows file and when you went to run a program that needed that file you would have gotten the same message as you did with MyWebSearch, one of the programs you ran deleted the file but did not delete the registry entry that runs that file so thats why you where getting that error, it was just trying to find the reg entry to remove to fix it, and we did.
As far as your other programs, we just do malware removal on this forum but if you need help with sorting out your programs to keep or remove you can post here, like safer its free but you will need to register.
http://forums.whatthetech.com/index.php?showforum=119
Open up OTL and click on Cleanup and it will remove most of the tools we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
WinPatrol (www.winpatrol.com/download.html) Keep this fine program activated to block a lot of threats
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.