Can only run in safe mode

sauce73 · Jan 22, 2011

I have run malwarebytes, trendmicro, and S&D. They find the stuff and then when I reboot it all comes back. Here are the logs.

Zango: [SBI $2DF701C6] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}

Zango: [SBI $2DF701C6] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}

Zango: [SBI $2DF701C6] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}

Zango: [SBI $0B228B82] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}

Zango: [SBI $0B228B82] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}

Zango: [SBI $C5E2E29A] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}

Zango: [SBI $C5E2E29A] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}

Zango: [SBI $EC65F658] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic

Zango: [SBI $EC65F658] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic.1

Zango: [SBI $EC65F658] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}

Zango: [SBI $EC65F658] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic.1

Zango: [SBI $EC65F658] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}

Zango: [SBI $EC65F658] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDic

Zango: [SBI $F6958EFF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp

Zango: [SBI $F6958EFF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp.1

Zango: [SBI $F6958EFF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}

Zango: [SBI $F6958EFF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp.1

Zango: [SBI $F6958EFF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}

Zango: [SBI $F6958EFF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CntntCntr.CntntDisp

Zango: [SBI $AD411807] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}

Zango: [SBI $AD411807] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}

Zango: [SBI $68B8A04D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}

Zango: [SBI $68B8A04D] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}

Zango: [SBI $9464CB62] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}

Zango: [SBI $9464CB62] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}

Zango: [SBI $41C9938D] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}

Zango: [SBI $41C9938D] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}

Zango: [SBI $35C3AB53] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}

Zango: [SBI $774269AF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}

Zango: [SBI $774269AF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}

Zango: [SBI $BC9AD41C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}

Zango: [SBI $BC9AD41C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}

Zango: [SBI $24407C8B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}

Zango: [SBI $24407C8B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}

Zango: [SBI $7A279725] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}

Zango: [SBI $7A279725] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}

Zango: [SBI $1B35A323] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}

Zango: [SBI $1B35A323] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}

Zango: [SBI $F13C70E2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}

Zango: [SBI $F13C70E2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}

Zango: [SBI $BFDBA4D0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}

Zango: [SBI $BFDBA4D0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}

Zango: [SBI $FB5C3D76] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}

Zango: [SBI $FB5C3D76] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}

Zango: [SBI $EB6301D8] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}

Zango: [SBI $EB6301D8] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}

Zango: [SBI $4E2CAC43] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}

Zango: [SBI $104CFD04] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx

Zango: [SBI $104CFD04] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1

Zango: [SBI $104CFD04] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx.1

Zango: [SBI $104CFD04] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbAx

Zango: [SBI $F1D95098] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}

Zango: [SBI $D6578954] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI

Zango: [SBI $D6578954] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1

Zango: [SBI $D6578954] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}

Zango: [SBI $D6578954] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1

Zango: [SBI $D6578954] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.HtmlMenuUI

Zango: [SBI $0564489A] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton

Zango: [SBI $0564489A] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1

Zango: [SBI $0564489A] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton.1

Zango: [SBI $0564489A] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButton

Zango: [SBI $596D881F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA

Zango: [SBI $596D881F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1

Zango: [SBI $596D881F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA.1

Zango: [SBI $596D881F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.IEButtonA

Zango: [SBI $046D9F34] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}

Zango: [SBI $30214468] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}

Zango: [SBI $30214468] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}

Zango: [SBI $F504285C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}

Zango: [SBI $F504285C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}

Zango: [SBI $810979A7] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}

Zango: [SBI $810979A7] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}

Zango: [SBI $0D0E1535] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}

Zango: [SBI $0D0E1535] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}

Zango: [SBI $28E8D7DF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand

Zango: [SBI $28E8D7DF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1

Zango: [SBI $28E8D7DF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1

Zango: [SBI $28E8D7DF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.HbInfoBand

Zango: [SBI $5BB747A1] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}

Zango: [SBI $5BB747A1] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}

Zango: [SBI $B02A89EF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl

Zango: [SBI $B02A89EF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1

Zango: [SBI $B02A89EF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1

Zango: [SBI $B02A89EF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShoppingReport.RprtCtrl

Zango: [SBI $9003DE05] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}

Zango: [SBI $9003DE05] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}

Zango: [SBI $93AFCE03] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport

Zango: [SBI $5AC694A3] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}

Zango: [SBI $5AC694A3] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}

Zango: [SBI $D5621515] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}

Zango: [SBI $D5621515] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}

Zango: [SBI $890F7217] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}

Zango: [SBI $890F7217] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}

Zango: [SBI $2442B0F3] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}

Zango: [SBI $2442B0F3] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}

Zango: [SBI $02A9609F] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}

Zango: [SBI $02A9609F] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}

Zango: [SBI $76A08DC3] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}

Zango: [SBI $0050E237] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}

Zango: [SBI $0050E237] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}

Zango: [SBI $28016B09] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}

Zango: [SBI $28016B09] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}

Zango: [SBI $F66C0132] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}

Zango: [SBI $F66C0132] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}

Zango: [SBI $53306C72] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}

Zango: [SBI $53306C72] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}

Zango: [SBI $9F303CE0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}

Zango: [SBI $9F303CE0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}

Zango: [SBI $9EB5CBDB] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}

Zango: [SBI $9EB5CBDB] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}

Zango: [SBI $8B2757A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}

Zango: [SBI $8B2757A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}

Zango: [SBI $1C2D07DF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}

Zango: [SBI $1C2D07DF] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}

Zango: [SBI $50113D3E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}

Zango: [SBI $50113D3E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}

Zango: [SBI $A097D948] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}

Zango: [SBI $A097D948] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}

Zango: [SBI $97CF1A76] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim

Zango: [SBI $C4D09A2F] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}

Zango: [SBI $896511FB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}

Zango: [SBI $896511FB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}

Zango: [SBI $0BB78356] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}

Zango: [SBI $0BB78356] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}

Zango: [SBI $4266C852] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}

Zango: [SBI $4266C852] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}

Zango: [SBI $625008F1] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}

Zango: [SBI $625008F1] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}

Zango: [SBI $4CE802D0] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}

Zango: [SBI $4CE802D0] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}

Zango: [SBI $9DB49993] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

Zango: [SBI $9DB49993] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}

Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}

Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}

Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

Zango: [SBI $6B0E861E] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Seekmo@Seekmo.com

Zango.ShoppingReport: [SBI $CE5684D8] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}

Zango.ShoppingReport: [SBI $CF94EEEF] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}

Zango.ShoppingReport: [SBI $70FBA4C1] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport

Zango.ShoppingReport: [SBI $DD5BBE76] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}

FakeBill.CourtCologne: [SBI $3A594AB3] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

GameVance: [SBI $FBF9B3DB] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL

GameVance: [SBI $FBF9B3DB] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL

GameVance: [SBI $FE92F08F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker

GameVance: [SBI $FE92F08F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker.1

GameVance: [SBI $FE92F08F] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

GameVance: [SBI $FE92F08F] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

GameVance: [SBI $FE92F08F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker.1

GameVance: [SBI $FE92F08F] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GamevanceText.Linker

GameVance: [SBI $643C0431] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance

GameVance: [SBI $FEBEE46C] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

Zango: [SBI $188DD5F3] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices

Zango: [SBI $188DD5F3] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices.1

Zango: [SBI $188DD5F3] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}

Zango: [SBI $188DD5F3] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices.1

Zango: [SBI $188DD5F3] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.CoreServices

Zango: [SBI $C44935D5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx

Zango: [SBI $C44935D5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx.1

Zango: [SBI $C44935D5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx.1

Zango: [SBI $C44935D5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoreSrv.LfgAx

Zango: [SBI $0B31E420] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim

Zango: [SBI $0B31E420] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim.1

Zango: [SBI $0B31E420] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}

Zango: [SBI $0B31E420] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim.1

Zango: [SBI $0B31E420] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.MailAnim

Zango: [SBI $29DEC567] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain

Zango: [SBI $29DEC567] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain.1

Zango: [SBI $29DEC567] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain.1

Zango: [SBI $29DEC567] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hbr.HbMain

Zango: [SBI $65E97118] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices

Zango: [SBI $65E97118] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices.1

Zango: [SBI $65E97118] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}

Zango: [SBI $65E97118] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices.1

Zango: [SBI $65E97118] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}

Zango: [SBI $65E97118] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Srv.CoreServices

Zango: [SBI $804BA76C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl

Zango: [SBI $804BA76C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl.1

Zango: [SBI $804BA76C] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}

Zango: [SBI $804BA76C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl.1

Zango: [SBI $804BA76C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar.ToolbarCtl

Zango: [SBI $47BEF855] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B}

Zango: [SBI $AF46ABDC] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim

Zango: [SBI $F7DB92E5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend

Zango: [SBI $F7DB92E5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend.1

Zango: [SBI $F7DB92E5] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}

Zango: [SBI $F7DB92E5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend.1

Zango: [SBI $F7DB92E5] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostOL.WebmailSend

Zango: [SBI $4133524C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho

Zango: [SBI $4133524C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho.1

Zango: [SBI $4133524C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho.1

Zango: [SBI $4133524C] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HostIE.Bho

Zango: [SBI $B6761D1D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand

Zango: [SBI $B6761D1D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand.1

Zango: [SBI $B6761D1D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand.1

Zango: [SBI $B6761D1D] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HBMain.CommBand

Hotbar: [SBI $6EB73B54] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

Hotbar: [SBI $6EB73B54] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

Hotbar: [SBI $FDEE140C] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C}

Hotbar: [SBI $FDEE140C] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C}

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Microsoft.WindowsSecurityCenter.FirewallOverride: [SBI $0C94D702] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

PremiumSearch: [SBI $A27BCAFD] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger

Win32.ZBot: [SBI $6CF375A8] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\Windows\System32\sdra64.exe,...

Hotbar: Interface (IHbMapiAddrBook) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}

Hotbar: Interface (IHbStats) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-01-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-18 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-18 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-11 Includes\TrojansC-04.sbi (*)
2011-01-17 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

ken545 · Jan 23, 2011

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

You need to boot to Safemode with Networkworking to be able to download these programs, if you cant do that then you need to download them from a known clean computer and transfer them by disk to the infected one

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

sauce73 · Jan 23, 2011

Here is the malwarebytes. It didnt remove everything.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5575

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

1/22/2011 10:47:27 PM
mbam-log-2011-01-22 (22-47-27).txt

Scan type: Quick scan
Objects scanned: 157508
Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 97
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86C5840B-80C4-4C30-A655-37344A542009} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.CoreServices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90D9E343-D350-44ba-9329-1AA35B038657} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{85E5E8D1-0B63-4588-A5A0-B927A23F5F60} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90D9E343-D350-44BA-9329-1AA35B038657} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoWeather.WeatherController.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoWeather.WeatherController (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker.1 (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E8BDFF85-F8C2-4281-8669-31253E646518} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8BDFF85-F8C2-4281-8669-31253E646518} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CoreSrv.LfgAx.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAx.Info (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAx.Info.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SeekmoSA (Adware.SeekMo) -> Value: SeekmoSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Value: Gamevance -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Seekmo@Seekmo.com (Adware.SeekMo) -> Value: Seekmo@Seekmo.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And here is the DDS log

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Owner at 23:10:06.08 on Sat 01/22/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3998.3405 [GMT -5:00]

AV: Trend Micro AntiVirus *Enabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro AntiVirus *Enabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:23012
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,C:\Windows\system32\sdra64.exe,
BHO: MRI_DISABLED - No File
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - C:\Program Files (x86)\Gamevance\gvtl.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Gamevance Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - C:\Program Files (x86)\kikin\ie_kikin.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: Gamevance Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SeekmoSA] "C:\Program Files (x86)\Seekmo\bin\11.0.96.0\SeekmoSA.exe"
mRun: [Gamevance] "C:\Program Files (x86)\Gamevance\gamevance32.exe" a
mRun: [kxtkd.exe] "C:\Windows\TEMP\kxtkd.exe"
mRunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD
dRun: [cbssreg] C:\Windows\TEMP\emnbcb.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FROSTW~1.LNK - C:\Program Files (x86)\FrostWire\FrostWire.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116}
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842}
LSP: mswsock.dll
LSP: C:\Windows\system32\lsp1DB2.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
IFEO: explorer.exe - C:\Program Files (x86)\AV8\av8.exe -d
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
mRunOnce-x64: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

============= SERVICES / DRIVERS ===============

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/08/24 03:19:44];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [2009-8-24 89088]
S2 bibpvphk;TeamViewer;C:\Windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
S2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
S2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-10-15 42576]
S2 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-10-12 900360]
S2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]

=============== Created Last 30 ================

2011-01-23 03:44:25 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 03:44:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-22 17:20:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-01-22 03:59:47 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-20 02:14:35 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-20 02:14:35 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-20 01:29:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-01-20 01:28:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-20 01:28:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

==================== Find3M ====================

2010-11-24 19:39:40 12800 ----a-w- C:\Windows\DCEBoot64.exe
2010-11-16 22:15:23 0 ----a-w- C:\Windows\SysWow64\lsp1DB2.tmp
2010-10-28 18:32:42 53248 ---ha-w- C:\Windows\SysWow64\cmstcaui.dll

============= FINISH: 23:10:40.01 ===============

ken545 · Jan 23, 2011

Still more bad stuff to fix. Did you uncheck Whte Smoke, that needs to go also ?

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

sauce73 · Jan 23, 2011

I never unchecked anything. For some reason it didnt check it. But I did earlier try to uninstall whitesmoke, and gamevance. Here are the logs from OTL. Let me know if i need to rerun S&D.
OTL by OldTimer
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

OTL Extras logfile created on: 1/23/2011 11:33:14 AM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 227.03 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 2.03 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.72 Gb Free Space | 99.10% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
"FirewallOverride" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0729FAA6-6086-43D6-934E-D2F706DC0136}" = lport=139 | protocol=6 | dir=in | app=system |
"{416DBAB7-A13D-4BA1-9C56-A8EEE702AF29}" = lport=137 | protocol=17 | dir=in | app=system |
"{4BD3518B-9D20-4F4E-A0D3-BC7B7154FD57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60E1573C-5E8F-4FD8-9022-50792FB83EE7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63CA556A-0043-4717-8B42-CB2E82EF14CD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{76D59F0F-4F18-4E25-B820-4ED657CA58D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{775924C5-8E0A-4A15-8833-77E326005661}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A7DA9754-5DCE-44D7-9362-CCB929E48044}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8410EE6-EC6B-4B9C-A41E-A787A18DEC43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEE55EE1-F217-46CA-929B-A6F1F306F540}" = rport=138 | protocol=17 | dir=out | app=system |
"{B4D87FD7-08AC-46C9-AD07-4FFBC01B4AC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B76A41B9-94B4-48DF-AC6E-8FFF97442054}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C571D3A8-77BB-440D-81B0-D44E9EE84F1C}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7B378F6-B359-4E3D-9971-2B19C90EB30F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDE961A4-EA6B-4E5A-8913-48FE0BA93C41}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E115EF97-7995-4FAF-875B-C952B7E0989F}" = rport=139 | protocol=6 | dir=out | app=system |
"{E648DE92-5570-448F-B098-6675A1F63C3A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF248F4F-2457-435D-A12D-DAA15BB091F1}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074C2D0-2E7A-4A08-9079-F9BC5CA60B8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{1DA2AE5C-CD07-4544-8B0B-559F55949BC8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{2711D101-C9A4-49BD-92EE-7305C66B4D3E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2EA8E80E-6AAE-4D15-AD62-D433CF20207C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{3141A3BB-FC02-4CD7-B0B9-C961A26FEB31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3645B5F5-73AC-49C0-9FC3-C15F1C24E67B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{37972A1A-2451-4CBB-A677-711B991A24C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{50BA8BDD-1F1A-4C08-B291-45644FFCCCA9}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{60F5508F-D4F4-4EC4-9FC3-212FAC6A4F08}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{705BCD47-A276-4D2B-B16E-F821F8CFA8F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{76AF0D91-3FBD-453A-B644-4BBBAE3AC302}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{824CF32A-707A-475B-8DF6-6579D5768FD5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{8993546B-45B1-410D-B602-1F59381EFE0B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{8EB11FF9-2716-4FCB-97E4-AABC96BE6A5A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{96FB22F8-8906-4865-82A0-8CB2007005DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{A6F40284-D9AE-4209-92FC-2851492A8697}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{A7E564DA-1BE8-4928-B954-84335E130EC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AA0801F1-A880-4139-9D36-45CFEA1F063C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B253B807-EA86-4DC4-90B0-FA75A58A7ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D6DF24A2-884A-466C-B1B1-7A165136E952}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{DB859CF5-6C84-4484-B079-53A6C3EB5705}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F4AA6CB2-6C76-40A8-B48D-A983892EFE10}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F7D3207E-247B-46AE-BA33-18642E58E309}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"TCP Query User{4B06E27A-4E50-4655-8177-A66CA19B6E28}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{F29AD14C-0E32-4175-B27F-8C639F644668}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{87EDA900-B86D-419E-8E92-5DEEF2552304}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{C2DDD1B4-D5A3-4273-8E7B-0A97ED9341B9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro AntiVirus
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F00A3A54-C293-8F64-7C6D-9A4C09106FD8}" = Antivirus 2010
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.4
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FrostWire" = FrostWire 4.21.1
"Gamevance" = Gamevance
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"ShoppingReport" = ShopperReports
"System Tool2011" = System Tool2011
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Veetle TV" = Veetle TV 0.9.17

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

ken545 · Jan 23, 2011

We will get rid of Whte Smoke .

With the amount of malware you had lets run this program.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

sauce73 · Jan 23, 2011

I went to ran combofix and it says trend micro is running. I can find no evidence of it running so I tried to uninstall it and wont let me because windows installer couldnt be accessed from safe mode. Do i run combo with it running or is there another way around it?

ken545 · Jan 23, 2011

Try running Combofix in Safemode and run it even if TM is running

sauce73 · Jan 24, 2011

Tried running combofix. I never got to the part where it checked for recovery console. It did however complete 50stages before rebooting. When it rebooted it came out of safe mode and crashed. So I retried in safemode again and when it rebooted I made sure I went back to safe mode and now if it did complete I cant find any txt. Also at certain stages it says it cant run them because access is denied.

ken545 · Jan 24, 2011

The txt file should be here C:\ComboFix.txt

sauce73 · Jan 24, 2011

It says the file is not found. Does this mean combofix didnt finish? Also some file while combofix was running called pev.cfxxe closed.

sauce73 · Jan 24, 2011

I copied and pasted from your text to try to find also.

ken545 · Jan 24, 2011

Lets bypass Combofix for the time being and run this program

Scan With RootKitUnHooker

Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1
Link 2
Link 3
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

sauce73 · Jan 24, 2011

Program wont run. Says Error loading driver, NTSTATUS code: 0xC000035F

ken545 · Jan 24, 2011

Just a heads up, one of the files that Malwarebytes removed was a Banking Info Stealer so if you do any online banking you need to use a known clean computer and change your password, you should also notify your bank that your account could have been compromised.

Try this program in lew of Rootkit unhooker

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

Then run OTL again, I need to see the main report not the extras

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

sauce73 · Jan 25, 2011

ok, here is the gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-24 22:09:18
Windows 6.0.6001 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN IN/MINT
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 676
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager@BackupCount 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 121
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 306038401
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 31
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 60d90739-5869-4b12-ad05-04169e8
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1163
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1005
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 24.159.64.23 24.178.162.3 97.81.22.195
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@DhcpIPAddress 192.168.0.11
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@DhcpServer 192.168.0.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@Lease 3600
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@LeaseObtainedTime 1291777450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@T1 1291779250
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@T2 1291780600
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@LeaseTerminatesTime 1291781050
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@DhcpNameServer 24.159.64.23 24.178.162.3 97.81.22.195
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8ADEF6AC-D873-4E3A-9238-0FCAB52B5612}@DhcpDefaultGateway 192.168.0.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 5462
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 5463
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 5268 5274 5286 5296 5306 5326 5370 5380 5418 5424 5440 5448

---- EOF - GMER 1.0.15 ----

and the OTL

OTL logfile created on: 1/24/2011 10:12:04 PM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.05 Gb Total Space | 227.02 Gb Free Space | 79.64% Space Free | Partition Type: NTFS
Drive D: | 13.04 Gb Total Space | 2.03 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Drive F: | 3.76 Gb Total Space | 3.72 Gb Free Space | 99.10% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

========== Modules (SafeList) ==========

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV:64bit: - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV:64bit: - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe ()
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (nosGetPlusHelper) -- C:\Windows\SysNative\svchost.exe ()
SRV:64bit: - (bibpvphk) -- C:\Windows\SysNative\bibpvphk.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files (x86)\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys ()
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys ()
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\DRIVERS\vsapint.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\DRIVERS\tmtdi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys ()
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

FF - HKLM\software\mozilla\Firefox\Extensions\\Seekmo@Seekmo.com: C:\Program Files (x86)\Seekmo\bin\11.0.96.0\firefox\extensions

[2010/03/17 20:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - File not found
O2 - BHO: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - File not found
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Gamevance] File not found
O4 - HKLM..\Run: [kxtkd.exe] File not found
O4 - HKLM..\Run: [SeekmoSA] File not found
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DW6] C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [HPAdvisor] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4:64bit: - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files (x86)\FrostWire\FrostWire.exe (FrostWire Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\BlackGold1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\BlackGold1.jpg
O27 - HKLM IFEO\explorer.exe: Debugger - C:\Program Files (x86)\AV8\av8.exe -d File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: fltMures - (C:\Windows\system32\cmstcaui.dll) - C:\Windows\SysWOW64\cmstcaui.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/23 21:01:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/23 21:01:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/01/23 20:54:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/23 20:54:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/23 13:25:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/23 13:25:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/23 13:25:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/23 12:14:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/23 11:28:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/22 22:44:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/22 22:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/22 22:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/22 12:39:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/22 12:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/22 12:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/01/22 12:27:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt-setup.exe
[2011/01/22 12:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/01/22 12:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/01/22 11:55:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/21 22:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/21 20:57:49 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Users\Owner\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/19 21:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/19 21:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/19 21:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/01/19 21:11:51 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2011/01/19 20:29:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/01/19 20:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/24 21:53:04 | 000,288,107 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip
[2011/01/23 21:59:14 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/23 21:59:07 | 000,124,980 | ---- | M] () -- C:\Users\Owner\Desktop\RKUnhookerLE.zip
[2011/01/23 21:09:20 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/23 21:09:20 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/23 21:09:20 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/23 21:05:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/23 21:04:58 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2011/01/23 20:45:25 | 004,159,609 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/01/23 20:35:43 | 000,000,732 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/01/23 11:28:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/22 23:10:05 | 000,624,128 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2011/01/22 22:44:25 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 12:37:55 | 000,000,903 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/22 12:37:49 | 000,000,704 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/01/22 12:27:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt-setup.exe
[2011/01/22 12:20:26 | 000,001,888 | ---- | M] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2011/01/21 20:57:49 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Users\Owner\Desktop\avg_free_stb_all_2011_1191_cnet.exe
[2011/01/21 20:49:47 | 000,978,421 | ---- | M] () -- C:\Users\Owner\Desktop\VSAPI-KD-9.205-1002.ZIP
[2011/01/19 21:14:39 | 000,001,057 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/01/19 21:11:53 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Owner\Desktop\spybotsd162.exe
[2011/01/19 20:26:34 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/24 21:52:53 | 000,288,107 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip
[2011/01/23 21:59:02 | 000,124,980 | ---- | C] () -- C:\Users\Owner\Desktop\RKUnhookerLE.zip
[2011/01/23 21:58:40 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/01/23 20:45:14 | 004,159,609 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/01/23 13:25:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/23 13:25:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/23 13:25:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/23 13:25:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/23 13:25:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/22 22:44:25 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 12:37:55 | 000,000,903 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/22 12:37:49 | 000,000,704 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
[2011/01/22 12:27:03 | 000,624,128 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2011/01/22 12:20:26 | 000,001,888 | ---- | C] () -- C:\Users\Owner\Desktop\HijackThis.lnk
[2011/01/21 20:49:27 | 000,978,421 | ---- | C] () -- C:\Users\Owner\Desktop\VSAPI-KD-9.205-1002.ZIP
[2011/01/19 21:14:39 | 000,001,057 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/01/19 21:06:23 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/01/19 20:28:53 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/28 13:32:42 | 000,053,248 | -H-- | C] () -- C:\Windows\SysWow64\cmstcaui.dll
[2009/11/14 17:20:25 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 19:09:07 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/10/12 17:28:40 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2009/10/12 17:28:40 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2009/10/12 17:28:40 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2009/10/12 17:28:38 | 000,608,662 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/24 05:46:43 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/08/24 05:46:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/24 05:46:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/24 05:45:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/24 05:43:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/13 11:52:55 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/13 11:46:32 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/13 11:44:32 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/13 11:43:02 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/12/09 10:35:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2010/11/19 22:57:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\kikin
[2010/10/13 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2010/12/01 10:54:05 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2008/01/20 21:50:16 | 000,033,280 | ---- | M] ()(C:\Windows\SysNative\?ibpvphk.dll) -- C:\Windows\SysNative\аibpvphk.dll
[2008/01/20 21:50:16 | 000,033,280 | ---- | C] ()(C:\Windows\SysNative\?ibpvphk.dll) -- C:\Windows\SysNative\аibpvphk.dll

< End of report >

ken545 · Jan 25, 2011

Good Morning,

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\Windows\SysNative\аibpvphk.dll <-- This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
FF - HKLM\software\mozilla\Firefox\Extensions\\Seekmo@Seekmo.com: C:\Program Files (x86)\Seekmo\bin\11.0.96.0\firefox\extensions
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - File not found
O2 - BHO: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - File not found
O2 - BHO: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - File not found
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Gamevance Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [Gamevance] File not found
O4 - HKLM..\Run: [kxtkd.exe] File not found
O4 - HKLM..\Run: [SeekmoSA] File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - File not found


:Services

:Reg

:Files



:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

sauce73 · Jan 26, 2011

The only file I can find close to that one is c:\windows\system32\aibpvphk.dll

When I go to upload to the scanner I can not find the file while browsing for it. Can i copy it to desktop so I can find it? Or is there options while using their browser to find it to show hidden files?

sauce73 · Jan 26, 2011

I had an error {Access violation at address 005cc7ED in module otl.exe. read of address 00000000. Looks like it made it to 02- BHO: (Whitesmoke toolbar)

ken545 · Jan 26, 2011

Lets bypass that file for the moment, did OTL run ? Can you post the log

Can only run in safe mode

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert