65 replies to this topic

[vossy]

I made the mistake of letting someone try to clean my computer. Now the only way I can use it is in safemode. It is a Toshiba with windows Vista. It only has a gig of ram but that is all I can afford now. Hope someone here can help. Here is the logfile from malwarebytes the first time I run it.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6028

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16575

3/11/2011 8:39:07 PM
mbam-log-2011-03-11 (20-39-06).txt

Scan type: Quick scan
Objects scanned: 157644
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 122
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 93

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Seekeen (PUP.Zwangi) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\System32\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Local\Temp\jnlpcv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Local\Temp\kaguqg.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Local\Temp\kjvmtt.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Local\Temp\kscgpi.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\antivir-3ab37c3_2002-8(2).exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\antivir-3ab37c3_2002-8.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\movie.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\quicktime_update_kb760222.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\setup(2).exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\setup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\setup_build8_208.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\clint\downloads\smileycentralpfsetup2.3.50.57.znfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\Users\clint\AppData\Local\Temp\0.3945852952999592.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\clint\local settings\application data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\firefox\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and d@
Ú<lly.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - comapre product prices.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper - compare travel rate.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\smartshopper help.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.

[vossy]

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A135
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 120):
0x82400000 \SystemRoot\system32\ntoskrnl.exe
0x82795000 \SystemRoot\system32\hal.dll
0x806C6000 \SystemRoot\system32\kdcom.dll
0x80666000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8065D000 \SystemRoot\system32\PSHED.dll
0x80655000 \SystemRoot\system32\BOOTVID.dll
0x8061A000 \SystemRoot\system32\CLFS.SYS
0x80539000 \SystemRoot\system32\CI.dll
0x804BE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x804B1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8046E000 \SystemRoot\system32\drivers\acpi.sys
0x80465000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8045D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80438000 \SystemRoot\system32\drivers\pci.sys
0x80429000 \SystemRoot\system32\drivers\volmgr.sys
0x8041F000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8041C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80412000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80402000 \SystemRoot\System32\drivers\mountmgr.sys
0x82FF9000 \SystemRoot\system32\drivers\intelide.sys
0x82FEB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FC1000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82F77000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F6C000 \SystemRoot\system32\DRIVERS\iviVD.sys
0x82F46000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x82F3E000 \SystemRoot\system32\drivers\atapi.sys
0x82F20000 \SystemRoot\system32\drivers\ataport.SYS
0x82EEF000 \SystemRoot\system32\drivers\fltmgr.sys
0x82EDF000 \SystemRoot\system32\drivers\fileinfo.sys
0x82ED6000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82DD2000 \SystemRoot\system32\drivers\ndis.sys
0x82DA7000 \SystemRoot\system32\drivers\msrpc.sys
0x82D6E000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C66000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83396000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C30000 \SystemRoot\system32\drivers\volsnap.sys
0x82C2B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x82C14000 \SystemRoot\System32\drivers\partmgr.sys
0x82C05000 \SystemRoot\System32\Drivers\mup.sys
0x83371000 \SystemRoot\System32\drivers\ecache.sys
0x83360000 \SystemRoot\system32\drivers\disk.sys
0x8333F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83336000 \SystemRoot\system32\drivers\crcdisk.sys
0x8729B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8317A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x871F9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x87178000 \SystemRoot\system32\DRIVERS\athr.sys
0x87165000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8715A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8711D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8710F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x83067000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87101000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x870EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x870E3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x870B8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x873B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x870AD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x870A9000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x87091000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x873A4000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x87066000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x87026000 \SystemRoot\system32\DRIVERS\storport.sys
0x8701B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87001000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x89BF5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89BD2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8316B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89ACF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89AE2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x873B5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89AA5000 \SystemRoot\system32\DRIVERS\ks.sys
0x89A9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89A8E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89A4A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x83087000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8720B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x89A03000 \SystemRoot\System32\Drivers\Null.SYS
0x899FC000 \SystemRoot\System32\Drivers\Beep.SYS
0x899F0000 \SystemRoot\System32\drivers\vga.sys
0x899CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x899C2000 \SystemRoot\System32\drivers\watchdog.sys
0x872EA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89997000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89989000 \SystemRoot\System32\Drivers\Npfs.SYS
0x87214000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x898B8000 \SystemRoot\System32\drivers\tcpip.sys
0x8989F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8988A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89876000 \SystemRoot\system32\DRIVERS\smb.sys
0x8982F000 \SystemRoot\system32\drivers\afd.sys
0x89FCE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89819000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8980B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89F93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x89801000 \SystemRoot\system32\drivers\nsiproxy.sys
0x89F7C000 \SystemRoot\System32\Drivers\dfsc.sys
0x89F25000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8721D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x83153000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89F0B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87226000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x87302000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x872B1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x872A6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8730A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90A00000 \SystemRoot\System32\win32k.sys
0x89C66000 \SystemRoot\System32\drivers\Dxapi.sys
0x90800000 \SystemRoot\System32\drivers\dxg.sys
0x90820000 \SystemRoot\System32\TSDDD.dll
0x90830000 \SystemRoot\System32\framebuf.dll
0x91345000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x89E91000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F02E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8F073000 \SystemRoot\System32\drivers\mpsdrv.sys
0x91267000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9122E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9121C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9101F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77650000 \Windows\System32\ntdll.dll

Processes (total 25):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
452 csrss.exe
488 csrss.exe
496 C:\Windows\System32\wininit.exe
540 C:\Windows\System32\winlogon.exe
568 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1636 C:\Windows\explorer.exe
664 C:\Windows\System32\wbem\unsecapp.exe
892 WmiPrvSE.exe
2024 C:\Windows\System32\igfxsrvc.exe
864 C:\Users\clint\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2100BH, Rev: 00000012

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

[vossy]

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by clint at 19:26:05.06 on Mon 03/14/2011
Internet Explorer: 7.0.6000.16575
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.573 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Users\clint\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.charter.net/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\clint\appdata\roaming\mozilla\firefox\profiles\aae4dw3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=OitnnaFPKSUdRaaqQ6ssZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seekeen: {DB390D2E-0FB4-413F-B039-AE342D1D40BA} - c:\program files\mozilla firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Charter Toolbar: {2104C0F5-952D-443c-AFCD-8F892F991F55} - %profile%\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
FF - Ext: Charter Update: {fa8cb1bd-1442-439c-8225-b8b16983d9b7} - %profile%\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\clint\appdata\roaming\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
.
=============== Created Last 30 ================
.
2011-03-14 01:23:50 -------- d-----w- c:\users\clint\appdata\roaming\SUPERAntiSpyware.com
2011-03-14 01:23:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-13 02:13:25 -------- d-----w- c:\users\clint\DoctorWeb
2011-03-13 01:29:18 -------- d-----w- c:\users\clint\appdata\local\temp
2011-03-13 01:28:38 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-13 01:10:12 -------- d-----w- c:\program files\Glary Registry Repair
2011-03-13 00:05:34 -------- d-----w- c:\program files\Glarysoft
2011-03-12 03:25:25 -------- d-----w- c:\users\clint\appdata\roaming\GlarySoft
2011-03-12 03:25:16 -------- d-----w- c:\program files\Quick Startup
2011-03-12 02:36:36 -------- d-----w- c:\program files\CCleaner
2011-03-12 02:32:17 -------- d-----w- c:\program files\ESET
2011-03-12 02:06:23 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-12 01:53:02 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-03-12 01:31:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 01:31:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 01:31:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
.
============= FINISH: 19:26:54.96 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2007 9:59:04 AM
System Uptime: 3/14/2011 7:04:14 PM (0 hours ago)
.
Motherboard: TOSHIBA | | IAKAA
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1728/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 92 GiB total, 23.716 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
Activation Assistant for the 2007 Microsoft Office suites
Active@ ISO File Manager v 3.1
Adobe Flash Player 10 ActiveX
Advertising Center
AIM 7
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AudibleManager
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
Charter Browser Updater
Chuzzle Deluxe
Cisco Clean Access Agent
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Desktop Dialer
Disk SpeedUp 1.2.0.319
DivX Plus Web Player
DolbyFiles
Download Updater (AOL LLC)
DVD MovieFactory for TOSHIBA
DVD Shrink 3.2
ESET Online Scanner v3
FATE
Google Toolbar for Internet Explorer
ImagXpress
Intel® Graphics Media Accelerator Driver
iTunes
Java™ SE Runtime Environment 6
JEOPARDY
Malwarebytes' Anti-Malware
MansionPoker
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Works
Microsoft XML Parser
Move Media Player
Movie Templates - Starter Kit
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MySpaceIM
Nero 7
Nero 9 Trial
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart Help
Nero Vision
Nero WaveEditor Help
NeroLiveGadget
NeroLiveGadget Help
neroxml
OGA Notifier 2.0.0048.0
Palm
Penguins!
Quick Startup 2.8.0.718
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
SCRABBLE
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sun CD/DVD Burner
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Utility Common Driver
VideoLAN VLC media player 0.8.6d
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
WinDVD for TOSHIBA
Winferno Registry Power Cleaner
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Search Protection
Yahoo! Software Update
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
3/14/2011 7:04:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:39:52 PM on 3/13/2011 was unexpected.
3/13/2011 6:15:32 PM, Error: EventLog [6008] - The previous system shutdown at 6:09:39 PM on 3/13/2011 was unexpected.
3/13/2011 6:00:58 PM, Error: EventLog [6008] - The previous system shutdown at 4:38:21 PM on 3/13/2011 was unexpected.
3/12/2011 8:57:05 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
3/12/2011 8:56:58 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
3/12/2011 8:38:57 AM, Error: EventLog [6008] - The previous system shutdown at 10:34:37 PM on 3/11/2011 was unexpected.
3/12/2011 8:20:59 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/12/2011 6:38:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
3/12/2011 4:48:23 PM, Error: EventLog [6008] - The previous system shutdown at 9:16:21 AM on 3/12/2011 was unexpected.
3/12/2011 11:04:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ConfigFree Service service to connect.
3/11/2011 9:56:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
3/11/2011 9:55:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/11/2011 9:52:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/11/2011 9:50:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tosrfcom
3/11/2011 9:50:30 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
3/11/2011 9:29:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Tosrfcom Wanarpv6
3/11/2011 9:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/11/2011 8:25:55 PM, Error: Schannel [36865] - A fatal error occurred while opening the system DSS cryptographic module. Operations that require the SSL or TLS cryptographic protocols will not work correctly. The error code is 0x8009001d.
3/11/2011 8:22:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/11/2011 8:16:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:11:06 PM on 3/11/2011 was unexpected.
3/11/2011 8:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/11/2011 8:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/11/2011 8:03:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/11/2011 8:03:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/11/2011 7:50:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Tosrfcom Wanarpv6
3/11/2011 7:50:26 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 13 (0xD).
3/11/2011 7:50:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/11/2011 7:49:17 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=23) while initializing logging resources for channel Security.
3/11/2011 10:34:08 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/11/2011 10:10:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
.
==== End Of File ===========================

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  
• Please refrain from running tools or applying updates other than those I suggest.
  
• Never run more than one scan at a time.
  
• Keep updating me regarding your computer behavior, good, or bad.
  
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================================================

I still need GMER log.

[vossy]

I got a blue screen when I was running gmer and the computer restarts.

[Broni]

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Report tab, then click Scan.
  
• Check Drivers, Stealth, and uncheck the rest.
  
• Click OK.
  
• Wait until it's finished and then go to File > Save Report.
  
• Save the report to your Desktop.
  
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

[vossy]

I get error

Attached Images

• 

[Broni]

My bad, sorry.
It won't run in Safe Mode.
I forgot, you can't access normal mode.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• If not, delete the file, then download and use the one provided in Link 2.
  
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  
• Do not reboot until instructed.
  
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[vossy]

ComboFix 11-03-14.01 - clint 03/14/2011 19:50:56.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.646 [GMT -4:00]
Running from: c:\users\clint\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 23:58 . 2011-03-14 23:58 -------- d-----w- c:\users\clint\AppData\Local\temp
2011-03-14 23:48 . 2011-03-14 23:49 -------- d-----w- C:\32788R22FWJFW
2011-03-14 23:42 . 2011-03-14 23:42 -------- d-----w- c:\program files\7-Zip
2011-03-14 23:40 . 2011-03-14 23:45 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-14 01:23 . 2011-03-14 01:23 -------- d-----w- c:\users\clint\AppData\Roaming\SUPERAntiSpyware.com
2011-03-14 01:23 . 2011-03-14 01:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-13 03:19 . 2011-03-13 03:19 -------- d-----w- c:\windows\BDOSCAN8
2011-03-13 02:13 . 2011-03-14 01:05 -------- d-----w- c:\users\clint\DoctorWeb
2011-03-13 01:10 . 2011-03-13 01:10 -------- d-----w- c:\program files\Glary Registry Repair
2011-03-13 00:05 . 2011-03-13 00:05 -------- d-----w- c:\program files\Glarysoft
2011-03-12 03:25 . 2011-03-13 01:11 -------- d-----w- c:\users\clint\AppData\Roaming\GlarySoft
2011-03-12 03:25 . 2011-03-12 03:25 -------- d-----w- c:\program files\Quick Startup
2011-03-12 02:36 . 2011-03-12 02:36 -------- d-----w- c:\program files\CCleaner
2011-03-12 02:32 . 2011-03-12 02:32 -------- d-----w- c:\program files\ESET
2011-03-12 02:06 . 2011-03-12 02:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-12 01:53 . 2006-11-29 04:12 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-03-12 01:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 01:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 01:31 . 2011-03-12 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^clint^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Palm Registration.lnk]
path=c:\users\clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palm Registration.lnk
backup=c:\windows\pss\Palm Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 20:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-29 03:09 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-11-29 04:17 106496 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-11-29 04:14 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 01:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2010-07-02 16:39 34045896 ----a-w- c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27 9117696 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-10 01:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-11-29 04:13 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegPowerClean]
2007-04-12 19:24 5980160 ----a-w- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-21 04:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-10-27 21:50 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 qgfwohtiq;qgfwohtiq;c:\windows\system32\drivers\gssflsean.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2009-04-15 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-22 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
FF - ProfilePath - c:\users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\aae4dw3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=OitnnaFPKSUdRaaqQ6ssZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seekeen: {DB390D2E-0FB4-413F-B039-AE342D1D40BA} - c:\program files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Charter Toolbar: {2104C0F5-952D-443c-AFCD-8F892F991F55} - %profile%\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
FF - Ext: Charter Update: {fa8cb1bd-1442-439c-8225-b8b16983d9b7} - %profile%\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\clint\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 19:58
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????['C~????\?8?\?p?\???\???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-14 19:59:37
ComboFix-quarantined-files.txt 2011-03-14 23:59
.
Pre-Run: 25,263,185,920 bytes free
Post-Run: 25,392,836,608 bytes free
.
- - End Of File - - 923B04A696C4DFE1AA0BC73AAB264798

[vossy]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/14/2011 at 20:30:39.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 03/14/2011 at 20:31:08.

[Broni]

I can see couple of registry cleaners there, Glary Registry Repair and RegistryPowerCleaner, which are always a bad news and which may be a part of your problem.
I suggest, you uninstall them, as soon, as possible.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\gssflsean.sys

Driver::
qgfwohtiq

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

[vossy]

After three times manually turning off the pc I was able to get log. The first time I got error and the computer restarted. It continued to do the combofix and then I got another error. Finally got the log.
I sure hope we can save the operating system because I cannot find my restore disks. I also removed the registry programs. That could have caused the errors but it is running again.

ComboFix 11-03-14.02 - clint 03/14/2011 21:17:47.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.611 [GMT -4:00]
Running from: c:\users\clint\Desktop\ComboFix.exe
Command switches used :: c:\users\clint\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\gssflsean.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QGFWOHTIQ
-------\Service_qgfwohtiq
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-15 01:24 . 2011-03-15 01:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-15 01:24 . 2011-03-15 01:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-15 01:24 . 2011-03-15 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 23:59 . 2011-03-15 01:33 -------- d-----w- c:\users\clint\AppData\Local\temp
2011-03-14 23:42 . 2011-03-14 23:42 -------- d-----w- c:\program files\7-Zip
2011-03-14 23:40 . 2011-03-14 23:45 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-03-14 01:23 . 2011-03-14 01:23 -------- d-----w- c:\users\clint\AppData\Roaming\SUPERAntiSpyware.com
2011-03-14 01:23 . 2011-03-14 01:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-13 03:19 . 2011-03-13 03:19 -------- d-----w- c:\windows\BDOSCAN8
2011-03-13 02:13 . 2011-03-14 01:05 -------- d-----w- c:\users\clint\DoctorWeb
2011-03-13 00:05 . 2011-03-13 00:05 -------- d-----w- c:\program files\Glarysoft
2011-03-12 03:25 . 2011-03-15 01:11 -------- d-----w- c:\users\clint\AppData\Roaming\GlarySoft
2011-03-12 03:25 . 2011-03-12 03:25 -------- d-----w- c:\program files\Quick Startup
2011-03-12 02:36 . 2011-03-12 02:36 -------- d-----w- c:\program files\CCleaner
2011-03-12 02:32 . 2011-03-12 02:32 -------- d-----w- c:\program files\ESET
2011-03-12 02:06 . 2011-03-12 02:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-12 01:53 . 2006-11-29 04:12 155648 ----a-w- c:\windows\system32\igfxres.dll
2011-03-12 01:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 01:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 01:31 . 2011-03-12 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^clint^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Palm Registration.lnk]
path=c:\users\clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Palm Registration.lnk
backup=c:\windows\pss\Palm Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 20:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-29 03:09 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-11-29 04:17 106496 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
2006-11-01 16:06 413696 ----a-w- c:\program files\Toshiba\Utilities\HWSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-11-29 04:14 98304 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2006-11-07 01:14 34352 ----a-w- c:\program files\Toshiba\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-12-16 10:41 188416 ----a-w- c:\program files\ltmoh\ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2010-07-02 16:39 34045896 ----a-w- c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27 9117696 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-10 01:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-11-29 04:13 81920 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
2006-07-20 20:45 151552 ----a-w- c:\toshiba\IVP\ISM\pinger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-11-09 18:57 3784704 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
2006-01-19 00:06 421888 ----a-w- c:\program files\Toshiba\Utilities\SVPWUTIL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-21 04:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-10-27 21:50 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R3 Normandy;Normandy SR2; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
FF - ProfilePath - c:\users\clint\AppData\Roaming\Mozilla\Firefox\Profiles\aae4dw3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.charter.net/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000&fl=0&ptb=OitnnaFPKSUdRaaqQ6ssZA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Seekeen: {DB390D2E-0FB4-413F-B039-AE342D1D40BA} - c:\program files\Mozilla Firefox\extensions\{DB390D2E-0FB4-413F-B039-AE342D1D40BA}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Charter Toolbar: {2104C0F5-952D-443c-AFCD-8F892F991F55} - %profile%\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
FF - Ext: Charter Update: {fa8cb1bd-1442-439c-8225-b8b16983d9b7} - %profile%\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\clint\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-RegPowerClean - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????['C~????\?8?\?p?\???\???
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\helppane.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-14 21:37:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 01:37
ComboFix2.txt 2011-03-14 23:59
.
Pre-Run: 25,441,415,168 bytes free
Post-Run: 25,411,264,512 bytes free
.
- - End Of File - - 075A0DA4DCA2AD9F3D4DD42589756A01

[Broni]

Did you try to start in normal mode after running Combofix?

[vossy]

I will now and let you know.

[Broni]

OK.

[vossy]

I am in windows without using safemode but it is real slow. It does work better. It took forever to boot. I know the ram is not enough but this computer was much faster than this when I first got it. Clint

[vossy]

It seems to respond faster now that everthing is loaded. Something you did made it faster. I will wait on more instructions but will probably wait until Tuesday. I have not got used to daylight saving time and need some sleep. Thanks and will check back tomorrow. Clint

[Broni]

Very good :)

First of all, update MBAM, run "Quick scan" and post new log.

[vossy]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6059

Windows 6.0.6000
Internet Explorer 7.0.6000.16575

3/14/2011 10:35:09 PM
mbam-log-2011-03-14 (22-35-09).txt

Scan type: Quick scan
Objects scanned: 162961
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Broni]

Cool :)

Run RKUnhooker for me now, please.