Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Some Applications wont open, and some websites wont load.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 19th, 2011, 9:44 pm

computer is running a bit more smooth. ShopperReports seems to be deleted both the windows uninstall and revo cannot find it.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm
Advertisement
Register to Remove

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 19th, 2011, 10:01 pm

When Combofix started it stated there was a newer version out i downloaded it.

ComboFix 11-05-18.04 - Moshe 05/19/2011 18:49:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2402 [GMT -7:00]
Running from: c:\users\Moshe\Desktop\cfsky.exe
Command switches used :: c:\users\Moshe\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe"
"c:\windows\SysWow64\slwc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object
c:\program files (x86)\Object\cartoonly\build.sh
c:\program files (x86)\Object\cartoonly\chrome.manifest
c:\program files (x86)\Object\cartoonly\config_build.sh
c:\program files (x86)\Object\cartoonly\content\._sudoku.js
c:\program files (x86)\Object\cartoonly\content\.DS_Store
c:\program files (x86)\Object\cartoonly\content\firefoxOverlay.xul
c:\program files (x86)\Object\cartoonly\content\installid.js
c:\program files (x86)\Object\cartoonly\content\overlay.js
c:\program files (x86)\Object\cartoonly\content\sudoku.js
c:\program files (x86)\Object\cartoonly\defaults\.DS_Store
c:\program files (x86)\Object\cartoonly\defaults\preferences\.DS_Store
c:\program files (x86)\Object\cartoonly\defaults\preferences\sudoku.js
c:\program files (x86)\Object\cartoonly\files
c:\program files (x86)\Object\cartoonly\install.rdf
c:\program files (x86)\Object\cartoonly\locale\.DS_Store
c:\program files (x86)\Object\cartoonly\locale\en-US\.DS_Store
c:\program files (x86)\Object\cartoonly\locale\en-US\sudoku.dtd
c:\program files (x86)\Object\cartoonly\locale\en-US\sudoku.properties
c:\program files (x86)\Object\cartoonly\readme.txt
c:\program files (x86)\Object\cartoonly\skin\overlay.css
c:\program files (x86)\Object\cartoonly_uninstall.exe
c:\program files (x86)\Object\config.ini
c:\program files\Babylon
c:\windows\SysWow64\slwc.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\GAmes\AppData\Local\temp
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-05-19 03:18 . 2011-05-19 03:24 -------- d-----w- c:\users\Moshe\.ranktracker
2011-05-19 03:17 . 2011-05-19 03:18 -------- d-----w- c:\program files (x86)\SEO PowerSuite
2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\program files (x86)\Avira
2011-05-17 10:48 . 2011-04-02 00:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-17 10:48 . 2011-04-02 00:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-17 10:35 . 2011-05-17 10:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-05-16 00:24 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-05-16 00:24 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-16 00:24 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\programdata\QuestScan
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-15 09:55 . 2011-05-15 09:56 -------- d-----w- c:\users\Moshe\AppData\Local\Nero
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-05-13 11:31 . 2011-05-13 11:34 -------- d-----w- c:\users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31 . 2011-05-13 11:31 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-13 11:30 . 2011-05-13 11:31 -------- d-----w- c:\program files\TrueCrypt
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\Yzshadow
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\RocketDock
2011-05-12 22:33 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-05-12 22:33 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33 . 2006-12-04 00:15 111104 ----a-w- c:\windows\SysWow64\Uharc.exe
2011-05-12 22:33 . 2006-12-04 00:14 8636 ----a-w- c:\windows\SysWow64\modifype.exe
2011-05-06 00:44 . 2011-05-06 05:10 -------- dc----w- c:\users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54 . 2011-05-05 01:03 -------- d-----w- c:\users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48 . 2011-05-04 09:48 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46 . 2011-05-04 09:46 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-05-03 10:22 . 2011-05-03 10:22 53248 ----a-r- c:\users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22 . 2011-05-03 10:22 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-05-03 10:22 . 2011-05-03 10:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-05-03 10:19 . 2009-11-11 22:17 729600 ----a-w- c:\windows\system32\cohelper.dll
2011-05-03 10:19 . 2009-11-11 16:22 9548 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-27 23:44 . 2011-04-27 23:44 -------- d-----w- c:\users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43 . 2011-05-03 09:11 -------- d-----w- c:\program files (x86)\ServeToMe
2011-04-24 05:50 . 2011-05-03 09:11 -------- d-----w- c:\programdata\Media Get LLC
2011-04-24 05:36 . 2011-04-24 05:50 -------- d-----w- c:\users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47 . 2011-04-23 01:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32 . 2011-05-13 16:23 -------- d-----w- c:\users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39 . 2011-05-03 08:57 -------- d-----w- c:\program files\iPod
2011-04-22 03:39 . 2011-05-03 09:11 -------- d-----w- c:\program files\iTunes
2011-04-22 03:37 . 2011-05-03 09:11 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 22:33 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-05-12 22:33 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-12 22:33 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-04-11 09:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-11 09:58 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 09:19 . 2011-04-11 09:19 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-04-10 01:55 . 2011-04-10 01:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-10 01:55 . 2011-04-10 01:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-21 13:58 . 2011-01-26 08:14 152064 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-19 15:06 . 2011-01-26 08:14 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-19 15:04 . 2011-01-26 08:14 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-16 00:40 . 2011-03-16 00:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 13086208 ----a-w- c:\windows\system32\ieframe.dll.stp
2011-03-16 00:40 . 2011-03-16 00:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 00:39 . 2011-03-16 00:39 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 00:39 . 2011-03-16 00:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 00:39 . 2011-03-16 00:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 144384 ----a-w- c:\windows\system32\cdd.dll
2011-03-16 00:39 . 2011-03-16 00:39 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll.stp
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 206848 ----a-w- c:\windows\system32\mfps.dll
2011-03-16 00:39 . 2011-03-16 00:39 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_10.50.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-17 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-17 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-17 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-08 12:00 . 2011-05-18 11:07 98524 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-18 11:07 56170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-08 11:41 . 2011-05-18 11:07 22786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3266427099-1654195687-2890988620-1001_UserData.bin
+ 2009-11-08 11:36 . 2011-05-18 11:05 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-08 11:36 . 2011-05-18 10:49 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 23:18 . 2011-05-18 11:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 23:18 . 2011-05-18 10:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-18 11:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-18 10:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 11:05 . 2011-05-18 11:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-17 22:35 . 2011-05-17 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-18 11:05 . 2011-05-18 11:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-17 22:35 . 2011-05-17 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-17 22:33 544972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-18 11:03 544972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-05-17 12:35 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-05-18 13:08 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-04-30 09:17 . 2011-05-18 11:03 16039034 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3266427099-1654195687-2890988620-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2011-01-27 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2011-01-27 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-16 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001Core.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001UA.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Moshe.job
- c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-01-10 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-07-01 291872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-12 172032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 2345848]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-cartoonly - c:\program files (x86)\Object\cartoonly_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3a,8d,38,65,cd,ba,ed,60,49,2a,2c,96,f3,f0,a1,c9,87,5f,a5,06,ac,68,2b,
d4,b5,9a,4c,2d,fc,61,b5,6c,51,6d,e6,fd,c2,51,24,4f,cc,49,1f,7b,68,8a,77,6b,\
"??"=hex:55,49,5f,38,8c,63,1b,2b,7c,7a,62,ef,a5,dd,dd,db
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\License information*]
"datasecu"=hex:df,ae,52,57,96,ce,23,12,b8,68,76,f9,9c,d5,e8,c9,3e,05,45,98,e5,
d2,a0,c4,f2,9c,c0,0d,e2,80,f9,68,4a,24,6e,40,2c,28,aa,cf,cc,b7,ab,03,3a,ca,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-19 18:57:51
ComboFix-quarantined-files.txt 2011-05-20 01:57
ComboFix2.txt 2011-05-18 10:52
.
Pre-Run: 31,399,403,520 bytes free
Post-Run: 31,240,773,632 bytes free
.
- - End Of File - - 546275E6DA74A201B8E7B112E7B0A6F3
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 19th, 2011, 10:55 pm

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 19:54:54
Windows 6.1.7600
Running: zvdcrvhl.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0xF1 0x4C 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x37 0x8D 0xCF 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x68 0xF2 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xEF 0x53 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB2 0x5B 0xEC 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xEE 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0x50 0xD9 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x03 0xA5 0xE5 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x61 0x86 0xE3 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x69 0x8F 0xDC 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3A 0xF1 0x4C 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x37 0x8D 0xCF 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBA 0x68 0xF2 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xEF 0x53 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB2 0x5B 0xEC 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 2
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0xAE 0xEE 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x01 0x50 0xD9 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x03 0xA5 0xE5 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x61 0x86 0xE3 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x69 0x8F 0xDC 0x83 ...

---- EOF - GMER 1.0.15 ----
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 21st, 2011, 4:24 am

Hi, Will your applications open now and has stop crashing?
Does the website you suggested load now?

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Malwarebytes' Anti-Malware
  • Please run Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 24th, 2011, 3:42 am

Hi MarkA

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 24th, 2011, 3:53 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/21/2011 11:59:58 PM
mbam-log-2011-05-21 (23-59-58).txt

Scan type: Quick scan
Objects scanned: 143067
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 24th, 2011, 3:54 am

im not sure about one application that keeps crashing i need to find the cd to launch it
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 24th, 2011, 3:58 am

this is after i updated malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6661

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/24/2011 12:58:21 AM
mbam-log-2011-05-24 (00-58-21).txt

Scan type: Quick scan
Objects scanned: 187938
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 24th, 2011, 9:46 am

Step 1.
ATF Cleaner
Please download ATF Cleaner ... by Atribune. Alternate download site: here.
This program is for XP and Windows 2000 only!. It does not require any installation and uses minimal system resources.
It is set up to clean IE, FireFox and Opera, detecting the browsers you have and grays out the other(s).

  1. Double-click ATF-Cleaner.exe to run the program.
  2. Under Main choose: Select All
    Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
  3. Click the Empty Selected button.
      If you use Firefox browser
    • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      If you use Opera browser
    • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    • Click the Empty Selected button.
      NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
  4. Reply OK to the total bytes removed...box, then click Exit on the Main menu to close the program.

Step 2.
Please disable your Anti Virus AND Anti Spywares Programs before running this scan.

Step 3.
Kaspersky Online Scanner.
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 26th, 2011, 2:07 pm

3 Day Response
Hi...
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 27th, 2011, 2:47 am

working on it
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 27th, 2011, 3:02 am

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.



Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby Alander » May 27th, 2011, 5:58 am

Hi lets try an alternative

ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 27th, 2011, 6:55 am

Running it now. Thanks for your patience and help thus far, it is greatly appreciated.
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm

Re: Some Applications wont open, and some websites wont load

Unread postby MarkA » May 27th, 2011, 4:30 pm

A:\Blonder\Documents and Settings\Eynat\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar Win32/Adware.Gamevance.Gen application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache1326079376391305830.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache6940860146275876399.tmp a variant of Java/Exploit.CVE-2010-0842.L trojan
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\OCSetupHlp.dll Win32/OpenCandy application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application
A:\Blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application
A:\Blonder\Program Files\DictionaryBoss\bar\1.bin\v4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
A:\Blonder\Program Files\DictionaryBoss\bar\1.bin\v4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application
A:\Blonder\Program Files\DictionaryBoss\bar\1.bin\v4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
A:\Blonder\Program Files\DictionaryBoss\bar\1.bin\v4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL a variant of Win32/Toolbar.MyWebSearch.M application
A:\Blonder\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Win32/FunWeb application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
A:\Blonder\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
A:\Blonder\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
A:\Blonder\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
A:\Blonder\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
A:\Blonder\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
A:\Blonder\Program Files\Winferno\PC Confidential\PCConfidential.exe Win32/Adware.PCConfidential application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperReports3\bin\3.1.69.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application
C:\Users\Moshe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\79a45a3b-1a035cbd multiple threats
C:\Users\Moshe\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110430043854922.rsc a variant of Win32/Adware.GoodMedia.B application
C:\Users\Moshe\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110509143946935.rsc multiple threats
C:\Users\Moshe\Desktop\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest\DTPro4300305.exe NSIS/TrojanDownloader.Agent.NCA trojan
D:\PowerISO 4.3.rar a variant of Win32/Keygen.AF application
D:\downloads 4-14-10\videora-ipod-503-setup.exe Win32/OpenCandy application
D:\Installs\Driver_Genius_9_Professional_US_Full.EXE probably a variant of Win32/Agent.BJSCQS trojan
D:\MOSHE-PC\Backup Set 2010-01-18 231827\Backup Files 2010-01-18 231827\Backup files 8.zip Win32/OpenCandy application
D:\MOSHE-PC\Backup Set 2010-02-14 004634\Backup Files 2010-02-14 004634\Backup files 9.zip Win32/OpenCandy application
D:\New stuff\SmitfraudFix.exe multiple threats
Q:\Downloads Backup\Miro_Installer.exe Win32/Toolbar.Zugo application
Q:\Downloads Backup\videora-ipod-503-setup.exe Win32/OpenCandy application
T:\Completed Downloads\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar NSIS/TrojanDownloader.Agent.NCA trojan
MarkA
Regular Member
 
Posts: 27
Joined: May 13th, 2011, 9:07 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 353 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware