alazuria

Yes, it finally installed correctly, along with all the others. Thank you again!

Microsoft Fix It said it was processed. I checked Windows Update again, and couldn't find anymore available updates.

All 28 updates succeeded except for Definition Update for Windows Defender - KB915597 (Definition 1.131.1547.0) Installation date: ‎8/‎10/‎2012 10:50 AM Installation status: Failed Error details: Code 800705B4 Update type: Important

Thank you so much! Windows Updates are working again and I can easily find BITS in the Services now.

Farbar Service Scanner Version: 06-08-2012 Ran by sheila (administrator) on 10-08-2012 at 09:56:01 Running from "C:\Users\sheila\Downloads" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****

Thank you. Hitman pro did find some viruses and tracking cookies, but nothing too major. Removing the problems still didn't solve my Windows Update problem, so I may need professional help regarding this issue. Windows Vista forums as well as Microsoft are unhelpful.

I was recently hit with tons of malware, trojans and other problems that attacked my registry, and I received help here but I still can't run windows updates because of a 80246008 error. I've searched threads and Google for possible solutions and none of them have worked for me. Most threads suggest changing settings for the Background Intelligent Transfer Service, but my BITS program is missing from the Services. I'm not even sure if this is the right thread to post something like this in. Any help would be appreciated.

Everything is running smoothly. Shut downs, log ins, rebooting the laptop is so much easier and works much faster. It's almost as if the laptop is brand new. Is there anything else I need to do?

This was the only log I found ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

Sorry, your original instructions confused me a bit. I think this is what you meant. My apologies. ComboFix 12-08-07.02 - sheila 08/07/2012 8:09.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1905 [GMT -4:00] Running from: c:\users\sheila\Desktop\ComboFix.exe Command switches used :: c:\users\sheila\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))) . . 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-07 12:33 . 2012-08-07 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll 2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-07 08:33 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2676) c:\windows\system32\ACTXPRXY.DLL c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll c:\program files\Norton Security Suite\Engine\5.2.2.3\ccIPC.dll c:\program files\Norton Security Suite\Engine\5.2.2.3\ccGEvt.dll c:\windows\system32\mssprxy.dll . Completion time: 2012-08-07 08:39:42 ComboFix-quarantined-files.txt 2012-08-07 12:39 ComboFix2.txt 2012-08-07 00:03 ComboFix3.txt 2012-08-06 12:30 . Pre-Run: 182,438,207,488 bytes free Post-Run: 182,392,610,816 bytes free . - - End Of File - - B8B179B65D4A03FC56CC13D3F75C7421

Then I'm not sure I understand your instructions. You want me to save it as a .txt file to my desktop then drag it into the ComboFix icon?

ComboFix 12-08-05.02 - sheila 08/06/2012 19:27:58.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1930 [GMT -4:00] Running from: c:\users\sheila\Desktop\ComboFix.exe Command switches used :: c:\users\sheila\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-06 23:51 . 2012-08-06 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-06 10:25 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 06:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 03:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-04 03:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-08-04 03:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-04 03:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-08-04 03:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-08-04 03:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-04 03:40 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39B4C142-238B-4852-BCD4-4593264C2630}\mpengine.dll 2012-08-04 03:40 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 03:40 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 23:08 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 19:51 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5100) c:\windows\system32\ACTXPRXY.DLL c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll c:\windows\system32\mssprxy.dll . Completion time: 2012-08-06 20:03:11 ComboFix-quarantined-files.txt 2012-08-07 00:02 ComboFix2.txt 2012-08-06 12:30 . Pre-Run: 183,398,924,288 bytes free Post-Run: 182,432,690,176 bytes free . - - End Of File - - 00AE72F20A85BCC2EFFEE6594C0D89CD

ComboFix 12-08-05.02 - sheila 08/06/2012 6:39.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1751 [GMT -4:00] Running from: c:\users\sheila\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\intellidownload\gunzip.exe c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\program files\Shop to Win c:\program files\Shop to Win\Test.htm c:\program files\Shop to Win\TestFeeds\DisableStatus.xml c:\program files\Shop to Win\TestFeeds\DisableStatusDirection.xml c:\program files\Shop to Win\TestFeeds\GenericPopup.xml c:\program files\Shop to Win\TestFeeds\MainStatus.xml c:\program files\Shop to Win\TestFeeds\ShoppingConfirmation.xml c:\program files\Shop to Win\unins000.dat c:\program files\Web Assistant\ExTEnsion32.dll c:\programdata\ntuser.dat c:\users\sheila\15.jpg c:\users\sheila\20091011223157.jpg c:\users\sheila\20091229225621.jpg c:\users\sheila\201072410563468337.jpg c:\users\sheila\3676907620771746162 (1).jpg c:\users\sheila\3676907620771746162.jpg c:\users\sheila\b5cb0b1d78ecb9d6a8b4c3227586adec.jpg c:\users\sheila\be82c034cf25c914338fa3cf87005d24-d3cyctl.jpg c:\users\sheila\Documents\~WRL0003.tmp c:\users\sheila\Documents\~WRL0004.tmp c:\users\sheila\Documents\~WRL0005.tmp c:\users\sheila\Documents\~WRL0221.tmp c:\users\sheila\Documents\~WRL0598.tmp c:\users\sheila\Documents\~WRL3164.tmp c:\users\sheila\Documents\~WRL3197.tmp c:\users\sheila\Documents\~WRL3668.tmp c:\users\sheila\Documents\~WRL4096.tmp c:\users\sheila\Documents\ShopToWin c:\users\sheila\fullclient_april25.exe c:\windows\assembly\GAC\Desktop.ini c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . Infected copy of c:\windows\System32\services.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))) . . 2012-08-06 11:25 . 2012-08-06 12:21 -------- d-----w- c:\users\sheila\AppData\Local\temp 2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Samantha\AppData\Local\temp 2012-08-06 11:25 . 2012-08-06 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-05 00:27 . 2012-08-05 13:51 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11 . 2012-08-05 00:11 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10 . 2012-08-05 00:10 73728 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2012-08-05 00:09 . 2012-08-05 00:09 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\users\sheila\AppData\Roaming\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:47 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47 . 2012-08-04 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 23:47 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 12:03 . 2012-08-05 13:29 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconF7A21AF7.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconD7F16134.exe 2012-08-04 08:57 . 2012-08-04 08:57 110080 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}\IconCF33A0CE.exe 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- C:\sh4ldr 2012-08-04 08:57 . 2012-08-04 08:57 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56 . 2012-08-04 08:57 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51 . 2012-08-04 08:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-08-04 08:51 . 2012-08-04 08:51 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-08-04 08:51 . 2012-08-04 08:51 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-08-04 08:51 . 2012-08-04 08:51 118240 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-08-04 08:51 . 2012-08-04 08:51 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-08-04 05:28 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 04:32 . 2012-08-04 04:32 -------- d-----w- c:\users\sheila\AppData\Roaming\AVG2012 2012-08-04 02:36 . 2012-08-04 02:37 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36 . 2012-08-04 02:36 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22 . 2012-08-06 12:18 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 07:25 . 2012-08-03 07:26 -------- d-----w- c:\users\Samantha\AppData\Roaming\Skype 2012-08-03 07:21 . 2012-08-03 07:21 -------- d-----w- c:\users\Samantha\AppData\Local\Mozilla 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\programdata\iolo 2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\sheila\AppData\Roaming\iolo 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\users\sheila\AppData\Roaming\Qwiklinx 2012-08-03 06:29 . 2012-08-03 06:29 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28 . 2012-08-03 06:29 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28 . 2012-08-03 06:28 -------- d-----w- c:\users\sheila\AppData\Local\Wajam 2012-08-03 06:27 . 2012-08-03 06:28 -------- d-----w- c:\program files\Wajam 2012-08-03 06:27 . 2012-08-03 06:27 -------- d-----w- c:\users\sheila\AppData\Roaming\RadarSync 2012-08-03 06:19 . 2012-08-03 06:20 -------- d-----w- c:\program files\Driver Checker 2012-08-03 06:07 . 2012-08-03 07:27 -------- d-----w- c:\users\Samantha\AppData\Local\PMB Files 2012-08-03 05:03 . 2012-08-03 05:03 -------- d-----w- c:\users\sheila\AppData\Local\ElevatedDiagnostics 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53 . 2012-08-03 04:53 -------- d-----w- c:\users\sheila\AppData\Local\APN 2012-08-03 04:41 . 2012-08-03 04:49 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48 . 2012-08-01 22:48 -------- d-----w- c:\windows\system32\%APPDATA% 2012-08-01 00:31 . 2012-08-01 00:31 -------- d-----w- c:\programdata\Macrovision 2012-07-31 21:53 . 2012-07-31 21:53 -------- d-----w- C:\$AVG 2012-07-31 21:53 . 2012-08-06 12:16 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52 . 2012-07-31 21:52 -------- d-----w- c:\program files\AVG 2012-07-31 21:50 . 2012-08-06 10:28 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44 . 2012-07-31 20:44 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36 . 2012-07-31 20:36 -------- d-----w- c:\users\sheila\AppData\Roaming\YourFileDownloader 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\users\sheila\AppData\Roaming\DriverCure 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\Common Files\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20 . 2012-07-31 20:20 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51 . 2012-07-31 09:51 -------- d-----w- c:\users\sheila\AppData\Roaming\IObit 2012-07-31 09:44 . 2012-07-31 09:44 -------- d-----w- c:\users\sheila\AppData\Local\Promosoft Corporation 2012-07-16 19:50 . 2012-08-03 08:10 -------- d-----w- c:\windows\system32\drivers\N360\0502020.003 2012-07-13 11:00 . 2012-08-04 08:51 192592 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-13 11:00 . 2012-08-04 08:51 114144 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-07-13 11:00 . 2012-08-04 08:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-07-13 11:00 . 2012-08-04 08:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-07-12 08:57 . 2012-07-12 08:57 -------- d-----w- c:\program files\x86 2012-07-12 08:55 . 2012-08-05 14:02 -------- d-----w- c:\program files\OApps 2012-07-12 08:55 . 2012-08-03 08:09 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54 . 2012-08-06 11:21 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37 . 2012-07-10 17:37 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04 . 2012-07-10 13:04 -------- d-----w- c:\users\sheila\AppData\Local\Aeria Games 2012-07-10 13:03 . 2012-07-10 13:03 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49 . 2012-07-25 18:26 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49 . 2012-08-03 08:09 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46 . 2012-08-03 08:09 -------- d-----w- C:\New Folder . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 07:20 . 2012-06-27 03:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20 . 2012-06-27 03:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 23:59 . 2012-06-19 23:59 18944 ----a-r- c:\users\sheila\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe 2012-06-05 16:47 . 2012-08-04 06:19 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47 . 2012-08-06 10:25 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-02 22:19 . 2012-08-04 03:41 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-08-04 03:41 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-08-04 03:40 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-08-04 03:40 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-08-04 03:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-08-04 03:41 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-08-04 03:40 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-08-04 03:40 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-08-04 03:40 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 00:04 . 2012-08-04 05:28 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03 . 2012-08-04 05:28 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-31 16:25 . 2010-04-02 13:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39 . 2012-05-18 00:39 16304 ------w- c:\windows\system32\apl003.sys 2012-08-04 08:51 . 2012-08-04 08:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\sheila\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256] "AirMac Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-04-05 30096] "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2012-05-24 1241184] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-05-16 26816] "PC Pitstop PC Matic Reminder"="c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe" [2012-05-16 325320] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2011-07-04 11:43 3493720 ----a-w- c:\program files\Alwil Software\Avast5\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-11-17 11:29 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2] 2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-06-03 19:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon] 2008-03-17 21:29 16624 ----a-w- c:\program files\Dell V105\dldnamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe] 2008-03-17 21:29 668912 ----a-w- c:\program files\Dell V105\dldnmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-03-31 15:13 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-06-23 23:44 1386776 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-06-16 02:13 116648 ----atw- c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-02-26 17:57 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-02-26 17:57 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 10:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-07-14 18:33 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-02-26 17:57 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed] 2009-06-19 16:25 4825976 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray] 2012-05-15 14:06 325448 ----a-w- c:\users\sheila\AppData\Roaming\Smilebox\SmileboxTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-10-07 02:49 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2010-03-31 15:05 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . R0 45083044;45083044;c:\windows\system32\drivers\07025176.sys [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:20] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 10:44] . 2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000Core.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2596339596-1792215834-1845895286-1000UA.job - c:\users\sheila\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16 02:13] . 2012-07-16 c:\windows\Tasks\Norton Security Scan for sheila.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-16 04:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ mStart Page = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\sheila\AppData\Roaming\Mozilla\Firefox\Profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\MyFunCards_5m\bar\1.bin\5mSrcAs.dll WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe SafeBoot-45083044.sys SafeBoot-56671536.sys MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe MSConfigStartUp-DailyBibleGuideIE Browser Plugin Loader - c:\progra~1\DAILYB~2\bar\1.bin\elbrmon.exe MSConfigStartUp-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe AddRemove-Funmoods Web Search - c:\progra~1\Funmoods\1.5.23.22\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-06 08:19 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}] "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95, 8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56, ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,d2,77, 68,82,e9,5d,3d,9d,e9,17,af,ad,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:d1,03,ad,e3,bd,33,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,a5,3e,c0,23,2e,15,48,94,37,2c,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1608) c:\program files\Norton Security Suite\Engine\5.2.2.3\buShell.dll c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\WLANExt.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dldncoms.exe c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\DllHost.exe c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe c:\program files\IObit\Game Booster 3\gbtray.exe c:\windows\system32\igfxsrvc.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2012-08-06 08:29:59 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-06 12:29 . Pre-Run: 193,192,067,072 bytes free Post-Run: 184,391,561,216 bytes free . - - End Of File - - DBE770E42F00C8B85A184816DAA0CCB8

AVG and Norton Security Suite kept requesting neccessary actions for some infected files. I'll attach those logs later if you need them. DDS Log DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by sheila at 22:09:14 on 2012-08-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1947 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Game Booster 3\gbtray.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dldncoms.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe C:\Program Files\AirMac\APAgent.exe C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe C:\Program Files\Aeria Games\Ignite\aeriaignite.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Users\sheila\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Users\sheila\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.com/?ilc=10&fr=ydwnld-home/ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com mWindow Title = Windows Internet Explorer provided by Comcast uInternet Settings,ProxyOverride = *.local;<local> uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll uURLSearchHooks: H - No File uURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: N/A: {f4c28532-b9d0-4950-a2df-e83f9929242b} - c:\program files\myfuncards_5m\bar\1.bin\5mSrcAs.dll mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\5.6\iobitToolbarIE.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.1.0.21\AVG Secure Search_toolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [Akamai NetSession Interface] "c:\users\sheila\appdata\local\akamai\netsession_win.exe" uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe" mRun: [AirMac Base Station Agent] "c:\program files\airmac\APAgent.exe" mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe mRun: [PC Pitstop PC Matic Reminder] c:\program files\pcpitstop\pc matic\Reminder-PCMatic.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4AA34806-31D2-46B3-BB14-BF33709D5CA6} : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.5\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\sheila\appdata\roaming\mozilla\firefox\profiles\iyyvcftz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bd45d6b46-cdab-4304-9d2e-f564c2d1295c%7D&mid=49203be05ad843ac95931df41e95a489-1a71e38da43c7be14eed47335abb07994792215d&ds=AVG&v=12.1.0.21〈=en&pr=fr&d=2012-08-04%2000%3A10%3A39&sap=ku&q= FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll FF - plugin: c:\progra~1\meadco~1\npmeadax.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.5\npsitesafety.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\users\sheila\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\sheila\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\users\sheila\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll . ---- FIREFOX POLICIES ---- . FF - user.js: browser.search.defaultEngine - yahoo FF - user.js: browser.search.defaultenginename - yahoo FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=protectff&ei=UTF-8&p= FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=protectawe&ei=UTF-8&p= FF - user.js: browser.search.param.yahoo-fr - chrf-protectff FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=171011_prot FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.hardId - e67b30d700000000000000225f19a80c FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:38:01 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.funmoods.hmpg - false FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.dfltSrch - false FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - false FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzutAtN2Y1L1QzutDtDtBtByD0FtCzy0AzztD0CtAtD0DyBtN0D0TzutBtDtCtBtDyDtByC&cr=1914641341 FF - user.js: extensions.funmoods.tlbrSrchUrl - FF - user.js: extensions.funmoods.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.funmoods.instlDay - 15486 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:37:9 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQABM6TI6&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - e67b30d700000000000000225f19a80c FF - user.js: extensions.incredibar_i.instlDay - 15507 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:05:08 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6PQABM6TI6 FF - user.js: extensions.incredibar_i.upn2n - 92543068038237882 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - . FF - user.js: extentions.y2layers.installId - 86beee56-1272-479b-8b52-ed5a005d92bf FF - user.js: extentions.y2layers.defaultEnableAppsList - pagerage,ezLooker,buzzdock,toprelatedtopics,twittube . FF - user.js: extensions.autoDisableScopes - 14 user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-26 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-23 309848] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-4 27496] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120803.002\IDSvix86.sys [2012-8-3 382624] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys [2012-7-16 331384] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-9-6 81920] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-23 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-23 54104] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-23 42184] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-31 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-6 135608] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-6 126392] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-7-11 763840] R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.5\ToolbarUpdater.exe [2012-8-4 830048] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-10-16 482176] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-3 106656] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-4-2 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-4-2 280096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S2 dldnCATSCustConnectService;dldnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldnserv.exe [2008-3-4 99568] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056] S3 apf001;apf001;c:\windows\system32\apf001.sys [2012-1-20 10872] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-3 135664] S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4 22904] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2010-4-9 55056] S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2010-4-9 160912] S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2010-4-9 160912] S3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\drivers\PTDMWFLT.sys [2010-4-9 13456] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2010-4-9 118800] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872] S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304] S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-16 1668344] S4 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-4-4 42528] . =============== Created Last 30 ================ . 2012-08-05 00:27:41 -------- d-----w- c:\program files\PCPitstop 2012-08-05 00:11:33 -------- d-----w- c:\programdata\Sophos 2012-08-05 00:10:23 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2012-08-05 00:10:22 73728 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe 2012-08-05 00:09:58 -------- d-----w- c:\program files\Sophos 2012-08-04 23:47:47 -------- d-----w- c:\users\sheila\appdata\roaming\Malwarebytes 2012-08-04 23:47:40 -------- d-----w- c:\programdata\Malwarebytes 2012-08-04 23:47:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 23:47:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-04 12:03:14 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconF7A21AF7.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconD7F16134.exe 2012-08-04 08:57:31 110080 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{cc1f6da0-21d2-425a-b1b6-5b164a598450}\IconCF33A0CE.exe 2012-08-04 08:57:26 -------- d-----w- C:\sh4ldr 2012-08-04 08:57:26 -------- d-----w- c:\program files\Enigma Software Group 2012-08-04 08:56:54 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-04 08:51:09 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-08-04 08:51:09 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-08-04 08:51:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-08-04 08:51:09 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-08-04 08:51:09 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-08-04 08:51:08 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-08-04 05:28:02 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-04 05:28:02 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-04 05:28:02 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-04 04:32:03 -------- d-----w- c:\users\sheila\appdata\roaming\AVG2012 2012-08-04 04:10:30 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-04 04:09:29 -------- d-----w- c:\program files\AVG Secure Search 2012-08-04 04:04:37 -------- d-----w- c:\windows\system32\drivers\AVG 2012-08-04 03:41:43 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-04 03:40:33 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39b4c142-238b-4852-bcd4-4593264c2630}\mpengine.dll 2012-08-04 03:40:33 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-04 03:40:33 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-04 02:36:49 -------- d-----w- c:\programdata\DriverGenius 2012-08-04 02:36:14 -------- d-----w- c:\program files\Driver-Soft 2012-08-03 08:22:11 -------- d-----w- c:\windows\system32\wbem\repository 2012-08-03 08:20:33 -------- d-----w- c:\windows\Registration 2012-08-03 06:43:36 -------- d-----w- c:\users\sheila\appdata\roaming\iolo 2012-08-03 06:43:36 -------- d-----w- c:\programdata\iolo 2012-08-03 06:29:10 -------- d-----w- c:\users\sheila\appdata\roaming\Qwiklinx 2012-08-03 06:29:10 -------- d-----w- c:\program files\Qwiklinx 2012-08-03 06:28:15 -------- d-----w- c:\program files\Shop to Win 36 2012-08-03 06:28:14 -------- d-----w- c:\program files\BabylonToolbar 2012-08-03 06:28:04 -------- d-----w- c:\users\sheila\appdata\local\Wajam 2012-08-03 06:27:54 -------- d-----w- c:\users\sheila\appdata\roaming\RadarSync 2012-08-03 06:27:54 -------- d-----w- c:\program files\Wajam 2012-08-03 06:19:46 -------- d-----w- c:\program files\Driver Checker 2012-08-03 05:03:44 -------- d-----w- c:\users\sheila\appdata\local\ElevatedDiagnostics 2012-08-03 04:53:29 -------- d-----w- c:\programdata\RegAce 2012-08-03 04:53:16 -------- d-----w- c:\users\sheila\appdata\local\APN 2012-08-03 04:41:55 -------- d-----w- c:\program files\Fix RegCleaner 2012-08-01 22:48:29 -------- d-----w- c:\windows\system32\%APPDATA% 2012-07-31 21:54:39 -------- d-----w- c:\users\sheila\appdata\local\AVG Secure Search 2012-07-31 21:54:23 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-31 21:54:10 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-07-31 21:53:24 -------- d-----w- C:\$AVG 2012-07-31 21:53:23 -------- d-----w- c:\programdata\AVG2012 2012-07-31 21:52:51 -------- d-----w- c:\program files\AVG 2012-07-31 21:50:58 -------- d-----w- c:\programdata\MFAData 2012-07-31 20:44:51 -------- d-----w- c:\program files\Promosoft Corporation 2012-07-31 20:36:05 -------- d-----w- c:\users\sheila\appdata\roaming\YourFileDownloader 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\SpeedyPC Software 2012-07-31 20:20:46 -------- d-----w- c:\users\sheila\appdata\roaming\DriverCure 2012-07-31 20:20:42 -------- d-----w- c:\program files\common files\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-31 20:20:41 -------- d-----w- c:\program files\SpeedyPC Software 2012-07-31 09:51:40 -------- d-----w- c:\users\sheila\appdata\roaming\IObit 2012-07-31 09:44:28 -------- d-----w- c:\users\sheila\appdata\local\Promosoft Corporation 2012-07-16 19:51:23 331384 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symtdiv.sys 2012-07-16 19:51:23 299640 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symnets.sys 2012-07-16 19:51:22 744568 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symefa.sys 2012-07-16 19:51:22 516216 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtsp.sys 2012-07-16 19:51:22 50168 ----a-w- c:\windows\system32\drivers\n360\0502020.003\srtspx.sys 2012-07-16 19:51:22 340088 ----a-w- c:\windows\system32\drivers\n360\0502020.003\symds.sys 2012-07-16 19:51:21 136312 ----a-r- c:\windows\system32\drivers\n360\0502020.003\ironx86.sys 2012-07-16 19:50:31 -------- d-----w- c:\windows\system32\drivers\n360\0502020.003 2012-07-13 11:00:08 192592 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-07-13 11:00:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-07-13 11:00:07 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-07-13 11:00:07 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-07-12 08:57:30 -------- d-----w- c:\program files\x86 2012-07-12 08:55:18 -------- d-----w- c:\program files\OApps 2012-07-12 08:55:15 -------- d-----w- c:\program files\TorrentSearch 2012-07-12 08:54:49 -------- d-----w- c:\users\sheila\Xoliul Shader 2012-07-12 08:54:00 -------- d-----w- c:\program files\intellidownload 2012-07-10 17:37:14 184886 ----a-w- C:\torrent.exe 2012-07-10 13:04:40 -------- d-----w- c:\users\sheila\appdata\local\Aeria Games 2012-07-10 13:03:31 -------- d-----w- c:\programdata\Aeria Games 2012-07-10 12:49:28 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2012-07-10 12:49:22 -------- d-----w- c:\program files\Aeria Games 2012-07-10 08:46:47 -------- d-----w- C:\New Folder . ==================== Find3M ==================== . 2012-08-04 07:20:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-04 07:20:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-18 00:39:20 16304 ------w- c:\windows\system32\apl003.sys . ============= FINISH: 22:15:47.28 =============== unhide file Processing the C:\ drive Finished processing the C:\ drive. 244116 files processed. The C:\Users\sheila\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 08/05/2012 09:43:46 AM Execution time: 0 hours(s), 13 minute(s), and 51 seconds(s) Database version: v2012.08.05.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 sheila :: SHEILA-PC [administrator] Protection: Enabled 8/5/2012 8:46:27 PM mbam-log-2012-08-05 (20-46-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208933 Time elapsed: 28 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 9 HKCR\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully. HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyFunCards_5m (Adware.MyFunCards) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.181.0\firefox\extensions -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully. Files Detected: 3 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Users\sheila\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\sheila\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. (end)

I did for a few minutes, but the desktop wouldn't load, the toolbar didn't pop up, even when opening up Task Manager and typing in 'explorer.exe' to get it to respond. I'm still stuck in safe mode, but loading user accounts is running much faster.