sapna_chavda

Ok here goes: DDS.txt is: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518Run by Saira at 19:49:11 on 2014-02-26Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.1440 [GMT 0:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Program Files (x86)\iSafe\iSafeSvc.exeC:\Program Files (x86)\iSafe\iSafeSvc2.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Mobogenie\MgAssist.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Mobogenie\DaemonProcess.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\iSafe\iSafeTray.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Users\Saira\AppData\Local\Smartbar\Application\SnapDo.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Windows\system32\SearchIndexer.exeC:\Users\Saira\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Real\realplayer\Update\realsched.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exeC:\Windows\SysWOW64\ctfmon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Users\Saira\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exeC:\Windows\system32\sppsvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {11111111-1111-1111-1111-110011501158} - <orphaned>BHO: Media Viewer: {201f8834-ac8c-4fa0-90dd-2b9cef403de8} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha8506\ie\MediaViewerV1alpha8506.dllBHO: tOpdeal: {223CCF2E-FD38-653B-1E5E-B6078A2265CC} - LocalServer32 - <no file>BHO: Bubble Dock SurfMatch: {23AF19F7-1D5B-442c-B14C-3D1081953C94} - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllBHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dllBHO: flash-Enhancer: {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dllBHO: Media Player: {669c861d-9914-4aba-93e6-610cf1b9a1b5} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha2502\ie\MediaPlayerV1alpha2502.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Media Player: {7c350d8d-e75e-4a81-a246-2f507ea9e8b0} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha4831\ie\MediaPlayerV1alpha4831.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Media Viewer: {90720bec-7e02-4cde-ab1a-5613aa2fcf34} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha634\ie\MediaViewerV1alpha634.dllBHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: PPTCheucker: {A6FEB559-3E27-DDE6-A0BB-64378610CC57} - C:\ProgramData\PPTCheucker\1.dllBHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: DealsCompare: {b50321e1-e1a6-45d6-9ce4-26b21ee44e0d} - C:\Program Files (x86)\DealsCompare\150.dllBHO: topbuyer: {B7397D41-E0F5-6F11-71F0-BE9BED88102A} - C:\ProgramData\topbuyer\zGvlxJG.dllBHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dllBHO: dealppeak: {DFD8CF2A-266D-E68E-67EC-ECBC3A6235EC} - C:\ProgramData\dealppeak\OxW.dllTB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dlluRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeuRun: [browser Infrastructure Helper] C:\Users\Saira\AppData\Local\Smartbar\Application\SnapDo.exe startupuRun: [bubble Dock] "C:\Users\Saira\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartupmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /bootmRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exemRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exedRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: NameServer = 192.168.1.254 192.168.1.254TCP: Interfaces\{2CED8F89-688E-451C-B45B-5A3DAAE9AB7F} : DHCPNameServer = 192.168.1.254 192.168.1.254TCP: Interfaces\{2CED8F89-688E-451C-B45B-5A3DAAE9AB7F}\244524573796E6563737845726D2838323 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{2CED8F89-688E-451C-B45B-5A3DAAE9AB7F}\244584572633D2457535B4 : DHCPNameServer = 192.168.1.254TCP: Interfaces\{BAFB1BF0-63A1-4173-A7EA-40666FC523A5} : NameServer = 0.0.0.0Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Feven 1.7: {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dllx64-BHO: DP1815: {11111111-1111-1111-1111-110411721120} - C:\Program Files (x86)\DP1815\DP1815-bho64.dllx64-BHO: tOpdeal: {223CCF2E-FD38-653B-1E5E-B6078A2265CC} - LocalServer32 - <no file>x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dllx64-BHO: PPTCheucker: {A6FEB559-3E27-DDE6-A0BB-64378610CC57} - C:\ProgramData\PPTCheucker\1.x64.dllx64-BHO: topbuyer: {B7397D41-E0F5-6F11-71F0-BE9BED88102A} - C:\ProgramData\topbuyer\zGvlxJG.x64.dllx64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-BHO: dealppeak: {DFD8CF2A-266D-E68E-67EC-ECBC3A6235EC} - C:\ProgramData\dealppeak\OxW.x64.dllx64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Saira\AppData\Roaming\Mozilla\Firefox\Profiles\m5w9w55e.default\FF - prefs.js: browser.search.selectedEngine - Web SearchFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - ExtSQL: 2014-01-29 20:26; bubbledock@nosibay.com; C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\FFSurfMatchFF - ExtSQL: 2014-01-29 20:27; {94cd2cc3-083f-49ba-a218-4cda4b4829fd}; C:\Users\Saira\AppData\Roaming\Mozilla\Firefox\Profiles\m5w9w55e.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}FF - ExtSQL: 2014-01-29 20:41; ext@flashenhancer.com; C:\Program Files (x86)\AmiExt\flashEnhancer\ffFF - ExtSQL: 2014-01-29 20:41; uidh@kvzz-.com; C:\Users\Saira\AppData\Roaming\Mozilla\Firefox\Profiles\m5w9w55e.default\extensions\uidh@kvzz-.comFF - ExtSQL: 2014-01-29 20:41; eaio1wdtxkv@ie-.edu; C:\Users\Saira\AppData\Roaming\Mozilla\Firefox\Profiles\m5w9w55e.default\extensions\eaio1wdtxkv@ie-.edu.---- FIREFOX POLICIES ----FF - user.js: extensions.autoDisableScopes - 0FF - user.js: extensions.shownSelectionUI - true.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-7 55856]R1 iSafeNetFilter;iSafeNetFilter;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-1-29 44032]R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-7 89600]R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-7 13336]R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-1-29 491688]R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-29 63168]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-7 1692480]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-7 2320920]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-7 172704]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-5-7 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-7 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-7 289280]R3 iSafeKrnl;iSafeKrnl;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-1-29 219648]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-5-7 53800]S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-7 35104]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-2-21 36680]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-7 250984]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-7 325152]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 59392]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-24 1255736]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-26 19:47:53 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89B65B6A-21EA-40D5-8F0A-D9175D4B9A3D}\offreg.dll2014-02-25 22:24:56 -------- d-----w- C:\50b93037a9ab2a061e2014-02-25 18:08:31 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89B65B6A-21EA-40D5-8F0A-D9175D4B9A3D}\mpengine.dll2014-02-23 20:09:22 -------- d-----w- C:\Program Files (x86)\MediaViewerV12014-02-21 14:41:00 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-02-20 20:42:22 -------- d-----w- C:\ProgramData\topbuyer2014-02-20 20:42:13 -------- d-----w- C:\Users\Saira\AppData\Local\Packages2014-02-20 20:42:06 -------- d-----w- C:\ProgramData\PPTCheucker2014-02-20 20:42:06 -------- d-----w- C:\ProgramData\jaaimmlikcjeigpncpkpfpdmkhiafmff2014-02-20 20:18:38 -------- d-----w- C:\Users\Saira\AppData\Roaming\Malwarebytes2014-02-20 20:18:27 -------- d-----w- C:\ProgramData\Malwarebytes2014-02-20 20:18:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-02-20 20:18:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-15 19:28:02 -------- d-----w- C:\Program Files (x86)\MediaPlayerV12014-02-14 15:53:06 548864 ----a-w- C:\Windows\System32\vbscript.dll2014-02-14 15:53:06 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-13 22:41:13 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2014-02-13 22:40:59 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2014-02-13 22:40:59 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2014-02-13 22:40:58 3928064 ----a-w- C:\Windows\System32\d2d1.dll2014-02-13 22:40:58 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2014-02-13 22:35:11 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2014-02-10 18:23:59 -------- d-----w- C:\Windows\SysWow64\jmdp2014-02-10 18:23:59 -------- d-----w- C:\Windows\System32\ljkb2014-02-09 11:02:09 270496 ------w- C:\Windows\System32\MpSigStub.exe2014-01-29 20:46:42 -------- d-----w- C:\Users\Saira\AppData\Local\RegistryDR2014-01-29 20:41:39 -------- d-----w- C:\Program Files (x86)\Lightspark 0.5.3-git2014-01-29 20:40:59 -------- d-----w- C:\Program Files (x86)\AmiExt2014-01-29 20:40:58 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin2014-01-29 20:40:46 -------- d-----w- C:\Program Files (x86)\Registry Dr2014-01-29 20:29:23 -------- d-----w- C:\Windows\System32\log2014-01-29 20:29:14 -------- d-----w- C:\Users\Saira\AppData\Roaming\iSafe2014-01-29 20:29:14 -------- d-----w- C:\Program Files (x86)\iSafe2014-01-29 20:29:07 -------- d-----w- C:\Users\Saira\.android2014-01-29 20:29:03 -------- d-----w- C:\Users\Saira\AppData\Roaming\newnext.me2014-01-29 20:29:03 -------- d-----w- C:\Users\Saira\AppData\Local\cache2014-01-29 20:29:02 -------- d-----w- C:\Users\Saira\AppData\Local\Mobogenie2014-01-29 20:29:02 -------- d-----w- C:\Users\Saira\AppData\Local\genienext2014-01-29 20:28:20 -------- d-----w- C:\Program Files (x86)\Mobogenie2014-01-29 20:27:48 -------- d-----w- C:\Program Files (x86)\DP18152014-01-29 20:27:32 -------- d-----w- C:\Program Files\Conduit2014-01-29 20:27:31 -------- d-----w- C:\Users\Saira\AppData\Local\Conduit2014-01-29 20:27:31 -------- d-----w- C:\Program Files (x86)\Conduit2014-01-29 20:27:29 -------- d-----w- C:\Users\Saira\AppData\Roaming\ValueApps2014-01-29 20:26:50 -------- d-----w- C:\Program Files (x86)\Nosibay2014-01-29 20:26:25 -------- d-----w- C:\Users\Saira\AppData\Roaming\Nosibay2014-01-29 20:25:59 -------- d-----w- C:\Users\Saira\AppData\Local\SwvUpdater.==================== Find3M ====================.2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-04 09:28:20 1859376 ----a-w- C:\Windows\System32\dmwu.exe2014-02-04 09:23:42 34304 ----a-w- C:\Windows\System32\ImHttpComm.dll2014-02-04 08:39:36 829264 ----a-w- C:\Windows\System32\msvcr100.dll2014-02-04 08:39:36 608080 ----a-w- C:\Windows\System32\msvcp100.dll2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe.============= FINISH: 19:51:05.59 =============== Attach.txt is: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 21/09/2011 11:18:26System Uptime: 26/02/2014 19:42:40 (0 hours ago).Motherboard: Dell Inc. | | 0WXY9JProcessor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU 1 | 1170/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 451 GiB total, 380.341 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP96: 16/01/2014 03:02:22 - Windows UpdateRP97: 26/01/2014 16:38:31 - Scheduled CheckpointRP99: 29/01/2014 21:03:41 - Before Registry Dr fixRP100: 09/02/2014 11:01:39 - Windows UpdateRP101: 13/02/2014 22:33:38 - Windows UpdateRP102: 13/02/2014 23:03:24 - Windows UpdateRP103: 14/02/2014 16:01:58 - Windows UpdateRP104: 18/02/2014 11:58:58 - Windows UpdateRP105: 21/02/2014 17:14:57 - Windows UpdateRP106: 25/02/2014 18:07:33 - Windows UpdateRP107: 25/02/2014 22:24:30 - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7) MUIAdvanced Audio FX EngineApple Application SupportApple Mobile Device SupportApple Software UpdateBing BarBing Rewards Client InstallerBonjourBubble Dock (remove only)D3DX10dealppeakDealsCompareDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell Edoc ViewerDell Getting Started GuideDell MusicStageDell PhotoStageDell Product RegistrationDell StageDell Support CenterDell VideoStageDell Webcam CentralDelta Chrome ToolbarDelta toolbar DirectX 9 RuntimeDMUninstallerDP1815eBayFeven 1.7flash-EnhancerGoogle ChromeGoogle DriveGoogle Update HelperIB Updater 2.0.0.574IB Updater ServiceIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology MonitoriTunesJava 6 Update 24 (64-bit)Junk Mail filter updateLightspark 0.5.3-gitLive! Cam Avatar CreatorMalwarebytes Anti-Malware version 1.75.0.1300Media PlayerMedia ViewerMesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MobogenieMozilla Firefox 27.0.1 (x86 en-US)Mozilla Firefox PackagesMozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 7 Ultra EditionneroxmlOminent toolbar Optimizer Pro v3.2PhotoShowExpressPPTCheuckerQuickset64QuickTimeRBVirtualFolder64InstRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek USB 2.0 Card ReaderRealUpgrade 1.1Registry DrRoxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Shopping SidekickSkype ToolbarsSkype™ 5.10Snap.DoSnap.Do EngineSoftware Version UpdaterSonic CinePlayer Decoder PackSwift Browse 1.0.0Synaptics Pointing Device DriverTetrisThe KMPlayer (remove only)topbuyertOpdealUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)ValueAppsWajamWIDCOMM Bluetooth SoftwareWildTangent GamesWindows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesYAC.==== Event Viewer Messages From Past Week ========.26/02/2014 19:44:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.26/02/2014 19:40:27, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.20/02/2014 20:47:30, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll.==== End Of File =========================== RogueKiller log: RogueKiller V8.8.9 [Feb 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Saira [Admin rights]Mode : Scan -- Date : 02/26/2014 19:53:44| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] Bubble Dock.exe -- C:\Users\Saira\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤[DNS][PUM] HKLM\[...]\CCSet\[...]\{BAFB1BF0-63A1-4173-A7EA-40666FC523A5} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND[DNS][PUM] HKLM\[...]\CS001\[...]\{BAFB1BF0-63A1-4173-A7EA-40666FC523A5} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND[DNS][PUM] HKLM\[...]\CS002\[...]\{BAFB1BF0-63A1-4173-A7EA-40666FC523A5} : NameServer (0.0.0.0 [(Private Address) (XX)]) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 10 ¤¤¤[V2][sUSP PATH] Hoolapp For Android : C:\Users\Saira\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND[V2][sUSP PATH] Hoolapp Init : C:\Users\Saira\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++--- User ---[MBR] f684335170754dc0c9ca3f01ee5526b8[bSP] 195b22b5b29f25123f9b824ab5ab5b1b : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02262014_195344.txt >> Hope to hear from you soon.Many thanksSapna

Hello Yes please I do still require assistance, please do not close this post. I am currently away from home, but should be able to do the steps you have advised in the next couple of days and will return to you with a response. Many thanks - really appreciated Sapna

Hi there I have a DELL Inspiron running Windows 7 (I think!). The laptop is infected and I am trying to run MB. When I initially ran the quick scan, it returned 3000+ infections, and when I started to delete them, it forced me to restart. I then had to re-run the scan, which returned the same, and the same happened when I tried to delete. I tried to use MB Chameleon, and the exact same thing happened again!! So, I have run the scan yet again - it returns 3980 infections. I really do not know how to get around this and remove the infections. Please find attached the log. I would be grateful if you can advise how I can remove the infections from the laptop? Many thanks Sapna mbam-log-2014-02-20 (20-19-05).txt

Hi there So after all the help you guys have given me previously in helping fix friends and families laptops, I appear to have a bug-a-boo on my own laptop now. So I downloaded MB and ran a Quick Scan, results showed 50 infected objects. I removed them, but then half way through MB froze and said 'not responding'. So I used task manager and ended program. Ran Quick Scan again, this time it returned 9 objects. Again I removed them but it froze almost immediately. I've never had this problem before, so am unsure what to do. I would be grateful for some guidance please. I have attached a screen dump (print screen) of the 9 items - second attempt to remove, if that assists. Many thanks Sapna

Hi there, Thanks for getting to me. Firefox: I tried your suggestion, but it doesn't work David: I followed your link, and it turns out that none of the diagnostic lights work at all, and answer is "a possible pre-BIOS failure has occurred". However, there are no suggestions as to what I should do to try and resolve the matter. That's if it is at all possible! So please advise what i should do next? Many thanks Sapna

Hi there I have an old Dell Dimension 5000 and it seems to be in some kinda coma. The power light is flashing amber but there is nothing coming up on the screen. I can turn off the power to the tower by holding the power button down, but then when i hit it to start it up it just flashes amber. You guys have been very helpful in the past, so I'm back! Please can you advise? Many thanks, as always Sapna

Many thanks for your time on this one - please close this log as my friend has take her laptop back for now. Thanks again Sapna

Hi there Yes I am still here...I have been away on holiday. Ok, I have re-run MB scan and log below. I cannot seem to obtain DDS - your link does not work, so I searched it and tried a couple of other links and they don't work either? Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8122 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 09/11/2011 09:36:15 mbam-log-2011-11-09 (09-36-15).txt Scan type: Quick scan Objects scanned: 168066 Time elapsed: 12 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{85DF608E-8E51-83E6-049F-797BF9F66034} (Trojan.ZbotR.Gen) -> Value: {85DF608E-8E51-83E6-049F-797BF9F66034} -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\G parmar\AppData\Local\Temp\BUA\ar_dlg.exe (Virus.Ramnit) -> Quarantined and deleted successfully. c:\Users\G parmar\AppData\Local\Temp\BUA\killautorun.exe (Virus.Ramnit) -> Quarantined and deleted successfully. Many thanks for you time Sapna

Hi there I have another laptop - Dell Latitude D820. I have run MB scan and attach log - please confirm everything looks ok, and if there anything else I should do? Thanks Sapna mbam-log-2011-10-22 (21-45-37).txt

Hi there Got a Sony VAIO VGN-N38Z/W which is infected - runs slow, and random boxes re antivirus keep popping up. Have run MB scan and a log is attached. Please advise? Many thanks Sapna mbam-log-2011-10-22 (18-44-26).txt

Ok have reran OTL and the extra logs is below OTL Extras logfile created on: 06/03/2011 18:00:00 - Run 3 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\rebekah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 16.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.88 Gb Total Space | 151.25 Gb Free Space | 67.26% Space Free | Partition Type: NTFS Drive E: | 60.93 Mb Total Space | 45.50 Mb Free Space | 74.67% Space Free | Partition Type: FAT Drive H: | 2.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: REBEKAH-PC | User Name: rebekah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0227B440-CAE5-4C80-8EBE-3962927807B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1942EF6B-6DBA-49C5-BFC5-35F551ACAB70}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DFEA8C71-09B0-4469-A364-209123B6426D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EF289A1E-4AB0-4B55-B47D-D96F026C9E4D}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{148D5E13-BC5D-4C7C-B248-F36525971E38}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{1714F211-585A-4FA1-81EF-F0BA2B0E62B0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{2C592BF0-8EFA-4D3A-9DAA-C81FD6CA0CB4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{325ABF50-7EC5-4E29-99D0-7AAE32C7A226}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "{3A3E4FB9-8F91-4832-A796-E0E85DC6D681}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{3B44209C-37DE-43A9-AEE6-3647E52CC5CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4392B9AA-382C-4DC4-B39A-AA37367A39C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{49CEF8D6-717E-439E-862E-C5A64B8F16E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{5585E251-BE64-4B23-88C4-F8C7A67C3864}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{5F2CD676-E7D0-4C8B-8C99-1DCA2BC38C62}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{6A5BFB5A-A856-4531-8F2C-5968C9B09666}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{732BA711-8266-4815-865E-0C58B9DAA919}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | "{7A85C469-62C8-495C-BD7A-B15661643D8E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7BD55E97-27BD-4046-BDB2-28DAC52D091B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{85BD42B0-582E-4BA1-A214-04D527B0F335}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8FC583B8-84A4-4F16-866F-FD7D84C74C13}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{9524FD3E-0944-4818-AEF0-056B9CE8C7B8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{9A55C950-D0E8-4070-8858-91459A865FD2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{AD0B8A9C-9334-4A97-B128-751CA8F03F2E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{C0CC5B3E-A232-42AB-B511-D99F8DC783C8}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{C60C9FC8-E0A8-4EC8-9F4B-EA0272A5DE06}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "{C7576DE0-FCDF-42E9-BF51-56E12E2DE0C7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{C8D977A5-9B97-432E-A552-03E5B8A46E1A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{C9E68810-2816-48B2-90E7-5B2C2EB1EC68}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{D1E1DEBA-8857-426B-A2B6-DB27B18E35E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{D2108399-16CD-4C2E-8F18-013DDCD2D54A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{DC9B32B0-A1D1-404D-901F-C4119FA313FD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{DED496C4-5A97-4D7A-B145-BB81AE32ED43}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{E8B51523-02E9-4327-9F9E-05A05361B0B0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{EAB5130F-666B-426F-B258-8A87AB9A6670}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{EF527A6C-35B2-4B07-964E-DFE745D66DF0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{F55CF3E0-56D9-4C4F-A714-A82A27E342A3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{FD5B764A-95D8-4894-B5F8-4F0399E756F4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FE7A39C8-3F14-478F-9404-8E7657F18E91}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C566FF1-06AF-45F6-AF5B-3570FD68EFDA}" = Symantec Real Time Storage Protection Component "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 24 "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE "{C461FBFE-C0DE-4757-89DD-A5A833B9AC1F}_is1" = Crawler Radio & MP3 Player "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011 "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AdobeReader" = Adobe Reader 8 "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AVG" = AVG 2011 "CREATOR9" = Creator 9 "FirefoxGB" = Firefox "Flashplayer" = Flash Player 9 Internet Explorer "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GOOGLE_EARTH" = Google Earth "GoogleBAE" = Google BAE "GoogleDesktop" = GoogleDesktop "GoogleToolbar" = GoogleToolbar "ImageWriter" = Packard Bell ImageWriter "Infocentre" = Infocentre Rev. 2.0 "LCDTest" = Packard Bell LCD Test "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "METABOLI" = Metaboli "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSWorks85" = Microsoft Works 8.5 "NIS2007_GB" = NIS2007 "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "SETUPMYPC_GB" = SetUp My PC "Shockwave" = Shockwave player 10 "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "Updator" = Packard Bell Updator "VIDEO_NVIDIA" = Video NVIDIA v97.46 "ViewpointMediaPlayer" = Viewpoint Media Player "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03/03/2011 17:29:27 | Computer Name = rebekah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2436720 Error - 03/03/2011 17:29:40 | Computer Name = rebekah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03/03/2011 17:29:40 | Computer Name = rebekah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2449606 Error - 03/03/2011 17:29:40 | Computer Name = rebekah-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2449606 Error - 04/03/2011 14:09:38 | Computer Name = rebekah-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.19019, time stamp 0x4d0c3d4c, faulting module mshtml.dll, version 8.0.6001.19019, time stamp 0x4d0c53b1, exception code 0xc0000005, fault offset 0x00438114, process id 0x135c, application start time 0x01cbda95c1c63e85. Error - 04/03/2011 14:30:55 | Computer Name = rebekah-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.19019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 113c Start Time: 01cbda95c0b01395 Termination Time: 0 Error - 04/03/2011 14:41:42 | Computer Name = rebekah-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.19019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 11d0 Start Time: 01cbda9a4c3feee5 Termination Time: 0 Error - 05/03/2011 11:41:08 | Computer Name = rebekah-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.19019, time stamp 0x4d0c3d4c, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x00066579, process id 0x1d10, application start time 0x01cbdb44afb6f0e5. Error - 06/03/2011 13:42:47 | Computer Name = rebekah-PC | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Error - 06/03/2011 13:59:33 | Computer Name = rebekah-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.22.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1068 Start Time: 01cbdc2740e362b7 Termination Time: 15 [ System Events ] Error - 05/03/2011 20:40:41 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 20:40:45 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:03 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:13 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:22 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:30 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:39 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 05/03/2011 21:02:48 | Computer Name = rebekah-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 06/03/2011 05:50:53 | Computer Name = rebekah-PC | Source = Service Control Manager | ID = 7009 Description = Error - 06/03/2011 05:50:53 | Computer Name = rebekah-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Having a problem with ComboFix though. I managed to delete Symantec. I can't disable AVG, meaning it won't open for me to, so thought it would be a good idea to remove for for now. But is won't let me remove it either. And obviously ComboFix won't run because of it.

Thank you for your response. OTL logfile created on: 06/03/2011 16:34:17 - Run 2 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\rebekah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1,022.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 45.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 224.88 Gb Total Space | 150.80 Gb Free Space | 67.06% Space Free | Partition Type: NTFS Drive E: | 60.93 Mb Total Space | 45.50 Mb Free Space | 74.67% Space Free | Partition Type: FAT Drive H: | 2.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: REBEKAH-PC | User Name: rebekah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\rebekah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\Program Files\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\aol\1180969368\ee\aolsoftware.exe (America Online, Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\rebekah\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080115.021\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080115.021\NAVENG.SYS (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080114.001\IDSvix86.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=8&key=IESTART IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search" FF - prefs.js..browser.search.defaultthis.engineName: "Mininova-Vuze Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=" FF - prefs.js..browser.search.order.1: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/profile.php?ref=profile&id=678348865" FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={434CCF49-6296-09E8-378D-CA526869E337}&q=" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngine: "Yahoo-Mp3Tube" FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_results&prt=pinballtb01ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=&Keywords={searchTerms}" FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=3c4daf2eddd6434c97e2445452b22a66&subid=" FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=" FF - user.js..keyword.enabled: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 12:37:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/11/16 22:18:27 | 000,000,000 | ---D | M] [2009/05/23 14:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Extensions [2009/05/23 14:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2010/12/02 14:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions [2009/09/02 10:03:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/06 05:58:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/12/29 18:38:08 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2009/04/10 09:28:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/07/17 11:36:50 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} [2009/05/23 15:15:31 | 000,000,888 | ---- | M] () -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\searchplugins\conduit.xml [2010/10/02 23:16:17 | 000,000,733 | ---- | M] () -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\searchplugins\facebook.xml [2009/07/17 11:36:56 | 000,005,407 | ---- | M] () -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\searchplugins\fast-browser-search.xml [2008/02/07 09:37:05 | 000,001,836 | ---- | M] () -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\searchplugins\live-search.xml [2011/01/07 22:33:11 | 000,001,215 | ---- | M] () -- C:\Users\rebekah\AppData\Roaming\Mozilla\Firefox\Profiles\88ecxtki.default\searchplugins\Mp3Tube.xml [2011/03/06 15:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/06/04 15:02:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/07 14:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2007/10/20 19:26:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2010/11/07 14:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\PACKARDBELL@PARTNERS.MOZILLA.COM File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\TALKBACK@MOZILLA.ORG [2010/11/07 14:32:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/22 04:44:46 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png [2010/06/22 04:44:44 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found. O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found. O2 - BHO: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell) O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1180969368\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [uninstall_CToolbar] C:\Windows\Temp\CTun.exe (Crawler.com) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Yahoo Messenger] File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - Startup: C:\Users\rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: Radio && MP3 Player - {C461FBFE-C0DE-4757-89DD-A5A833B9AC1F} - C:\Program Files\Crawler\Radio\CRadio.exe (Crawler.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-68173420-3740344024-3674159200-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Doggie%20Dash/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Doggie%20Dash/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b9e6b8d0-980a-11dc-b53b-0218f6ae1f1d}\Shell\Autoplay\Command - "" = D:\smss.exe O33 - MountPoints2\{b9e6b8d0-980a-11dc-b53b-0218f6ae1f1d}\Shell\AutoRun\command - "" = D:\smss.exe O33 - MountPoints2\{b9e6b8d0-980a-11dc-b53b-0218f6ae1f1d}\Shell\Explore\Command - "" = D:\smss.exe O33 - MountPoints2\{b9e6b8d0-980a-11dc-b53b-0218f6ae1f1d}\Shell\Open\Command - "" = D:\smss.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/06 16:00:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/03/06 16:00:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/03/06 16:00:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/03/06 15:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011/03/06 15:03:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/03/06 15:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/06 15:03:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/03/06 15:01:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\rebekah\Desktop\mbam-setup.exe [2011/03/06 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/03/06 14:55:52 | 006,623,888 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\rebekah\Desktop\mbam-rules.exe [2011/02/27 08:35:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/27 08:29:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011/02/27 08:28:25 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011/02/27 08:28:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011/02/27 08:28:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011/02/27 08:28:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011/02/27 08:28:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011/02/27 08:28:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011/02/27 08:28:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011/02/27 08:28:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011/02/27 08:28:14 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011/02/27 08:28:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011/02/27 08:27:50 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011/02/27 08:27:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011/02/27 08:27:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011/02/27 08:27:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011/02/27 08:27:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011/02/09 18:39:54 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/09 18:39:24 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/09 18:39:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/09 18:38:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/02/09 18:38:26 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/02/09 18:38:25 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/02/09 18:38:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/02/09 18:38:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/02/09 18:38:24 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/02/09 18:38:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/02/09 18:38:24 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/02/09 18:38:24 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/02/09 18:38:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/02/09 18:38:23 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/02/09 18:38:23 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/02/09 18:38:22 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/02/09 18:38:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/02/09 18:38:21 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/02/09 18:38:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/02/09 18:38:20 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/02/09 18:38:20 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/02/09 18:38:20 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/02/09 18:38:20 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/02/09 18:38:19 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/02/09 18:38:16 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/02/09 18:38:15 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/02/09 18:38:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/02/09 18:36:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/02/09 18:36:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/09 18:36:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/09 18:36:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/09 18:36:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/09 18:36:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/09 18:36:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/09 18:36:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/02/09 18:36:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/02/09 18:36:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/02/09 18:36:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/02/09 18:36:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/02/09 18:36:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/09 18:36:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/09 18:36:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/09 18:36:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/09 18:36:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/09 18:34:26 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/09 18:34:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2011/03/06 16:30:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2011/03/06 16:26:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68173420-3740344024-3674159200-1002UA.job [2011/03/06 16:18:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\rebekah\Desktop\OTL.exe [2011/03/06 16:03:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/03/06 15:48:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/03/06 15:44:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/06 15:44:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/06 15:44:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/03/06 15:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/06 15:43:55 | 1070,084,096 | -HS- | M] () -- C:\hiberfil.sys [2011/03/06 15:04:01 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/06 15:02:10 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\rebekah\Desktop\mbam-setup.exe [2011/03/06 14:56:12 | 006,623,888 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\rebekah\Desktop\mbam-rules.exe [2011/03/06 14:11:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6504811-467B-4904-9035-F4F67723AD04}.job [2011/03/06 11:25:01 | 000,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68173420-3740344024-3674159200-1002Core.job [2011/03/06 00:32:32 | 175,626,455 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/03/05 15:32:13 | 000,619,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/03/05 15:32:13 | 000,112,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/03/05 12:32:20 | 000,002,017 | ---- | M] () -- C:\Users\rebekah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/03/05 12:32:19 | 000,002,055 | ---- | M] () -- C:\Users\rebekah\Desktop\Google Chrome.lnk [2011/03/04 21:32:16 | 000,000,492 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - rebekah.job [2011/02/10 07:05:41 | 000,420,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011/03/06 15:04:01 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/02/27 08:27:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/02/27 08:27:54 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/02/27 08:27:53 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010/11/26 22:42:51 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010/11/07 14:02:32 | 000,002,846 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2010/11/07 12:42:59 | 000,000,451 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini [2010/11/07 12:42:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini [2010/11/07 12:42:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll [2010/11/07 12:33:18 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010/03/24 03:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/03/23 19:08:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/03/23 19:08:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2008/09/15 14:25:27 | 000,000,380 | R--- | C] () -- C:\Windows\cm106.ini [2008/02/29 10:30:17 | 000,007,484 | ---- | C] () -- C:\Users\rebekah\AppData\Local\d3d9caps.dat [2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2007/11/29 22:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007/11/28 21:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007/11/05 14:55:41 | 000,004,096 | -H-- | C] () -- C:\Users\rebekah\AppData\Local\keyfile3.drm [2007/10/08 16:58:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2007/10/06 11:39:12 | 000,000,095 | ---- | C] () -- C:\Users\rebekah\AppData\Local\fusioncache.dat [2007/10/03 11:40:27 | 000,028,160 | ---- | C] () -- C:\Users\rebekah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/06/04 15:02:37 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007/02/13 07:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 12:47:37 | 000,420,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 10:33:01 | 000,619,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 10:33:01 | 000,112,802 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2010/11/16 22:21:47 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\AVG10 [2009/05/23 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\Azureus [2007/11/28 17:30:59 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\BearShare [2010/07/28 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2009/06/04 09:54:58 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\LimeWire [2010/11/07 14:12:06 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\Packard Bell [2010/03/11 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\PlayFirst [2010/03/11 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\rebekah\AppData\Roaming\SpinTop [2007/10/10 19:00:00 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\PBReg.job [2007/11/17 22:59:59 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\PBRegbk.job [2011/03/06 16:30:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator.job [2011/03/06 15:42:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/03/06 14:11:31 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6504811-467B-4904-9035-F4F67723AD04}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\rebekah\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\rebekah\Documents\My Received Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\rebekah\Documents\My Google Gadgets:Roxio EMC Stream @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C86B29EB @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5BB71BDD @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:37994DBE < End of report > RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6002 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0x8AA04000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 4456448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46 ) 0x81E18000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System) 0x81E18000 PnpManager 3907584 bytes 0x81E18000 RAW 3907584 bytes 0x81E18000 WMIxWDM 3907584 bytes 0x95E40000 Win32k 2109440 bytes 0x95E40000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0x8640A000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver) 0x86079000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x86205000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver) 0x804D6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0xA1A0E000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x8B40D000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080115.021\NAVEX15.SYS 888832 bytes (Symantec Corporation, AV Engine) 0x9060D000 C:\Windows\system32\DRIVERS\netr28u.sys 868352 bytes (Ralink Technology Corp., Ralink 802.11n Wireless Adapter Driver) 0x8DD05000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor) 0x8AE44000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8632F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x80603000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic) 0x86008000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x8040C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library) 0x9F604000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8CE5A000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 417792 bytes (Symantec Corporation, SPBBC Driver) 0x8CF67000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 393216 bytes (Symantec Corporation, Symantec Eraser Control Driver) 0x9F775000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver) 0x80728000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8A799000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect) 0x8B547000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x9073F000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher) 0x8068C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x80495000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x863BC000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x8A6FC000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver) 0x8AF16000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x8DC0A000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver) 0x8CEF2000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x861AF000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem) 0x8DC6E000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver) 0x9F6FC000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8651A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8A6B6000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x821D2000 ACPI_HAL 208896 bytes 0x821D2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x807BE000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x90787000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8CF38000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080114.001\IDSvix86.sys 192512 bytes (Symantec Corporation, IDS Core Driver) 0x8AFBA000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8A73B000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8B58F000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver) 0x86184000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8A675000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x8DDC5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver) 0xA1B33000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.) 0x8DC46000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x9F74D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x8657B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x806E3000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8A768000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8B5BB000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library) 0x8A602000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x8CE03000 C:\Windows\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver) 0x865B3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x9F6BC000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8B526000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0x9F6DD000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0x807A0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension) 0x8CFC7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver) 0x9F671000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x862EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x8DCE2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0x9F68E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x8AEF0000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0x9F735000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x8CFE5000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x805CD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x8CE25000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0x907B9000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x90715000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0x9F6A7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8A648000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x8CE3C000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver) 0xA1B02000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector) 0x8A634000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x9072B000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x8AF63000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver) 0x8B4E6000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080115.021\NAVENG.SYS 77824 bytes (Symantec Corporation, AV Engine) 0x8B5E0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x907DD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x8CEC0000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver) 0xA1B17000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0x865A2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8A6EB000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x8047C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) 0x86553000 C:\Windows\system32\DRIVERS\uagp35.sys 69632 bytes (Microsoft Corporation, MS AGPv3.5 Filter) 0x807F0000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x8CEDB000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library) 0x8DDB5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x80788000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x8AF9C000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0x8AF8C000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 65536 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver ) 0x8A663000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x86320000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0x8DCD3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8656C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x8070A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8A625000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8AF54000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x80719000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x8AFAC000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0x96080000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x907CF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x906FE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x8077A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0x805B6000 C:\Windows\System32\drivers\vjegh.sys 57344 bytes 0x8DCA9000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8A6A9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8067F000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR) 0x8A78D000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver) 0xA1AF6000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8B51A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8AEE4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver) 0x9F7C3000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.) 0x8DCB6000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes 0x8AF81000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver) 0x8AF76000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver) 0x906F3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x8AFF4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x90600000 C:\Windows\System32\Drivers\SYMNDISV.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver) 0x8AFE9000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x86315000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8AF0B000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xA1B29000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.) 0x8DCC9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8A69F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x8DDEF000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver) 0x8CF2E000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0xA1AEC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x8B4F9000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect) 0x865E2000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.) 0x865D4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8B503000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x8CED2000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xA1B5B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0x805C4000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0x9070C000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x8CE51000 C:\Windows\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver) 0x96060000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x86400000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x806D2000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x80798000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver) 0x8048D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x8DCC1000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes 0x806DB000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x906E3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x906EB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x86564000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x80772000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver) 0x8B513000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8CEEB000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x80405000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x8B50C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x907F0000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver) 0x8A65D000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW)) 0x865DD000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver) 0x8AF08000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter) 0x8A673000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x907F6000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver) 0x906E1000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) ============================================== >Stealth ============================================== Nothing detected I'm not sure why but the 'Extra' log from OTL does automtically come up. I can't find it anywhere either. Please advise? Thank you Sapna

Hi there I have run a MB scan and the log is attached, please can you have a look at it and advise what to do next? The PC is running very slowly as well. Many thanks Sapna mbam-log-2011-03-06 (15-39-02).txt

I'm not sure if I've followed your instructions properly. But i rescanned and the log is as below: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5194 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 26/11/2010 20:24:23 mbam-log-2010-11-26 (20-24-23).txt Scan type: Quick scan Objects scanned: 156634 Time elapsed: 33 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Many thanks Sapna

Hi there So I am at my friends and as you guys are always ever so helpful, please can you help. I am trying to sort the PC out and have run a MBAM scan - please find log attached below. I am going to spend some time now removing unwanted programs/ toolbars/ etc. while I wait to hear from you. Many thanks once again Sapna Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5065 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 07/11/2010 13:29:44 mbam-log-2010-11-07 (13-29-44).txt Scan type: Quick scan Objects scanned: 154758 Time elapsed: 25 minute(s), 47 second(s) Memory Processes Infected: 2 Memory Modules Infected: 6 Registry Keys Infected: 150 Registry Values Infected: 10 Registry Data Items Infected: 0 Folders Infected: 17 Files Infected: 76 Memory Processes Infected: C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Delete on reboot. Files Infected: C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\rebekah\Desktop\WebfettiSetup2.3.50.42.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Users\rebekah\Desktop\WebfettiSetup2.3.50.45.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\Temp\TMP00000009140D3E2A8F39EB97 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.