wmvincent87

Thank you so much for your help!

Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 30 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.9.900.117 Google Chrome 31.0.1650.57 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

# AdwCleaner v3.015 - Report created 10/12/2013 at 17:31:28 # Updated 10/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Will - HOMESLICE # Running from : C:\Documents and Settings\Will\My Documents\Downloads\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Program Files\Iminent Folder Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Will\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Will\Application Data\Media Finder Folder Deleted : C:\Documents and Settings\Will\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [!] Folder Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml File Deleted : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome\Google Chrome.lnk Shortcut Disinfected : C:\Documents and Settings\Will\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Documents and Settings\Will\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Documents and Settings\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\MediaFinder Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Google Chrome v31.0.1650.63 [ File : C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [10977 octets] - [10/12/2013 17:30:25] AdwCleaner[s0].txt - [10689 octets] - [10/12/2013 17:31:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10750 octets] ##########

Here is the ESET log file: C:\Documents and Settings\Will\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon applicationC:\Documents and Settings\Will\My Documents\Downloads\FreeFileViewerSetup.exe a variant of Win32/InstallCore.CU applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP751\A0185508.dll a variant of Win32/BrowseFox.F applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP751\A0185509.exe a variant of Win32/BrowseFox.G applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP752\A0185670.exe a variant of Win32/BrowseFox.G applicationC:\System Volume Information\_restore{FFDDB48A-6216-4AAB-A1EE-01AFD0A1008E}\RP754\A0186164.exe a variant of Win32/Toolbar.Conduit.B application

I tried again, with IE, and got the same error message.

I tried to follow the link and got the following error: "The webpage at http://www.eset.com/us/online-scanner/ has resulted in too many redirects." I checked my cookie settings in google chrome and they were fine.

Here is the ComboFix.txt log: ComboFix 13-12-01.01 - Will 12/03/2013 19:04:44.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2900 [GMT -5:00]Running from: c:\documents and settings\Will\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Will\Desktop\CFScript.txt..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\Overwolfc:\documents and settings\All Users\Application Data\Overwolf\Setup\180\OverwolfSetup.msic:\documents and settings\Will\Application Data\aartemisc:\documents and settings\Will\Application Data\aartemis\aartemis.exec:\documents and settings\Will\Application Data\aartemis\cor_aartemis.jsonc:\documents and settings\Will\Application Data\aartemis\DataBasec:\documents and settings\Will\Application Data\aartemis\QQBrowserFrame.dllc:\documents and settings\Will\Application Data\FreeFileViewerc:\documents and settings\Will\Application Data\FreeFileViewer\updcheck.cfgc:\documents and settings\Will\Local Settings\Application Data\FreeFileViewerc:\documents and settings\Will\Local Settings\Application Data\FreeFileViewer\FreeFileViewer.datc:\documents and settings\Will\Local Settings\Application Data\Overwolfc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddIns\AddIns.storec:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V1.AddInSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInSideAdapters\ODK.AddIns.V2.AddInSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInViews\ODK.AddIns.V1.AddInView.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\AddInViews\ODK.AddIns.V2.AddInView.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\Contracts\ODK.AddIns.V1.Contract.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\Contracts\ODK.AddIns.V2.Contract.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapter.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\HostSideAdapters\ODK.AddIns.V2.HostSideAdapterV1.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Apps\PipelineSegments.storec:\documents and settings\Will\Local Settings\Application Data\Overwolf\GamesList.4627103.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\InstallerCache\OWResources.dllc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\InstallerTrace.logc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\MSI_2013_11_25_19_21.log.gzc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Overwolf_11-25-13_19-22-10.Game.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Overwolf_11-26-13_15-31-25.Game.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\OWLog.cfgc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Log\Trace.logc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Capture.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Capture.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ChatNVoice.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ChatNVoice.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Entertainment.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Entertainment.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForGames.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForGames.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForTablets.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_ForTablets.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_FTW.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_FTW.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Social.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Social.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Utilities.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_Categories_Utilities.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_LoLTimers_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_LoLTimers_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_MusicPlayer_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_MusicPlayer_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_ScreenCapture_Tile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_ScreenCapture_Tile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_TeamSpeak_WideTile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_TeamSpeak_WideTile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_VideoCapture_WideTile.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\AppStore_VideoCapture_WideTile.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Action.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Action.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_MMORPG.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_MMORPG.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Other.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Other.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Shooters.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Shooters.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Sports.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Sports.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Strategy.pngc:\documents and settings\Will\Local Settings\Application Data\Overwolf\MarketplaceCache\GamesSubCategory_Strategy.png.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_1327.swfc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_1327.swf.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_EndGame.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_EndGame.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_MusicPlayerPromo.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_MusicPlayerPromo.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_Promo300on250.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_Promo300on250.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_RunesOfMagic.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_RunesOfMagic.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_StarWarsTOR.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_StarWarsTOR.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_WorldOfTanks.htmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\PromoCache\OWCache_WorldOfTanks.html.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageAccounts.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageBasic.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageCache.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageGeneral.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageGuidanceLayer.xmlc:\documents and settings\Will\Local Settings\Application Data\Overwolf\Settings\SettingsPageStats.xmlc:\program files\BuzzSearchc:\program files\FreeFileViewerc:\program files\FreeFileViewer\cmaps\83PV-R_1c:\program files\FreeFileViewer\cmaps\90MS-R_1c:\program files\FreeFileViewer\cmaps\90MS-R_2c:\program files\FreeFileViewer\cmaps\90MS-R_3c:\program files\FreeFileViewer\cmaps\90MSP-_1c:\program files\FreeFileViewer\cmaps\90MSP-_2c:\program files\FreeFileViewer\cmaps\90PV-R_1c:\program files\FreeFileViewer\cmaps\90PV-R_2c:\program files\FreeFileViewer\cmaps\90PV-R_3c:\program files\FreeFileViewer\cmaps\AD2D42_1c:\program files\FreeFileViewer\cmaps\AD4844_1c:\program files\FreeFileViewer\cmaps\AD5AE7_1c:\program files\FreeFileViewer\cmaps\ADB53F_1c:\program files\FreeFileViewer\cmaps\ADD-RK_1c:\program files\FreeFileViewer\cmaps\ADD-RK_2c:\program files\FreeFileViewer\cmaps\ADOBE-_1c:\program files\FreeFileViewer\cmaps\ADOBE-_2c:\program files\FreeFileViewer\cmaps\ADOBE-_3c:\program files\FreeFileViewer\cmaps\ADOBE-_4c:\program files\FreeFileViewer\cmaps\B5pc-Hc:\program files\FreeFileViewer\cmaps\B5PC-U_1c:\program files\FreeFileViewer\cmaps\B5PC-U_2c:\program files\FreeFileViewer\cmaps\B5pc-Vc:\program files\FreeFileViewer\cmaps\CNS-EU_1c:\program files\FreeFileViewer\cmaps\CNS-EU_2c:\program files\FreeFileViewer\cmaps\ETEN-B_1c:\program files\FreeFileViewer\cmaps\ETEN-B_2c:\program files\FreeFileViewer\cmaps\ETEN-B_3c:\program files\FreeFileViewer\cmaps\ETENMS_1c:\program files\FreeFileViewer\cmaps\ETENMS_2c:\program files\FreeFileViewer\cmaps\EUC-Hc:\program files\FreeFileViewer\cmaps\EUC-Vc:\program files\FreeFileViewer\cmaps\EXT-RK_1c:\program files\FreeFileViewer\cmaps\EXT-RK_2c:\program files\FreeFileViewer\cmaps\GB-EUC-Hc:\program files\FreeFileViewer\cmaps\GB-EUC-Vc:\program files\FreeFileViewer\cmaps\GBK-EU_1c:\program files\FreeFileViewer\cmaps\GBK-EU_2c:\program files\FreeFileViewer\cmaps\GBK-EU_3c:\program files\FreeFileViewer\cmaps\GBK2K-Hc:\program files\FreeFileViewer\cmaps\GBK2K-Vc:\program files\FreeFileViewer\cmaps\GBKP-E_1c:\program files\FreeFileViewer\cmaps\GBKP-E_2c:\program files\FreeFileViewer\cmaps\GBPC-E_1c:\program files\FreeFileViewer\cmaps\GBPC-E_2c:\program files\FreeFileViewer\cmaps\GBPC-E_3c:\program files\FreeFileViewer\cmaps\GBPC-E_4c:\program files\FreeFileViewer\cmaps\GBT-EU_1c:\program files\FreeFileViewer\cmaps\GBT-EU_2c:\program files\FreeFileViewer\cmaps\Hc:\program files\FreeFileViewer\cmaps\HKSCS-_1c:\program files\FreeFileViewer\cmaps\HKSCS-_2c:\program files\FreeFileViewer\cmaps\IDENTI_1c:\program files\FreeFileViewer\cmaps\IDENTI_2c:\program files\FreeFileViewer\cmaps\KSC-EU_1c:\program files\FreeFileViewer\cmaps\KSC-EU_2c:\program files\FreeFileViewer\cmaps\KSCMS-_1c:\program files\FreeFileViewer\cmaps\KSCMS-_2c:\program files\FreeFileViewer\cmaps\KSCMS-_3c:\program files\FreeFileViewer\cmaps\KSCMS-_4c:\program files\FreeFileViewer\cmaps\KSCPC-_1c:\program files\FreeFileViewer\cmaps\KSCPC-_2c:\program files\FreeFileViewer\cmaps\KSCPC-_3c:\program files\FreeFileViewer\cmaps\KSCPC-_4c:\program files\FreeFileViewer\cmaps\KSFD92_1c:\program files\FreeFileViewer\cmaps\UNICNS_1c:\program files\FreeFileViewer\cmaps\UNICNS_2c:\program files\FreeFileViewer\cmaps\UNIGB-_1c:\program files\FreeFileViewer\cmaps\UNIGB-_2c:\program files\FreeFileViewer\cmaps\UNIJIS_1c:\program files\FreeFileViewer\cmaps\UNIJIS_2c:\program files\FreeFileViewer\cmaps\UNIJIS_3c:\program files\FreeFileViewer\cmaps\UNIJIS_4c:\program files\FreeFileViewer\cmaps\UNIKS-_1c:\program files\FreeFileViewer\cmaps\UNIKS-_2c:\program files\FreeFileViewer\cmaps\Vc:\program files\FreeFileViewer\ffmpeg\avcodec-53.dllc:\program files\FreeFileViewer\ffmpeg\avdevice-53.dllc:\program files\FreeFileViewer\ffmpeg\avfilter-2.dllc:\program files\FreeFileViewer\ffmpeg\avformat-53.dllc:\program files\FreeFileViewer\ffmpeg\avutil-51.dllc:\program files\FreeFileViewer\ffmpeg\license_ffmpeg.txtc:\program files\FreeFileViewer\ffmpeg\license_libgsm.txtc:\program files\FreeFileViewer\ffmpeg\license_libogg.txtc:\program files\FreeFileViewer\ffmpeg\license_libspeex.txtc:\program files\FreeFileViewer\ffmpeg\license_libtheora.txtc:\program files\FreeFileViewer\ffmpeg\license_libvorbis.txtc:\program files\FreeFileViewer\ffmpeg\license_opencore_amr.txtc:\program files\FreeFileViewer\ffmpeg\license_sdl.txtc:\program files\FreeFileViewer\ffmpeg\myutil.dllc:\program files\FreeFileViewer\ffmpeg\SDL.dllc:\program files\FreeFileViewer\ffmpeg\source.txtc:\program files\FreeFileViewer\ffmpeg\swresample-0.dllc:\program files\FreeFileViewer\ffmpeg\swscale-2.dllc:\program files\FreeFileViewer\FFVCFG.exec:\program files\FreeFileViewer\FFVCheckForUpdates.exec:\program files\FreeFileViewer\FreeFileViewer.exec:\program files\FreeFileViewer\js32.dllc:\program files\FreeFileViewer\tx18.dllc:\program files\FreeFileViewer\tx18_bmp.fltc:\program files\FreeFileViewer\tx18_css.dllc:\program files\FreeFileViewer\tx18_doc.dllc:\program files\FreeFileViewer\tx18_dox.dllc:\program files\FreeFileViewer\tx18_gif.fltc:\program files\FreeFileViewer\tx18_htm.dllc:\program files\FreeFileViewer\tx18_ic.dllc:\program files\FreeFileViewer\tx18_ic.inic:\program files\FreeFileViewer\tx18_jpg.fltc:\program files\FreeFileViewer\tx18_obj.dllc:\program files\FreeFileViewer\tx18_png.fltc:\program files\FreeFileViewer\tx18_rtf.dllc:\program files\FreeFileViewer\tx18_tif.fltc:\program files\FreeFileViewer\tx18_tls.dllc:\program files\FreeFileViewer\tx18_wnd.dllc:\program files\FreeFileViewer\tx18_xml.dllc:\program files\FreeFileViewer\tx4ole18.ocxc:\program files\FreeFileViewer\unins000.datc:\program files\FreeFileViewer\unins000.exec:\program files\FreeFileViewer\unins000.msgc:\program files\FreeFileViewer\updates.cfgc:\program files\FreeFileViewer\vsgdi.dllc:\program files\FreeFileViewer\VSPDFViewerX.ocxc:\program files\FreeFileViewer\welcome.docx..((((((((((((((((((((((((( Files Created from 2013-11-04 to 2013-12-04 )))))))))))))))))))))))))))))))..2013-11-28 14:56 . 2013-11-28 14:56 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-28 14:56 . 2009-07-17 02:13 105176 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-19 19:13 . 2012-02-14 15:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 07:25 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-13 07:25 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24 . 2001-08-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2013-10-12 15:56 . 2001-08-23 12:00 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2001-08-23 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2001-08-23 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14 . 2009-04-20 23:10 7168 ----a-w- c:\windows\system32\xpsp4res.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]2002-12-06 16:19 56320 ----a-r- c:\windows\system32\delttray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2012-11-06 01:38 138096 ----atw- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-04-17 16:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2004-04-13 10:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]2004-08-04 05:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2013-03-15 02:57 15668512 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2013-03-15 02:57 223008 ----a-w- c:\windows\system32\nvmctray.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2013-03-11 20:24 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-12-20 20:47 16860672 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Warcraft 3\\Frozen Throne.exe"="c:\\Program Files\\Warcraft 3\\Warcraft III.exe"="c:\\Program Files\\Warcraft 3\\War3.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\Will\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8381:TCP"= 8381:TCP:League of Legends Launcher"8381:UDP"= 8381:UDP:League of Legends Launcher"8370:TCP"= 8370:TCP:League of Legends Launcher"8370:UDP"= 8370:UDP:League of Legends Launcher"8371:TCP"= 8371:TCP:League of Legends Launcher"8371:UDP"= 8371:UDP:League of Legends Launcher"8372:TCP"= 8372:TCP:League of Legends Launcher"8372:UDP"= 8372:UDP:League of Legends Launcher"8373:TCP"= 8373:TCP:League of Legends Launcher"8373:UDP"= 8373:UDP:League of Legends Launcher"8374:TCP"= 8374:TCP:League of Legends Launcher"8374:UDP"= 8374:UDP:League of Legends Launcher"8375:TCP"= 8375:TCP:League of Legends Launcher"8375:UDP"= 8375:UDP:League of Legends Launcher"58748:TCP"= 58748:TCP:Pando Media Booster"58748:UDP"= 58748:UDP:Pando Media Booster"6905:TCP"= 6905:TCP:League of Legends Launcher"6905:UDP"= 6905:UDP:League of Legends Launcher"6886:TCP"= 6886:TCP:League of Legends Launcher"6886:UDP"= 6886:UDP:League of Legends Launcher"6906:TCP"= 6906:TCP:League of Legends Launcher"6906:UDP"= 6906:UDP:League of Legends Launcher"6921:TCP"= 6921:TCP:League of Legends Launcher"6921:UDP"= 6921:UDP:League of Legends Launcher"6891:TCP"= 6891:TCP:League of Legends Launcher"6891:UDP"= 6891:UDP:League of Legends Launcher"6978:TCP"= 6978:TCP:League of Legends Launcher"6978:UDP"= 6978:UDP:League of Legends Launcher"6960:TCP"= 6960:TCP:League of Legends Launcher"6960:UDP"= 6960:UDP:League of Legends Launcher"6982:TCP"= 6982:TCP:League of Legends Launcher"6982:UDP"= 6982:UDP:League of Legends Launcher"8382:TCP"= 8382:TCP:League of Legends Launcher"8382:UDP"= 8382:UDP:League of Legends Launcher"6940:TCP"= 6940:TCP:League of Legends Launcher"6940:UDP"= 6940:UDP:League of Legends Launcher"6923:TCP"= 6923:TCP:League of Legends Launcher"6923:UDP"= 6923:UDP:League of Legends Launcher"6898:TCP"= 6898:TCP:League of Legends Launcher"6898:UDP"= 6898:UDP:League of Legends Launcher"6959:TCP"= 6959:TCP:League of Legends Launcher"6959:UDP"= 6959:UDP:League of Legends Launcher"6919:TCP"= 6919:TCP:League of Legends Launcher"6919:UDP"= 6919:UDP:League of Legends Launcher"8383:TCP"= 8383:TCP:League of Legends Launcher"8383:UDP"= 8383:UDP:League of Legends Launcher"8393:TCP"= 8393:TCP:League of Legends Lobby"8393:UDP"= 8393:UDP:League of Legends Lobby"8390:TCP"= 8390:TCP:League of Legends Game Client"8390:UDP"= 8390:UDP:League of Legends Game Client"6909:TCP"= 6909:TCP:League of Legends Launcher"6909:UDP"= 6909:UDP:League of Legends Launcher"58651:TCP"= 58651:TCP:Pando Media Booster"58651:UDP"= 58651:UDP:Pando Media Booster.R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/10/2013 5:57 PM 103040]S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [7/7/2009 6:33 PM 14336]S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [7/7/2009 6:33 PM 18432]S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-18 02:56 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:13].2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-12-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004Core.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004UA.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43].2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Download with &Media Finder - c:\program files\Media Finder\hook.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.AddRemove-FreeFileViewer_is1 - c:\program files\FreeFileViewer\unins000.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-03 19:10Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3a,af,22,bd,98,30,27,0d,15,fc,72,99,2f,f0,56,38,98,ab,c2,29,90,fc,4a, ff,42,e1,c4,e9,c3,dc,e1,d7,2e,bb,be,3b,1f,69,f5,16,a2,7d,96,9b,1b,95,8d,18,\"??"=hex:98,c2,01,c2,f0,40,35,57,dd,be,35,30,0d,3c,cb,7a.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\License information*]"datasecu"=hex:a9,4b,0a,c4,03,34,06,b6,1c,e3,85,23,d3,ed,f9,6e,59,44,dc,c7,5b, 1e,bd,c6,6e,88,a9,fe,3b,03,10,e1,6a,d0,5f,a8,b2,93,bd,49,97,ba,14,0a,b0,70,\"rkeysecu"=hex:fa,ec,28,b2,05,23,b7,a4,93,95,54,34,e9,bc,9d,5b.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]"DisplayName"="???\17?\11\09""DeviceDesc"="???\17?\11\09""ProviderName"="???\11?\17?\11??""MFG"="???????""ReinstallString"=".10.1000.7""DeviceInstanceIds"=multi:"c:\\documents and settings\\administrator\\desktop\\wills drivers\\ma790chipset\\smbus\\smbusati.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(828)c:\windows\system32\Ati2evxx.dll.Completion time: 2013-12-03 19:11:08ComboFix-quarantined-files.txt 2013-12-04 00:11ComboFix2.txt 2013-12-02 22:19.Pre-Run: 64,507,699,200 bytes freePost-Run: 64,419,651,584 bytes free.- - End Of File - - 1250AD9272BDEB070678DF39C138DD8D8F558EB6672622401DA993E1E865C861 Here is the MBAM log: Malwarebytes' Anti-Malware 1.41Database version: 2775Windows 5.1.2600 Service Pack 3 12/3/2013 7:52:25 PMmbam-log-2013-12-03 (19-52-25).txt Scan type: Full Scan (C:\|F:\|G:\|)Objects scanned: 245712Time elapsed: 36 minute(s), 0 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)

Ok, I have uninstalled AVG and run ComboFix. Here is the log. ComboFix 13-12-01.01 - Will 12/02/2013 17:14:54.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2905 [GMT -5:00]Running from: c:\documents and settings\Will\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\Will\WINDOWSc:\windows\system32\Cachec:\windows\system32\Cache\019c6c0ef11c676a.fbc:\windows\system32\Cache\17418173961a6250.fbc:\windows\system32\Cache\1b4723a175d96669.fbc:\windows\system32\Cache\26c630d098e22dd5.fbc:\windows\system32\Cache\272512937d9e61a4.fbc:\windows\system32\Cache\287204568329e189.fbc:\windows\system32\Cache\28bc8f716fd76a47.fbc:\windows\system32\Cache\2c53092c95605355.fbc:\windows\system32\Cache\31a0997e9a5b5eb3.fbc:\windows\system32\Cache\32c84fe32bb74d60.fbc:\windows\system32\Cache\3917078cb68ec657.fbc:\windows\system32\Cache\590ba23ce359fd0c.fbc:\windows\system32\Cache\5a1f1741a9e6a299.fbc:\windows\system32\Cache\610289e025a3ee9a.fbc:\windows\system32\Cache\651c5d3cdbfb8bd1.fbc:\windows\system32\Cache\6aa78d57b69983e0.fbc:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbc:\windows\system32\Cache\6d03dad1035885d3.fbc:\windows\system32\Cache\71c5ff90c8a09a05.fbc:\windows\system32\Cache\737c9794d9df79a2.fbc:\windows\system32\Cache\76e71a78f429d89a.fbc:\windows\system32\Cache\83afa52ca9fed0a3.fbc:\windows\system32\Cache\88a946ac46b79b73.fbc:\windows\system32\Cache\95f567698be8a182.fbc:\windows\system32\Cache\a8556537add6dfc5.fbc:\windows\system32\Cache\aa3619c824ee53cd.fbc:\windows\system32\Cache\ad10a52aff5e038d.fbc:\windows\system32\Cache\b9545674517d401c.fbc:\windows\system32\Cache\c1fa887b03019701.fbc:\windows\system32\Cache\c4d28dca2e7648be.fbc:\windows\system32\Cache\d201ef9910cd39de.fbc:\windows\system32\Cache\d2e94710a5708128.fbc:\windows\system32\Cache\d79b9dfe81484ec4.fbc:\windows\system32\Cache\e988c50b3c6874d5.fbc:\windows\system32\Cache\f998975c9cc711ee.fbc:\windows\system32\Cache\fb0a3c319fb3dd3f.fbc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\FlashPlayerApp.exec:\windows\system32\SET428.tmpc:\windows\system32\SET42C.tmpc:\windows\system32\SET434.tmpc:\windows\system32\win.inic:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))..2013-11-28 14:56 . 2013-11-28 14:56 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-11-26 20:21 . 2013-11-26 20:24 -------- d-----w- c:\documents and settings\Will\Application Data\FreeFileViewer2013-11-26 00:22 . 2013-11-26 00:22 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\FreeFileViewer2013-11-26 00:22 . 2013-11-26 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Overwolf2013-11-26 00:21 . 2013-11-26 00:21 -------- d-----w- c:\program files\FreeFileViewer2013-11-26 00:21 . 2013-11-26 20:31 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\Overwolf2013-11-26 00:21 . 2013-11-26 00:21 -------- d-----w- c:\documents and settings\Will\Application Data\aartemis2013-11-26 00:20 . 2013-11-26 21:58 -------- d-----w- c:\program files\BuzzSearch...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-28 14:56 . 2009-07-17 02:13 105176 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-10-19 19:13 . 2012-02-14 15:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-13 07:25 . 2001-08-23 12:00 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-13 07:25 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-13 07:25 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-13 07:24 . 2001-08-23 12:00 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-13 06:57 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec2013-10-12 15:56 . 2001-08-23 12:00 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2001-08-23 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59 . 2001-08-23 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 01:14 . 2009-04-20 23:10 7168 ----a-w- c:\windows\system32\xpsp4res.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 22:43 69632 ----a-w- c:\windows\Alcmtr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]2002-12-06 16:19 56320 ----a-r- c:\windows\system32\delttray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]2012-11-06 01:38 138096 ----atw- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]2001-08-23 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-04-17 16:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2004-04-13 10:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]2009-09-10 19:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]2004-08-04 05:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2013-03-15 02:57 15668512 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]2013-03-15 02:57 223008 ----a-w- c:\windows\system32\nvmctray.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]2013-03-11 20:24 3093624 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2007-12-20 20:47 16860672 ----a-w- c:\windows\RTHDCPL.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Warcraft 3\\Frozen Throne.exe"="c:\\Program Files\\Warcraft 3\\Warcraft III.exe"="c:\\Program Files\\Warcraft 3\\War3.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Documents and Settings\\Will\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"="c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\chivalrymedievalwarfare\\Binaries\\Win32\\UDK.exe"="c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8381:TCP"= 8381:TCP:League of Legends Launcher"8381:UDP"= 8381:UDP:League of Legends Launcher"8370:TCP"= 8370:TCP:League of Legends Launcher"8370:UDP"= 8370:UDP:League of Legends Launcher"8371:TCP"= 8371:TCP:League of Legends Launcher"8371:UDP"= 8371:UDP:League of Legends Launcher"8372:TCP"= 8372:TCP:League of Legends Launcher"8372:UDP"= 8372:UDP:League of Legends Launcher"8373:TCP"= 8373:TCP:League of Legends Launcher"8373:UDP"= 8373:UDP:League of Legends Launcher"8374:TCP"= 8374:TCP:League of Legends Launcher"8374:UDP"= 8374:UDP:League of Legends Launcher"8375:TCP"= 8375:TCP:League of Legends Launcher"8375:UDP"= 8375:UDP:League of Legends Launcher"58748:TCP"= 58748:TCP:Pando Media Booster"58748:UDP"= 58748:UDP:Pando Media Booster"6905:TCP"= 6905:TCP:League of Legends Launcher"6905:UDP"= 6905:UDP:League of Legends Launcher"6886:TCP"= 6886:TCP:League of Legends Launcher"6886:UDP"= 6886:UDP:League of Legends Launcher"6906:TCP"= 6906:TCP:League of Legends Launcher"6906:UDP"= 6906:UDP:League of Legends Launcher"6921:TCP"= 6921:TCP:League of Legends Launcher"6921:UDP"= 6921:UDP:League of Legends Launcher"6891:TCP"= 6891:TCP:League of Legends Launcher"6891:UDP"= 6891:UDP:League of Legends Launcher"6978:TCP"= 6978:TCP:League of Legends Launcher"6978:UDP"= 6978:UDP:League of Legends Launcher"6960:TCP"= 6960:TCP:League of Legends Launcher"6960:UDP"= 6960:UDP:League of Legends Launcher"6982:TCP"= 6982:TCP:League of Legends Launcher"6982:UDP"= 6982:UDP:League of Legends Launcher"8382:TCP"= 8382:TCP:League of Legends Launcher"8382:UDP"= 8382:UDP:League of Legends Launcher"6940:TCP"= 6940:TCP:League of Legends Launcher"6940:UDP"= 6940:UDP:League of Legends Launcher"6923:TCP"= 6923:TCP:League of Legends Launcher"6923:UDP"= 6923:UDP:League of Legends Launcher"6898:TCP"= 6898:TCP:League of Legends Launcher"6898:UDP"= 6898:UDP:League of Legends Launcher"6959:TCP"= 6959:TCP:League of Legends Launcher"6959:UDP"= 6959:UDP:League of Legends Launcher"6919:TCP"= 6919:TCP:League of Legends Launcher"6919:UDP"= 6919:UDP:League of Legends Launcher"8383:TCP"= 8383:TCP:League of Legends Launcher"8383:UDP"= 8383:UDP:League of Legends Launcher"8393:TCP"= 8393:TCP:League of Legends Lobby"8393:UDP"= 8393:UDP:League of Legends Lobby"8390:TCP"= 8390:TCP:League of Legends Game Client"8390:UDP"= 8390:UDP:League of Legends Game Client"6909:TCP"= 6909:TCP:League of Legends Launcher"6909:UDP"= 6909:UDP:League of Legends Launcher"58651:TCP"= 58651:TCP:Pando Media Booster"58651:UDP"= 58651:UDP:Pando Media Booster.R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [5/10/2013 5:57 PM 103040]S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [7/7/2009 6:33 PM 14336]S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [7/7/2009 6:33 PM 18432]S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-11-18 02:56 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:13].2012-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2013-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004Core.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-1123561945-839522115-1004UA.job- c:\documents and settings\Will\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-11-06 01:38].2013-12-02 c:\windows\Tasks\FreeFileViewerUpdateChecker.job- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2013-11-26 23:24].2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43].2013-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-08 02:43]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Download with &Media Finder - c:\program files\Media Finder\hook.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnkTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2014\avgui.exeMSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exeMSConfigStartUp-Overwolf - c:\program files\Overwolf\Overwolf.exeMSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exeAddRemove-HijackThis - c:\documents and settings\Will\Desktop\HiJackThis\HijackThis.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-12-02 17:18Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:3a,af,22,bd,98,30,27,0d,15,fc,72,99,2f,f0,56,38,98,ab,c2,29,90,fc,4a, ff,42,e1,c4,e9,c3,dc,e1,d7,2e,bb,be,3b,1f,69,f5,16,a2,7d,96,9b,1b,95,8d,18,\"??"=hex:98,c2,01,c2,f0,40,35,57,dd,be,35,30,0d,3c,cb,7a.[HKEY_USERS\S-1-5-21-2000478354-1123561945-839522115-1004\Software\SecuROM\License information*]"datasecu"=hex:a9,4b,0a,c4,03,34,06,b6,1c,e3,85,23,d3,ed,f9,6e,59,44,dc,c7,5b, 1e,bd,c6,6e,88,a9,fe,3b,03,10,e1,6a,d0,5f,a8,b2,93,bd,49,97,ba,14,0a,b0,70,\"rkeysecu"=hex:fa,ec,28,b2,05,23,b7,a4,93,95,54,34,e9,bc,9d,5b.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]"DisplayName"="???\17?\11\09""DeviceDesc"="???\17?\11\09""ProviderName"="???\11?\17?\11??""MFG"="???????""ReinstallString"=".10.1000.7""DeviceInstanceIds"=multi:"c:\\documents and settings\\administrator\\desktop\\wills drivers\\ma790chipset\\smbus\\smbusati.inf\00".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(844)c:\windows\system32\Ati2evxx.dll.Completion time: 2013-12-02 17:19:28ComboFix-quarantined-files.txt 2013-12-02 22:19.Pre-Run: 63,130,071,040 bytes freePost-Run: 64,492,154,880 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer.- - End Of File - - 939D63C5A00F719F48E703C35B3B43208F558EB6672622401DA993E1E865C861

I attempted to disable my AVG 2014, and followed the instructions in the sticky topic on disabling security applications. ComboFix still detected an AVG update module running, and I have been unable to find and disable it. All the update options, schedule options, and protection options have been disabled. Should I still run ComboFix despite the warning?

Currently the only symptoms I am aware of are infected browsers. Here is the Malwarebytes Anti rootkit log: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 3.214000 GHzMemory total: 3488002048, free: 2607083520 Downloaded database version: v2013.11.28.06Downloaded database version: v2013.10.11.02Initializing...======================------------ Kernel report ------------ 11/28/2013 09:56:38------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllACPI.sys\WINDOWS\System32\DRIVERS\WMILIB.SYSpci.sysohci1394.sys\WINDOWS\System32\DRIVERS\1394BUS.SYSisapnp.syspciide.sys\WINDOWS\System32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\System32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysPxHelp20.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.sysMup.sysavgrkx86.sysavglogx.sysavgmfx86.sysavgidshx.sys\SystemRoot\System32\DRIVERS\nic1394.sys\SystemRoot\system32\DRIVERS\AmdK8.sys\SystemRoot\System32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\ati2mtag.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\System32\DRIVERS\Rtenicxp.sys\SystemRoot\System32\DRIVERS\usbohci.sys\SystemRoot\System32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\System32\DRIVERS\cdrom.sys\SystemRoot\System32\DRIVERS\redbook.sys\SystemRoot\System32\DRIVERS\ks.sys\SystemRoot\System32\Drivers\GEARAspiWDM.sys\SystemRoot\system32\drivers\delta.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\DRIVERS\fdc.sys\SystemRoot\System32\DRIVERS\serial.sys\SystemRoot\System32\DRIVERS\serenum.sys\SystemRoot\System32\DRIVERS\parport.sys\SystemRoot\System32\DRIVERS\i8042prt.sys\SystemRoot\System32\DRIVERS\mouclass.sys\SystemRoot\System32\DRIVERS\kbdclass.sys\SystemRoot\System32\DRIVERS\audstub.sys\SystemRoot\System32\DRIVERS\bridge.sys\SystemRoot\System32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\rasl2tp.sys\SystemRoot\System32\DRIVERS\ndistapi.sys\SystemRoot\System32\DRIVERS\ndiswan.sys\SystemRoot\System32\DRIVERS\raspppoe.sys\SystemRoot\System32\DRIVERS\raspptp.sys\SystemRoot\System32\DRIVERS\psched.sys\SystemRoot\System32\DRIVERS\msgpc.sys\SystemRoot\System32\DRIVERS\ptilink.sys\SystemRoot\System32\DRIVERS\raspti.sys\SystemRoot\System32\DRIVERS\rdpdr.sys\SystemRoot\System32\DRIVERS\termdd.sys\SystemRoot\System32\DRIVERS\swenum.sys\SystemRoot\System32\DRIVERS\update.sys\SystemRoot\System32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdXP3.sys\SystemRoot\System32\DRIVERS\usbhub.sys\SystemRoot\System32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\RtkHDAud.sys\SystemRoot\System32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\System32\DRIVERS\ipsec.sys\SystemRoot\System32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\avgtdix.sys\SystemRoot\System32\DRIVERS\ipnat.sys\SystemRoot\System32\DRIVERS\arp1394.sys\SystemRoot\System32\DRIVERS\wanarp.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbios.sys\SystemRoot\System32\DRIVERS\rdbss.sys\SystemRoot\System32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\avgldx86.sys\SystemRoot\system32\DRIVERS\avgidsshimx.sys\SystemRoot\system32\DRIVERS\avgidsdriverx.sys\SystemRoot\system32\DRIVERS\avgdiskx.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_WMILIB.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ati2dvag.dll\SystemRoot\System32\ati2cqag.dll\SystemRoot\System32\atikvmag.dll\SystemRoot\System32\atiok3x2.dll\SystemRoot\System32\ati3duag.dll\SystemRoot\System32\ativvaxx.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\nwlnkipx.sys\SystemRoot\system32\DRIVERS\nwlnknb.sys\SystemRoot\System32\DRIVERS\ndisuio.sys\SystemRoot\System32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\ParVdm.SYS\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\nwlnkspx.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\System32\Drivers\HTTP.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff8b0c7ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\Lower Device Object: 0xffffffff8b0cc940Lower Device Driver Name: \Driver\atapi\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8b0ffab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\Lower Device Object: 0xffffffff8b124d98Lower Device Driver Name: \Driver\atapi\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8b11eab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\Lower Device Object: 0xffffffff8b125d98Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8b11eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b126168, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b11eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b113f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b125d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: C640C63 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 268413957 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250058268160 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488375055-488395055)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8b0ffab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b19cb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b0ffab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b1103b8, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b124d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 44A91B35 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160040803840 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 2, DevicePointer: 0xffffffff8b0c7ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8b19c958, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8b0c7ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8b1a29e8, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8b0cc940, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: 7393CE69 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160040803840 bytesSector size: 512 bytes Done!Infected: HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: C:\Documents and Settings\Will\Application Data\Media Finder\Extensions\gencrawler_gc.dll --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\INPROCSERVER32 --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\CLASSES\gencrawler_gc.GenCrawler --> [Trojan.Downloader]Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} --> [Trojan.Downloader]Read File: File "c:\documents and settings\all users\application data\avg2014\chjw\4cb0d599b0d58a3a.dat:5df2cd06-e1ab-4721-9a76-de6905e9e001" is sparse (flags = 32768)Infected file C:\Documents and Settings\Will\Local Settings\Temp\is1914646434\5877403_stp\wajam_validate.exe could not be remediated because backup file is not availableRead File: File "c:\windows\system32\config\systemprofile\local settings\application data\avg2014\log\avg-9a0edf74-476d-450c-840a-7243c9b4f438.tmp" is compressed (flags = 1)Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_30 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXEDCPU speed: 3.214000 GHzMemory total: 3488002048, free: 2777862144 =======================================

So far all I have found is Aartemis is in my browsers. There was also something else called Overwolf that I think I was able to uninstall. Here are my log files. Thanks for your help! dds.txt attach.txt

I was recently able to make some headway. following the instructions found here: http://forums.spybot.info/showthread.php?p=326924 here is a copy of my combofix log. i am currently running MBAM. ComboFix 09-08-09.04 - John DeVore 08/10/2009 9:17.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.645 [GMT -4:00] Running from: c:\documents and settings\John DeVore\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\documents\setup.exe c:\documents and settings\John DeVore\oashdihasidhasuidhiasdhiashdiuasdhasd c:\recycler\S-1-5-21-3681305839-2988916622-607333321-1003 c:\windows\Installer\1b07a.msp c:\windows\Installer\278d6.msp c:\windows\Installer\2f887f.msp c:\windows\Installer\42457.msp c:\windows\run.log c:\windows\system32\bszip.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATI64SI -------\Legacy_I386SI -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 ))))))))))))))))))))))))))))))) . 2009-08-10 16:43 . 2009-08-10 16:43 -------- d-----w- C:\B4BDA73C 2009-08-10 12:25 . 2009-08-10 12:25 -------- d-----w- c:\program files\Trend Micro 2009-08-10 11:57 . 2009-08-10 11:57 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys 2009-08-10 11:57 . 2009-08-10 11:57 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys 2009-08-10 11:57 . 2009-08-10 11:57 -------- d-----w- c:\program files\Prevx 2009-08-10 11:57 . 2009-08-10 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-08-07 18:11 . 2009-08-07 18:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-07 16:20 . 2009-08-07 16:21 -------- d-----w- c:\program files\Tsrend Micro 2009-08-07 14:08 . 2009-08-07 14:08 -------- d--h--w- c:\windows\PIF 2009-08-07 12:11 . 2009-08-07 12:11 -------- d-----w- c:\documents and settings\John DeVore\DoctorWeb 2009-08-06 22:06 . 2009-08-06 22:06 -------- d-----w- c:\documents and settings\John DeVore\Application Data\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 18:09 . 2009-05-11 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-30 01:02 . 2009-02-13 19:12 4713 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys 2009-07-15 13:24 . 2007-04-14 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-12 23:58 . 2009-04-14 16:26 865544 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe 2009-07-12 23:58 . 2009-04-14 16:26 38664 ------w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe 2009-06-29 16:12 . 2005-05-13 02:44 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2005-05-13 02:43 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2005-05-13 02:43 17408 ------w- c:\windows\system32\corpol.dll 2009-06-29 13:50 . 2009-06-29 13:50 -------- d-----w- c:\program files\7-Zip 2009-06-16 14:36 . 2005-05-13 02:44 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2005-05-13 02:43 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 19:09 . 2005-05-13 02:43 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Auto EPSON Stylus CX4200 Series on DEVORE-D8O3J6BN"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "Auto EPSON Stylus CX4200 Series on DLAWG-OFFICE"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 73728] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-03-08 24576] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-26 65536] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 122880] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-07 155648] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 1077301] "Notebook Maximizer"="c:\program files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 28672] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-24 28672] "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-04-29 675840] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-05-01 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-12-28 270336] "TFncKy"="TFncKy.exe" [bU] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-04-20 28672] "NDSTray.exe"="NDSTray.exe" [bU] "Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-04-12 88358] c:\documents and settings\John DeVore\Start Menu\Programs\Startup\ Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2009-4-17 12438896] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-12 984352] RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-8-18 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 19:27 110592 ------w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^John DeVore^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVCERSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\VectorWorks 12.0.0\\VectorWorks.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/10/2009 7:57 AM 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/10/2009 7:57 AM 27656] S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/10/2009 7:57 AM 4368952] S4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB19 [?] . Contents of the 'Scheduled Tasks' folder 2006-03-31 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21134434789.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe HKCU-Run-AV Care - c:\program files\AV Care\AvCare.exe HKLM-Run-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe HKLM-Run-net - c:\windows\system32\net.net HKLM-Run-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://devoreslandandwater.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = localhost uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\documents and settings\John DeVore\Application Data\Mozilla\Firefox\Profiles\elh2j8eg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.devoreslandandwater.com FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-10 09:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(332) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\windows\system32\drivers\CDANTSRV.EXE c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\TPSBattM.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE c:\program files\Apoint2K\ApntEx.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-10 9:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-10 13:32 Pre-Run: 31,668,396,032 bytes free Post-Run: 31,810,174,976 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 222 --- E O F --- 2009-08-07 20:08

I have recently been infected with AVCare, which i was able to remove. At least the visible signs. Malwarebytes, hijackthis, combofix and superantispyware will not run. i have run every other program i know of (RootRepeal, combofix, dr. web, AVIRA rescue cd, Secured2k's BootCD, etc). Thanks in advance for your help!

I believe i am dealing with the (CLB Rootkit-WinNT.Alureon), TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX/hjgrui/wzszx as described in the sticky, but i have been unable to use root repeal to do a scan of files. Please help!

i was finally able to locate and delete some UAC files associated with tr/tdss.waf, tr/tdss.wae, and tr/alureon.cd. i then ran rootrepeal. following is the log. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/07 13:34 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEE716000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A19000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB81B9000 Size: 49152 File Visible: No Signed: - Status: - Name: win32k.sys:1 Image Path: C:\WINDOWS\win32k.sys:1 Address: 0xF78E3000 Size: 20480 File Visible: No Signed: - Status: - Name: win32k.sys:2 Image Path: C:\WINDOWS\win32k.sys:2 Address: 0xEE88F000 Size: 61440 File Visible: No Signed: - Status: - Hidden Services ------------------- Service Name: UACd.sys Image Path: C:\WINDOWS\system32\drivers\UACyroruyabdw.sys ==EOF== When I tried to scan for files, rootrepeal would crash every time when it came to $hf_mig$.

also i saw momentarily a process called n.pif appear and then disappear in the task manager when i tried to run combofix(without sucess). i am about to try the AVIRA Rescue-CD.

I was finally able to get HiJackThis to run briefly by renaming it and its containing folders but it crashes and doesn't save a log file. Any help at all would be appreciated!

Here is my most recent scan with RootRepeal. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/07 11:56 Program Version: Version 1.3.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address: 0xF7503000 Size: 57344 File Visible: - Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xF7494000 Size: 187776 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2189056 File Visible: - Signed: - Status: - Name: ACPIEC.sys Image Path: ACPIEC.sys Address: 0xF78FF000 Size: 11648 File Visible: - Signed: - Status: - Name: AFS2K.SYS Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS Address: 0xF75A3000 Size: 35840 File Visible: - Signed: - Status: - Name: Apfiltr.sys Image Path: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys Address: 0xF7253000 Size: 98784 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF742E000 Size: 96512 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS Address: 0xF78FB000 Size: 16384 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF7A01000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF78F3000 Size: 12288 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF70B8000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xF75B3000 Size: 62976 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7543000 Size: 53248 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: compbatt.sys Address: 0xF78F7000 Size: 10240 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7533000 Size: 36352 File Visible: - Signed: - Status: - Name: drvmcdb.sys Image Path: drvmcdb.sys Address: 0xF73F8000 Size: 86208 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF7110000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A13000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xF71CA000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7B89000 Size: 4096 File Visible: - Signed: - Status: - Name: EMS7SK.sys Image Path: C:\WINDOWS\system32\DRIVERS\EMS7SK.sys Address: 0xF7563000 Size: 57984 File Visible: - Signed: - Status: - Name: ESD7SK.sys Image Path: C:\WINDOWS\system32\DRIVERS\ESD7SK.sys Address: 0xF7573000 Size: 37248 File Visible: - Signed: - Status: - Name: ESM7SK.sys Image Path: C:\WINDOWS\system32\DRIVERS\ESM7SK.sys Address: 0xF726C000 Size: 74112 File Visible: - Signed: - Status: - Name: Fastfat.SYS Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xF7128000 Size: 143744 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xF740E000 Size: 129792 File Visible: - Signed: - Status: - Name: framebuf.dll Image Path: C:\WINDOWS\System32\framebuf.dll Address: 0xBFF50000 Size: 12288 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79FD000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF7446000 Size: 125056 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806EE000 Size: 131840 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\WINDOWS\System32\Drivers\HIDCLASS.SYS Address: 0xF7613000 Size: 36864 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\System32\Drivers\HIDPARSE.SYS Address: 0xF786B000 Size: 28672 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF7583000 Size: 52480 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xF7593000 Size: 42112 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: intelide.sys Address: 0xF79E7000 Size: 5504 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF74E3000 Size: 37248 File Visible: - Signed: - Status: - Name: iviaspi.sys Image Path: C:\WINDOWS\system32\drivers\iviaspi.sys Address: 0xF77BB000 Size: 20992 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF78C3000 Size: 24576 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF79E3000 Size: 8192 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xF7230000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF73E1000 Size: 92288 File Visible: - Signed: - Status: - Name: LHidFlt2.Sys Image Path: C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys Address: 0xF78AB000 Size: 24320 File Visible: - Signed: - Status: - Name: LHidUsb.Sys Image Path: C:\WINDOWS\System32\Drivers\LHidUsb.Sys Address: 0xF7603000 Size: 33504 File Visible: - Signed: - Status: - Name: LMouFlt2.Sys Image Path: C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys Address: 0xF7623000 Size: 63328 File Visible: - Signed: - Status: - Name: meiudf.sys Image Path: C:\WINDOWS\System32\Drivers\meiudf.sys Address: 0xF715D000 Size: 102112 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF78EB000 Size: 23040 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xF72B7000 Size: 12160 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF7513000 Size: 42368 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF77DB000 Size: 19072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF798B000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF730D000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF7327000 Size: 182656 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF77EB000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF7354000 Size: 574976 File Visible: - Signed: - Status: - Name: ntoskrnl.exe Image Path: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2189056 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7B17000 Size: 2944 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xF74F3000 Size: 61696 File Visible: - Signed: - Status: - Name: OPRGHDLR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Address: 0xF7AAC000 Size: 4096 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF776B000 Size: 19712 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF7483000 Size: 68224 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7AAB000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7763000 Size: 28672 File Visible: - Signed: - Status: - Name: pcmcia.sys Image Path: pcmcia.sys Address: 0xF7465000 Size: 120192 File Visible: - Signed: - Status: - Name: pfc.sys Image Path: C:\WINDOWS\system32\drivers\pfc.sys Address: 0xF77A3000 Size: 21248 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2189056 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7773000 Size: 20000 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2189056 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF75C3000 Size: 57600 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF7663000 Size: 49152 File Visible: No Signed: - Status: - Name: sscdbhk5.sys Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys Address: 0xF79EF000 Size: 5568 File Visible: - Signed: - Status: - Name: ssrtln.sys Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys Address: 0xF78CB000 Size: 23488 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF79F5000 Size: 4352 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF75D3000 Size: 40704 File Visible: - Signed: - Status: - Name: Udfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS Address: 0xF714C000 Size: 66048 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xF71D2000 Size: 384768 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF79F9000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xF787B000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF75E3000 Size: 59520 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xF727F000 Size: 147456 File Visible: - Signed: - Status: - Name: USBSTOR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xF7813000 Size: 26368 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xF784B000 Size: 20608 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF78DB000 Size: 20992 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS Address: 0xF7196000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF7523000 Size: 52352 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF7823000 Size: 20480 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: win32k.sys:1 Image Path: C:\WINDOWS\win32k.sys:1 Address: 0xF782B000 Size: 20480 File Visible: No Signed: - Status: - Name: win32k.sys:2 Image Path: C:\WINDOWS\win32k.sys:2 Address: 0xF70D8000 Size: 61440 File Visible: No Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF79E5000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2189056 File Visible: - Signed: - Status: -

i am still unable to run Malwarebytes. Hijackthis finally installed but it won't run. Is there any other program out there that might be able to help me with this?

after the Mcafee VS ran this is the report it gave me. I renamed the mbam.exe to eatthis.exe and now i am unable to even rename it. McAfee VirusScan for Win32 v5.30.0 Copyright © 1992-2008 McAfee, Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Jun 16 2008 This product is fully supported. This engine is fully supported. Shell: 12.11 Build: 119 Engine: V5300.2777 Scan engine v5.3.00 for Win32. Virus data file v5700 created Aug 06 2009 Scanning for 543519 viruses, trojans and variants. 08/07/2009 10:19:26 Options: /LOAD VSRE.OPT Scanning C: [sQ003914] Scanning C:\*.* C:\Documents and Settings\John DeVore\Local Settings\Temp\RarSFX0\42jmg.exe ... file could not be opened. C:\Documents and Settings\John DeVore\Local Settings\Temp\UAC68c6.tmp ... Found the DNSChanger!ba trojan !!! The file has been deleted. C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE ... Found potentially unwanted program ASKToolbar. The file has been deleted. C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL ... Found potentially unwanted program ASKToolbar.dll. The file has been deleted. C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL ... Found potentially unwanted program ASKToolbar.dll. The file has been deleted. C:\Program Files\Malwarebytes' Anti-Malware\eatthis.exe ... file could not be opened. C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF} ... file could not be opened. C:\WINDOWS\system32\drivers\UACyroruyabdw.sys ... Found the Generic FakeAlert!bd trojan !!! The file has been deleted. C:\WINDOWS\system32\dumprep.exe ... file could not be opened. C:\WINDOWS\system32\UACkrigwrtevp.dll ... Found the Generic FakeAlert.k trojan !!! The file has been deleted. Summary report on C:\*.* File(s) Total files: ........... 140800 Clean: ................. 140794 Possibly Infected: ..... 3 Cleaned: ............... 0 Moved: ................. 0 Deleted: ............... 6 Non-critical Error(s): 1 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Scanning M: [boot] Scanning M:\*.* Summary report on M:\*.* File(s) Total files: ........... 18 Clean: ................. 18 Possibly Infected: ..... 0 Cleaned: ............... 0 Moved: ................. 0 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 01:01.59 Error Code Returned: 13

i have downloaded and am currently running a boot cd created by secured2k from mcafee. when running mcafee VS it found uac68c6.tmp calling it the DNSChanger!ba trojan. also it found C:\Documents and Settings\*username*\Local Settings\Temp\RarSFX0\42jmg.exe and said "the file could not be opened".

Hello. My bosses computer recently was infected with AVcare. i deleted the avcare files, and the alerts stopped showing up, and no more AVcare files can be found, but i am still unable to run MBAM or McAfee. Using RootRepeal i found win32k.sys:1 and win32k.sys:2, both of which i was unable to remove with RootRepeal, and was unable to see with Xenon File manager. I tried renaming MBAM, and it ran for a few seconds before it was closed. I have been unable to install HijackThis. Thanks in advance for your help! Avenger Log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "{79007602-0CDB-4405-9DBF-1257BB3226ED}" found! ImagePath: \systemroot\win32k.sys:1 Driver disable failed! Start Type: 3 (Manual) Rootkit scan completed. Completed script processing. ******************* Finished! Terminate.

i was able to remove the problem. it was fakealert i believe, and its associated UAC files. i used another computer to make the boot cd created by secured2K from mcafee. then i used the provided file finder to locate and delete the uac files. then i used mcafee vs, and another online vs from the bootcd, and malwarebytes. each one found lingering traces but everything is working correctly now. thank you for your help!

something is still on the computer, for sure. normal links in my web browser are taking me to random advertisement websites instead.

alright. the Dr. web found 2 trojans i think. here is the report and the new hijackthis log. thanks for your help! what's next? net.net;c:\windows\system32;Trojan.Click.25308;Deleted.; acmxrsnowe.tmp;C:\Documents and Settings\Will\Local Settings\Temp;Trojan.Click.25308;Deleted.; UACgctvbjqvcvjrmtwjk.dll;C:\WINDOWS\system32;BackDoor.Tdss.105;Deleted.; UACvvxoqubvpiqbrowki.dll;C:\WINDOWS\system32;BackDoor.Tdss.49;Deleted.; UACwwehdpbdkerbwvqpf.dll;C:\WINDOWS\system32;Trojan.Packed.365;; ------------------------------------It doesnt look like anything happened with this file, but im not sure. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:12:22 AM, on 7/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Will\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - Global Startup: forteManager.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210810525950 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6570 bytes