Multiple attacks on VISTA (Koobface, Errorsmart, Drivercure, Antispyware).. Removal?

Question

jimbailey 0 Newbie Poster

14 Years Ago

Hi Daniweb,

I'm a new user and intermediate computer technician trying to rid my friends and myself of a barrage of attacks from facebook,twitter,bebo and myspace based trojans.

I have been for the past 4 days scanning and removing spyware from laptops infected with the Koobface, Drivercure, Errorsmart and Antispyware malwares.

So far I have not managed to reduce the infections enough to stop self-replication and permutations preventing me from removing them completely. Using MalwareBytes I found the most results (178 to be exact) and removed them, then Norton found about 7 - removed, Adaware found about 12 - removed, Spyware Terminator found none and "Exterminate It!" still finds a further 29 but I would have to pay to remove them and still have to go through the registry to remove further entries..(one I have been keeping an eye on in: HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden - the value is set to 2) which hasn't changed but I'm uncertain if I should remove it.

Have run Ccleaner and cleaned registry but no difference yet and Driver Cure just now as I'm typing put up a new Icon on the desktop by itself after my having deleted it...

I have run Hijack This and saved a log file which I can send if you have any way you can help me as I've done all I can think of.

Any information or steps would be highly appreciated

Sincerely,

Jim Bailey.

windows-virus

2 Contributors
23 Replies
302 Views
2 Weeks Discussion Span
Latest Post 14 Years Ago Latest Post by crunchie

All 23 Replies

crunchie 990 Most Valuable Poster

14 Years Ago

Hi and welcome to the Daniweb forums :).

==========

You need to post in the correct forum where you will get the help you need.
Fasten seat belt, moving now.

crunchie 990 Most Valuable Poster

14 Years Ago

Post your hijackthis log and your latest MBA-M log please.

crunchie 990 Most Valuable Poster

14 Years Ago

Can you please do the following.

===============

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

===============

Go to Add/Remove programs and uninstall the following, if present:

**Crawler**

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Scan with HijackThis and then place a check next to all the following, if present:

** R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop[/url] **
** R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop[/url] **
** R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = **
** R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = **
** R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = **

** O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:PROGRA~1Crawlerctbr.dll **
** O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) **
** O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) **

** O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) **
** O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:PROGRA~1Crawlerctbr.dll **

** O4 - Global Startup: Bluetooth.lnk = ? **

** O8 - Extra context menu item: Crawler Search - tbr:iemenu **

** O13 - Gopher Prefix: **

** O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:PROGRA~1Crawlerctbr.dll **

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to http://www.xtra.co.nz/help/0,,4155-1916458,00.html]view system and hidden files/ folders:

folders...

C:PROGRA~1[color=#ff0000]Crawler

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in **Safe Mode **by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears,press F8.
Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

Reboot.

===============

Please download ComboFix by sUBs from here](http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or here
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..[/list]

Do not mouse-click combofix's window while it is running. That may cause it to stall.**
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.**

Run Combofix ONCE only!!

Edited 11 Years Ago by Reverend Jim because: Fixed formatting

crunchie 990 Most Valuable Poster

14 Years Ago

I noticed that there are at least 3 Anti-Virus programs on there. You need to uninstall all but one.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

You will need to use Internet Explorer to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner • Panda Active Scan • Trend Micro HouseCall • F-Secure Online Virus Scanner

crunchie 990 Most Valuable Poster

14 Years Ago

http://windowsxp.mvps.org/cpicon.htm for the control panel folder icon.

===========

For removing add/remove entries that are left-over;

Create a new restore point.
Click Start > Run > Type or copy & paste regedit. The registry editor will open.
Then go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and delete the offending entry in the right hand pane.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jimbailey 0 Newbie Poster · Answer 1 · 2009-12-03T13:54:53+00:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:37 PM, on 3/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Update Service (gupdate1c9f0cab2c37412) (gupdate1c9f0cab2c37412) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14124 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 3260
Windows 6.0.6002 Service Pack 2

3/12/2009 6:02:08 PM
mbam-log-2009-12-03 (18-02-08).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jimbailey 0 Newbie Poster · Answer 2 · 2009-12-03T13:58:11+00:00

sorry, last mbam logfile was wrong one.. re-posting....

jimbailey 0 Newbie Poster · Answer 3 · 2009-12-03T14:00:23+00:00

Malwarebytes' Anti-Malware 1.41
Database version: 3260
Windows 6.0.6002 Service Pack 2

1/12/2009 12:00:36 AM
mbam-log-2009-12-01 (00-00-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 341756
Time elapsed: 1 hour(s), 58 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 70
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 61

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\e20d6ec50a67ec04083b1251f2935d09 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\e20d6ec50a67ec04083b1251f2935d09 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10cd00a0c66d64141805e4416afb7576 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\77b12cd46424a9b459aed6602d99c187 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f3cb2b9f6374b3f4fa195696edbc71c1 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\f93664c5193d3144e99dc1ac7da0c6a6 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473d1b29f95b96241830b6a6ade19368 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5a144bd76064d1645b6e74c0734ee406 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\simon\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\simon\Downloads\setupxv(3).exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\simon\Downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\CURRENT_USER (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\DEFAULT (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\SAM (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\SECURITY (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\SOFTWARE (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-27-29.rbu\SYSTEM (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\CURRENT_USER (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\DEFAULT (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\SAM (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\SECURITY (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\SOFTWARE (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Full Backups\FULL 2008-08-10_21-28-51.rbu\SYSTEM (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Log\2009 Nov 08 - 04_57_19 AM_298.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-10_20-22-18.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-10_20-34-43.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-10_20-35-04.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-10_21-03-48.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-10_21-40-30.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-11_06-25-08.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-11_06-25-36.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-16_18-10-46.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-19_20-56-15.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-27_17-29-41.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-27_17-29-56.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-08-31_18-39-07.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-09-08_07-48-15.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-03_19-44-28.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-03_19-44-46.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-10_10-07-22.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-10_11-24-29.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-12_16-49-19.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-12_16-49-35.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-26_12-28-40.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-10-29_08-06-22.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-11-15_16-11-05.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-11-18_17-25-38.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-11-25_19-12-19.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-12-01_16-50-09.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-12-22_17-30-51.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2008-12-28_23-11-31.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-01-06_10-48-29.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-01-15_18-36-59.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-02-05_18-00-13.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-02-15_23-29-40.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-03-02_18-59-28.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-03-15_22-03-54.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-06-01_20-07-15.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\2009-07-06_15-31-33.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\FULL 2008-08-10_21-27-29.rbu (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\simon\AppData\Roaming\ErrorSmart\Registry Backups\FULL 2008-08-10_21-28-51.rbu (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\DataBase.ref (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\ErrorSmart.exe (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Program Files\ErrorSmart\ErrorSmart.url (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465250.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465355.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Windows\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.

jimbailey 0 Newbie Poster · Answer 4 · 2009-12-03T14:03:32+00:00

Correction: *Using MalwareBytes I found the most results (178 to be exact)* is only 68, the 178 was on Panda which asked for payment also..

jimbailey 0 Newbie Poster · Answer 5 · 2009-12-03T17:51:17+00:00

ComboFix 09-12-02.05 - simon 03/12/2009 22:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2046.837 [GMT 11:00]
Running from: c:\users\simon\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3572511261-404223143-2725374103-1004
c:\$recycle.bin\S-1-5-21-3572511261-404223143-2725374103-1005
c:\$recycle.bin\S-1-5-21-3572511261-404223143-2725374103-1007
c:\$recycle.bin\S-1-5-21-3572511261-404223143-2725374103-500
c:\$recycle.bin\S-1-5-21-4172042406-2404701085-3825984445-500
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-03 11:41 . 2009-12-03 11:41 -------- d-----w- c:\users\Kathy\AppData\Local\temp
2009-12-03 11:41 . 2009-12-03 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-03 11:41 . 2009-12-03 11:41 -------- d-----w- c:\users\Anna\AppData\Local\temp
2009-12-03 11:41 . 2009-12-03 11:41 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2009-12-03 08:22 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-03 08:22 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-03 08:22 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-03 08:22 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-03 08:22 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-03 08:22 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-03 08:22 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-03 08:22 . 2009-12-03 08:22 -------- d-----w- c:\program files\Alwil Software
2009-12-03 07:07 . 2009-12-03 07:07 -------- d-----w- c:\users\simon\AppData\Roaming\AVG8
2009-12-03 06:18 . 2009-12-03 06:18 -------- d-----w- c:\program files\Trend Micro
2009-12-03 02:49 . 2009-11-26 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\NAVENG.SYS
2009-12-03 02:49 . 2009-11-26 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\NAVENG32.DLL
2009-12-03 02:49 . 2009-11-26 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\NAVEX32A.DLL
2009-12-03 02:49 . 2009-11-26 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\NAVEX15.SYS
2009-12-03 02:49 . 2009-11-26 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\EECTRL.SYS
2009-12-03 02:49 . 2009-11-26 09:00 2747952 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\CCERASER.DLL
2009-12-03 02:49 . 2009-11-26 09:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\ECMSVR32.DLL
2009-12-03 02:49 . 2009-11-26 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091202.024\ERASER.SYS
2009-12-02 13:33 . 2009-12-02 13:33 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-02 10:19 . 2009-12-02 10:26 4096 d-----w- c:\program files\Windows Live Safety Center
2009-12-02 10:16 . 2009-12-02 10:16 -------- d-----w- c:\users\simon\AppData\Local\SHOUTcast Radio Toolbar
2009-11-30 10:57 . 2009-11-30 10:57 -------- d-----w- c:\users\simon\AppData\Roaming\Malwarebytes
2009-11-30 10:56 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 10:56 . 2009-11-30 10:56 -------- d-----w- c:\programdata\Malwarebytes
2009-11-30 10:56 . 2009-11-30 10:57 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 10:56 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 10:27 . 2009-12-03 05:12 4096 d-----w- c:\program files\Exterminate It!
2009-11-30 10:26 . 2009-11-30 07:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-30 07:34 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-30 07:32 . 2009-11-30 07:32 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-30 07:32 . 2009-11-30 07:32 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-30 07:32 . 2009-11-30 07:32 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-30 07:32 . 2009-11-30 07:32 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-30 07:32 . 2009-11-30 07:32 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-30 07:32 . 2009-11-30 07:32 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-30 07:32 . 2009-11-30 07:32 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-30 07:32 . 2009-11-30 07:32 1638640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-30 07:31 . 2009-11-30 07:32 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-30 07:31 . 2009-11-30 07:31 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-30 07:27 . 2009-11-30 07:28 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-30 07:27 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-30 07:27 . 2009-11-30 07:34 -------- d-----w- c:\programdata\Lavasoft
2009-11-30 07:27 . 2009-11-30 07:27 -------- d-----w- c:\program files\Lavasoft
2009-11-30 06:54 . 2009-08-25 23:34 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-11-27 13:33 . 2009-12-02 13:33 3519152 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\DriverCure Installer.exe
2009-11-27 13:28 . 2009-08-25 23:34 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-11-27 11:12 . 2009-11-04 14:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-27 11:12 . 2009-11-04 14:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-27 11:12 . 2009-11-04 14:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-27 11:12 . 2009-11-04 14:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-27 11:12 . 2009-11-04 14:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-27 09:14 . 2009-11-27 13:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-27 09:14 . 2009-11-27 13:29 -------- d-----w- c:\program files\Symantec
2009-11-27 09:14 . 2009-11-04 14:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-11-27 09:14 . 2009-11-04 14:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-11-27 09:14 . 2009-11-04 14:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-11-27 09:14 . 2009-11-27 09:14 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-11-27 09:14 . 2009-11-27 09:14 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-11-27 09:14 . 2009-11-04 14:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-11-27 09:13 . 2009-11-04 14:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-11-27 09:13 . 2009-11-27 09:13 791920 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-11-27 09:13 . 2009-11-30 07:38 -------- d-----w- c:\windows\system32\drivers\NAV
2009-11-27 09:13 . 2009-11-27 09:13 -------- d-----w- c:\program files\Norton AntiVirus
2009-11-27 09:13 . 2009-11-27 09:13 -------- d-----w- c:\programdata\Norton
2009-11-27 09:12 . 2009-11-27 09:12 -------- d-----w- c:\programdata\NortonInstaller
2009-11-27 09:12 . 2009-11-27 09:12 -------- d-----w- c:\program files\NortonInstaller
2009-11-26 21:29 . 2009-11-26 21:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-26 10:09 . 2009-11-26 10:09 1 ---h--w- c:\windows\mmsmark3.dat
2009-11-25 02:00 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-24 21:25 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-24 21:25 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 01:35 . 2009-11-23 01:35 -------- d-----w- c:\users\simon\AppData\Local\Apple
2009-11-23 00:18 . 2009-11-23 01:27 49152 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-11-17 07:15 . 2009-11-17 07:15 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 06:58 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 06:58 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-11-17 06:58 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-11-17 06:58 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-11-17 06:58 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 06:58 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 06:58 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 06:58 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 06:58 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 06:58 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 06:58 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 06:58 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 06:56 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 06:56 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 06:56 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-10 21:01 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 21:01 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\tr
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\sv
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\ru
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\no
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\da
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\ko
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\ja
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\it
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\fr
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\es
2009-11-09 04:55 . 2009-11-09 04:55 -------- d-----w- c:\windows\system32\de
2009-11-09 04:55 . 2009-11-09 04:55 4096 d-----w- c:\windows\DPDrv
2009-11-09 04:53 . 2009-11-09 04:53 -------- d-----w- c:\programdata\Downloaded Installations
2009-11-07 22:20 . 2009-11-07 22:20 -------- d-----w- c:\users\Kathy\AppData\Roaming\CyberLink
2009-11-07 22:20 . 2009-11-07 22:20 -------- d-----w- c:\users\Kathy\AppData\Roaming\HP
2009-11-07 22:18 . 2009-11-07 22:18 7592 ----a-w- c:\users\Kathy\AppData\Local\d3d9caps.dat
2009-11-07 00:07 . 2009-12-03 05:05 4096 d-----w- c:\users\simon\AppData\Roaming\skypePM
2009-11-07 00:04 . 2009-12-03 11:11 4096 d-----w- c:\users\simon\AppData\Roaming\Skype
2009-11-07 00:02 . 2009-11-07 00:02 -------- d-----w- c:\program files\Common Files\Skype
2009-11-07 00:02 . 2009-11-07 00:04 -------- d-----r- c:\program files\Skype
2009-11-07 00:02 . 2009-11-07 00:02 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 11:06 . 2008-02-04 20:36 2140 ----a-w- c:\windows\bthservsdp.dat
2009-12-03 05:41 . 2009-03-22 20:05 -------- d-----w- c:\programdata\DriverCure
2009-12-02 16:50 . 2009-06-19 10:39 4096 d-----w- c:\program files\Google
2009-11-27 13:29 . 2009-11-27 09:14 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-27 13:29 . 2009-11-27 09:14 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-27 09:34 . 2007-12-16 14:44 24576 d-----w- c:\program files\Common Files\Symantec Shared
2009-11-27 09:17 . 2007-12-16 14:45 4096 d-----w- c:\programdata\Symantec
2009-11-21 04:11 . 2007-12-16 16:24 12288 d-----w- c:\programdata\Microsoft Help
2009-11-17 07:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 07:15 . 2009-11-17 07:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 04:09 . 2009-06-01 02:44 4096 d-----w- c:\users\Anna\AppData\Roaming\Spyware Terminator
2009-11-11 09:29 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-10 04:39 . 2007-12-16 17:41 4096 d-----w- c:\program files\Java
2009-11-09 12:10 . 2008-10-11 12:09 -------- d-----w- c:\users\simon\AppData\Roaming\gtk-2.0
2009-11-09 04:55 . 2008-02-04 21:07 -------- d-----w- c:\program files\DigitalPersona
2009-11-09 04:52 . 2009-11-09 04:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01007.Wdf
2009-11-09 04:52 . 2008-02-04 20:42 -------- d-----w- c:\program files\Fingerprint Sensor
2009-11-07 22:20 . 2009-05-20 12:06 4096 d-----w- c:\users\Kathy\AppData\Roaming\Spyware Terminator
2009-11-07 22:19 . 2009-06-01 09:26 27335 ----a-w- c:\users\Kathy\AppData\Roaming\nvModes.dat
2009-11-02 09:42 . 2009-10-03 11:24 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 23:58 . 2009-06-01 05:17 27240 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
2009-10-20 10:30 . 2009-09-22 08:44 4096 d-----w- c:\users\simon\AppData\Roaming\HpUpdate
2009-10-20 10:19 . 2008-03-14 05:39 4096 d-----w- c:\programdata\HP Product Assistant
2009-10-20 10:19 . 2007-12-16 15:49 -------- d-----w- c:\program files\Common Files\AOL
2009-10-20 10:19 . 2007-12-16 15:49 8192 d-----w- c:\program files\AIM6
2009-10-20 09:27 . 2009-10-20 09:27 -------- d-----w- c:\programdata\AOL
2009-10-19 06:30 . 2009-09-09 04:25 -------- d-----w- c:\users\Anna\AppData\Roaming\HP
2009-10-14 01:05 . 2007-12-16 16:28 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-10 17:17 . 2009-03-14 00:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 13:42 . 2009-05-20 12:06 111520 ----a-w- c:\users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 04:01 . 2009-06-01 02:44 111520 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-05 07:21 . 2009-10-05 07:20 4096 d-----w- c:\program files\iTunes
2009-10-05 07:20 . 2009-10-05 07:20 -------- d-----w- c:\program files\iPod
2009-10-05 07:20 . 2009-08-25 06:39 -------- d-----w- c:\program files\Common Files\Apple
2009-09-28 21:52 . 2009-09-28 21:52 474176 ----a-w- c:\windows\system32\DPSDApi.dll
2009-09-28 21:52 . 2009-09-28 21:52 334912 ----a-w- c:\windows\system32\DPFPApi.dll
2009-09-28 21:52 . 2009-09-28 21:52 150592 ----a-w- c:\windows\system32\DpPwdFlt.dll
2009-09-28 21:52 . 2009-09-28 21:52 592960 ----a-w- c:\windows\system32\DPCrProv.dll
2009-09-28 21:52 . 2009-09-28 21:52 240704 ----a-w- c:\windows\system32\DpClback.dll
2009-09-25 02:10 . 2009-11-17 06:59 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 06:59 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 06:59 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 06:59 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 06:59 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 06:59 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 06:59 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 06:59 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 06:59 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 06:59 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 06:59 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 06:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 06:59 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 06:59 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 06:59 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 06:59 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 06:59 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 06:59 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 06:59 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 06:59 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 06:59 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 06:59 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 06:59 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 06:59 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 06:59 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 06:59 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 06:59 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-22 20:58 . 2008-03-09 15:41 111520 ----a-w- c:\users\simon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-21 06:09 . 2009-09-21 06:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-14 09:29 . 2009-10-13 23:16 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-13 23:31 . 2009-09-13 23:31 75000 ----a-w- c:\windows\system32\ATSwpWDFCoInst.dll
2009-09-13 23:31 . 2009-09-13 23:31 659328 ----a-w- c:\windows\system32\drivers\ATSwpWDF.sys
2009-09-13 23:31 . 2009-09-13 23:31 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2009-09-11 02:51 . 2009-09-11 02:51 1266936 ----a-w- c:\windows\system32\AFSSClientLib.dll
2009-09-10 16:48 . 2009-10-13 23:17 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-27 21:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-27 21:11 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 02:01 . 2009-11-17 06:59 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00 . 2009-11-17 06:59 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00 . 2009-11-17 06:59 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-07 11:03 . 2009-09-07 01:51 680 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2009-09-04 14:33 . 2009-09-04 14:33 2988592 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\Update.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{14f0d511-36a2-41ca-ae01-ba4f87282c97}"= "c:\program files\SHOUTcast Radio Toolbar\shoutcasttb.dll" [2008-09-17 1275176]

[HKEY_CLASSES_ROOT\clsid\{14f0d511-36a2-41ca-ae01-ba4f87282c97}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{8613efdf-b530-4b1d-b970-b09f99977813}]
[HKEY_CLASSES_ROOT\SHOUTcastTb.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-03-17 2387968]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-05-07 2162688]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-28 842816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2007-09-18 3917128]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\users\simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-3-10 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):fb,42,e5,18,d0,3b,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [30/11/2009 6:34 PM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [28/11/2009 12:29 AM 310320]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [3/12/2009 7:22 PM 114768]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [28/11/2009 12:29 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [28/11/2009 12:27 AM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys [27/11/2009 10:12 PM 343088]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [3/12/2009 7:22 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [3/12/2009 7:22 PM 53328]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [11/09/2009 1:51 PM 1811704]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [28/11/2009 12:28 AM 117640]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [14/09/2009 10:31 AM 659328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/11/2009 8:00 PM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [28/11/2009 12:29 AM 48688]
S2 gupdate1c9f0cab2c37412;Google Update Service (gupdate1c9f0cab2c37412);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2009 9:42 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 10:17 PM 1184912]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23/06/2008 6:16 PM 21504]
S3 SWNC8U55;Sierra Wireless MUX NDIS Driver (UMTS55);c:\windows\System32\drivers\swnc8u55.sys [19/11/2007 5:06 PM 164480]
S3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\System32\drivers\swumx55.sys [19/11/2007 5:06 PM 140672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-12-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:32]

2008-09-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 01:20]

2009-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 10:39]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 10:42]

2009-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 10:42]

2009-12-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2009-12-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2009-12-03 c:\windows\Tasks\User_Feed_Synchronization-{2277FF18-76AE-493C-AE36-8354E76A675A}.job
- c:\windows\system32\msfeedssync.exe [2008-06-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = www.bigpond.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &SHOUTcast Search - c:\programdata\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\v1phpw56.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.shinysearch.com/myhome.php?style=antique-wood&ltext=Simples Searchin Spot
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\simon\AppData\Roaming\Mozilla\Firefox\Profiles\v1phpw56.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npviewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI
AddRemove-Windows Live Toolbar - c:\program files\Windows Live Toolbar\UnInstall.exe {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint2K\Uninstap.exe ADDREMOVE

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-12-03 22:46
ComboFix-quarantined-files.txt 2009-12-03 11:46

Pre-Run: 72,871,559,168 bytes free
Post-Run: 73,252,605,952 bytes free

- - End Of File - - 911F520EA4A9A6D412707BF2F2EC2E37

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:27 PM, on 3/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Update Service (gupdate1c9f0cab2c37412) (gupdate1c9f0cab2c37412) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11870 bytes

jimbailey 0 Newbie Poster · Answer 6 · 2009-12-03T18:34:14+00:00

Hi Crunchie,

I'd just like to thank you in advance for all the assistance you are providing me in this dilemma, the machine's performance has already increased drastically so we're winning the battle :)

I'll stay online for 10 more mins as I have to be leaving to go home, but i'll be back online here tomorrow to check if there's still more to do.

Thanks again, you're awesome!

Jim

jimbailey 0 Newbie Poster · Answer 7 · 2009-12-04T18:26:19+00:00

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7004a9a6c5ced64f97102f74e87c51d3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-04 12:12:56
# local_time=2009-12-04 11:12:56 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775165 100 98 0 196213502 44382 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 89 0 80061 0 0
# compatibility_mode=3587 16777213 100 94 0 8681886 0 0
# compatibility_mode=5892 16776573 100 100 0 97450676 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=193587
# found=0
# cleaned=0
# scan_time=7228

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2009-12-05T02:25:23+00:00

crunchie 990 Most Valuable Poster

14 Years Ago

Nothing found there. What problems is the pc still having?

jimbailey 0 Newbie Poster · Answer 9 · 2009-12-06T15:12:57+00:00

This is a scan from "Exterminate It!" which shows there is something there still.. but I'm unsure if I should trust the program as it also claims to be freeware until it finds something to fix then asks for money..

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2009-12-06T15:31:17+00:00

Personally, I wouldn't trust most apps that require payment to remove what they find.
Have you had a look to see if the entries actually exist?

jimbailey 0 Newbie Poster · Answer 11 · 2009-12-06T16:01:10+00:00

Agreed, well I'm uninstalling it. The entries do exist and I want to see if they remain after uninstall.. while I'm at it, which antivirus software do you think I should keep out of my lot? I'm currently running with adaware, comodo firewall, avast (free), windows defender and norton (due to expire in a few days).

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2009-12-06T16:05:08+00:00

Avast has just caused a bunch of problems in the last week, but I believe it is fixed now. I moved from Avast and went with Comodo AV and firewall.
Norton has to go though, imo.
Adaware is dated with MBA-M being the replacement candidate.

jimbailey 0 Newbie Poster · Answer 13 · 2009-12-06T16:28:49+00:00

Awesome, so I'm uninstalling norton, adaware and avast and keeping comodo & MBA-M. Thanks for the advice, I can now use this set to help get the others i know out of trouble too :)

I just have to do something about those last reg entries as they're still there.. should i try to pick them up with those other online scan links you gave me before? surely one will find them..

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 14 · 2009-12-06T18:18:09+00:00

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click the file to run it and when asked if you want to merge with your registry, answer yes.
Reboot when done and check if the entries are gone.

Have you deleted the antispyware folder?

jimbailey 0 Newbie Poster · Answer 15 · 2009-12-14T16:50:05+00:00

Hello again :) I'm back working on the worst affected laptop again after giving it a break.
Have installed and run Fixme.reg as instructed, it in turn allowed windows update to run and reset. After that ran a scan in windows defender and came up clean.

Still have that Antispyware folder in the control panel though and it won't allow me to delete it but all else seems to be running back up to spec.

jimbailey 0 Newbie Poster · Answer 16 · 2009-12-14T18:11:29+00:00

also just found errorsmart and antispyware in the add/remove programs list but cannot remove or modify either.. Definately still some underlying problems here..

jimbailey 0 Newbie Poster · Answer 17 · 2009-12-22T06:28:55+00:00

Awesome! Finally all dealt with and back on top! Thankyou so much for all the fantastic advice and step by step guidance through this escapade, I definately couldn't have done it without you. Hopefully other people suffering this same problem set can now read this thread rather than bother me and you :D A big cheers from me and all who have benifited, we owe you a drink ;)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 18 · 2009-12-22T06:39:09+00:00

No worries :).

Let's get rid of Combofix now that we are finished with it. Click START then RUN
Now type [b]Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Multiple attacks on VISTA (Koobface, Errorsmart, Drivercure, Antispyware).. Removal?

Recommended Answers Collapse Answers

All 23 Replies

Recommended Answers