Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with...?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Tuzi

Tuzi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 17 November 2009 - 08:45 PM

PROBLEMS:
Windows Vista failed to start (BSOD STOP Code: 0x000000D1 (0x00000014, 0x000000FF, 0x00000000, 0xBD2C4034). Startup repair from Windows Vista CD couldn't fix the problem. Booting into Safe Mode, Last Known Good Configuration option it seemed that solved the issue.
Unfortunately the BSOD reappears from time to time with different error codes, last Windows Startup crash down I could manage by the aid of OEM CD (Startup repair).
Now I can't access via IE8 websites like Microsoft, Symantec ... (Windows cannot find the host name using DNS. The DNS may be down. Windows found a problem that cannot be repaired automatically.)

DDS (Ver_09-10-26.01) - NTFSx86
Run by user at 14:46:56,47 on 17.11.2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3322.1946 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
D:\Program Files\Winamp\winampa.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\FixCamera.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\System32\restorer32_a.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
D:\Program Files\HACK\SSH\WinSSHD.exe
D:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [DAEMON Tools Pro Agent] "d:\program files\daemon tools pro\DTProAgent.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [ter8m] RUNDLL32.EXE c:\windows\temp\msxm192z.dll,w
uRun: [restorer32_a] c:\users\user\restorer32_a.exe
uRun: [Docs Update Setup for All Users] c:\programdata\{76b39096-0b9c-41e9-a549-1bc2890d4cc4}\Docssrv.exe /updatesetup
uRun: [Docs Update Setup] c:\users\user\appdata\local\{76b39096-0b9c-41e9-a549-1bc2890d4cc4}\Docssrv.exe /updatesetup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SIMBAR={F9D687C1-ECE0-4E32-BE90-B7522D146D4B}; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.tripletsandus.com/80s/80s_games/foosball.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TrayServer] d:\program files\movie maker\TrayServer.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [WinVNC] "d:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [WinSSHD Activation State Checker] "d:\program files\hack\ssh\WinsshdActStateCheck.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
mRun: [restorer32_a] c:\windows\system32\restorer32_a.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [ter8m] RUNDLL32.EXE c:\windows\temp\msxm192z.dll,w
dRun: [restorer32_a] c:\windows\system32\config\systemprofile\restorer32_a.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\projec~1.lnk - c:\program files\domain tools\projectwhois\ProjectWhois.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\users\user\NkMonitor.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSecurityTab = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\program files\poker\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-11-17 26624]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-5-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-5-18 55160]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1100000.088\SymDS.sys [2009-11-4 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1100000.088\SymEFA.sys [2009-11-4 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20090829.001\BHDrvx86.sys [2009-11-4 506928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.088\ccHPx86.sys [2009-11-4 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20090828.002\IDSVix86.sys [2009-11-4 342576]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1100000.088\Ironx86.sys [2009-11-4 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1100000.088\symtdiv.sys [2009-11-4 338480]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2008-12-27 27432]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2009-1-3 21504]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-8-12 49152]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2009-11-4 126392]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-12-17 13904]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-4 34128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-4 102448]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\drivers\tscomm.sys [2008-12-27 39976]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-1-26 2831232]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-12-27 18984]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-15 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2008-12-27 20264]
S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [2009-9-25 22760]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-11-17 08:45:09 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-11-16 17:57:54 0 d-----w- c:\windows\WinRAR
2009-11-11 17:05:13 19456 ----a-w- c:\windows\system32\tdlwsp.dll
2009-11-06 20:48:19 1 ----a-w- c:\users\user\oashdihasidhasuidhiasdhiashdiuasdhasd
2009-11-05 18:29:51 26933 ----a-w- c:\windows\system32\F53F.tmp
2009-11-05 18:29:50 28160 ----a-w- c:\windows\system32\F231.tmp
2009-11-05 18:29:49 92 ----a-w- c:\windows\system32\EE38.tmp
2009-11-04 16:14:58 26936 ----a-w- c:\windows\system32\DF7.tmp
2009-11-04 16:14:57 92 ----a-w- c:\windows\system32\8B5.tmp
2009-11-04 16:14:57 28160 ----a-w- c:\windows\system32\AD9.tmp
2009-11-04 16:11:36 0 d-----w- c:\windows\pss
2009-11-04 10:29:56 26935 ----a-w- c:\windows\system32\23A2.tmp
2009-11-04 10:29:55 92 ----a-w- c:\windows\system32\1E8F.tmp
2009-11-04 10:29:55 28160 ----a-w- c:\windows\system32\20A3.tmp
2009-11-04 09:18:49 28160 ----a-w- c:\windows\system32\2055.tmp
2009-11-04 09:18:49 26935 ----a-w- c:\windows\system32\2354.tmp
2009-11-04 09:18:48 92 ----a-w- c:\windows\system32\1E60.tmp
2009-11-04 09:02:02 26935 ----a-w- c:\windows\system32\1896.tmp
2009-11-04 09:02:01 28160 ----a-w- c:\windows\system32\1587.tmp
2009-11-04 09:02:00 92 ----a-w- c:\windows\system32\1364.tmp
2009-11-04 08:54:03 22528 ----a-w- c:\windows\system32\winhelper.dll
2009-11-04 07:48:34 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-04 07:48:34 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-04 07:48:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-04 07:48:21 0 d-----w- c:\windows\system32\drivers\NIS
2009-11-04 07:48:20 0 d-----w- c:\program files\Norton Internet Security
2009-11-04 07:46:04 0 d-----w- c:\program files\NortonInstaller
2009-11-04 06:48:15 28160 ----a-w- c:\windows\system32\397.tmp
2009-11-04 06:48:14 92 ----a-w- c:\windows\system32\125.tmp
2009-11-04 06:00:58 104 ----a-w- C:\s1f108.bat
2009-11-04 06:00:46 26935 ----a-w- c:\windows\system32\AC0C.tmp
2009-11-04 06:00:45 28160 ----a-w- c:\windows\system32\A8EE.tmp
2009-11-04 06:00:44 92 ----a-w- c:\windows\system32\A6DA.tmp
2009-11-04 06:00:43 53248 ----a-w- c:\windows\system32\6332316.exe
2009-11-04 06:00:43 120 ----a-w- c:\windows\system32\107109.BAT
2009-11-04 06:00:40 89088 ----a-w- c:\windows\system32\5951589.exe
2009-11-04 06:00:37 868 ----a-w- c:\windows\system32\7984278.exe
2009-11-03 05:47:42 3686 ----a-w- c:\windows\system32\5F4.tmp
2009-11-03 05:47:37 112 ----a-w- c:\windows\system32\520984.BAT
2009-11-02 15:37:39 28160 ----a-w- c:\windows\system32\1C10.tmp
2009-11-02 15:37:38 26936 ----a-w- c:\windows\system32\1A0C.tmp
2009-11-02 15:37:37 92 ----a-w- c:\windows\system32\1623.tmp
2009-11-02 09:47:52 28160 ----a-w- c:\windows\system32\871E.tmp
2009-11-02 09:47:51 92 ----a-w- c:\windows\system32\8373.tmp
2009-11-02 09:47:51 26935 ----a-w- c:\windows\system32\8568.tmp
2009-11-02 07:56:35 28160 ----a-w- c:\windows\system32\A67E.tmp
2009-11-02 07:56:34 92 ----a-w- c:\windows\system32\A207.tmp
2009-11-02 07:56:34 27253 ----a-w- c:\windows\system32\A40C.tmp
2009-11-02 07:56:24 112 ----a-w- c:\windows\system32\97109.BAT
2009-11-01 21:23:43 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-11-01 21:13:13 0 d-----w- c:\program files\Vidalia Bundle
2009-11-01 15:07:05 52 ----a-w- c:\windows\system32\D586.tmp
2009-11-01 15:07:05 28160 ----a-w- c:\windows\system32\D808.tmp
2009-11-01 10:11:19 52 ----a-w- c:\windows\system32\7932.tmp
2009-11-01 10:11:19 28160 ----a-w- c:\windows\system32\7B94.tmp
2009-11-01 10:11:15 112 ----a-w- c:\windows\system32\93250.BAT
2009-10-31 16:22:35 52 ----a-w- c:\windows\system32\819E.tmp
2009-10-31 16:22:35 28160 ----a-w- c:\windows\system32\8384.tmp
2009-10-31 16:22:28 112 ----a-w- c:\windows\system32\91765.BAT
2009-10-30 15:45:53 64000 ----a-w- c:\windows\system32\drivers\zdilblnu9.sys
2009-10-30 15:45:53 48128 ----a-w- c:\windows\system32\reader_s.exe
2009-10-30 15:45:53 28160 ----a-w- c:\windows\system32\5F54.tmp
2009-10-30 15:45:53 0 ----a-w- c:\windows\system32\611A.tmp
2009-10-30 15:45:52 52224 ----a-w- c:\windows\system32\5B4C.tmp
2009-10-30 15:45:52 46848 ----a-w- c:\windows\system32\restorer32_a.exe
2009-10-30 15:45:51 26621 ----a-w- c:\windows\system32\5928.tmp
2009-10-30 15:45:51 144 ----a-w- c:\windows\system32\56F4.tmp
2009-10-30 07:01:05 112 ----a-w- C:\cikfj56ri108.bat
2009-10-30 07:00:59 258048 ----a-w- c:\windows\cikfj56ri44.exe
2009-10-30 07:00:58 110 ----a-w- c:\windows\system32\88234.BAT
2009-10-30 07:00:56 89088 ----a-w- c:\windows\cikfj56ri43.exe
2009-10-30 07:00:54 184 ----a-w- c:\windows\cikfj56ri42.tmp
2009-10-29 18:10:47 0 d-----w- c:\users\user\Maxwell
2009-10-29 18:00:28 0 d-----w- C:\Ansoft
2009-10-28 09:03:33 112 ----a-w- c:\windows\system32\79578.BAT
2009-10-27 14:15:05 112 ----a-w- C:\jidh7to108.bat
2009-10-27 14:15:01 62496 ----a-w- c:\windows\system32\MSWINSCK.OCX
2009-10-27 14:14:59 258048 ----a-w- c:\windows\jidh7to44.exe
2009-10-27 14:14:58 106 ----a-w- c:\windows\system32\92531.BAT
2009-10-27 14:14:56 89088 ----a-w- c:\windows\jidh7to43.exe
2009-10-27 14:14:54 184 ----a-w- c:\windows\jidh7to42.tmp
2009-10-26 13:42:42 19840 ----a-w- c:\windows\system32\drivers\StMp3Rec.sys
2009-10-26 13:42:00 0 d-----w- C:\Philips
2009-10-26 11:16:26 104 ----a-w- C:\wy33c108.bat
2009-10-26 11:16:10 40960 ----a-w- c:\windows\system32\8569864.exe
2009-10-26 11:16:09 120 ----a-w- c:\windows\system32\97453.BAT
2009-10-26 11:16:06 89088 ----a-w- c:\windows\system32\5006765.exe
2009-10-26 11:16:02 828 ----a-w- c:\windows\system32\3587915.exe
2009-10-25 08:23:39 40960 ----a-w- c:\windows\system32\8902967.exe
2009-10-25 08:23:35 94208 ----a-w- c:\windows\system32\1452687.exe
2009-10-25 08:23:35 120 ----a-w- c:\windows\system32\93843.BAT
2009-10-25 08:23:31 828 ----a-w- c:\windows\system32\4366724.exe
2009-10-24 17:12:46 104 ----a-w- C:\olifk56bs108.bat
2009-10-24 17:12:29 40960 ----a-w- c:\windows\system32\804603.exe
2009-10-24 17:12:24 94208 ----a-w- c:\windows\system32\1119283.exe
2009-10-24 17:12:24 120 ----a-w- c:\windows\system32\89281.BAT
2009-10-24 17:12:20 828 ----a-w- c:\windows\system32\4418146.exe
2009-10-23 13:04:56 104 ----a-w- C:\kuf58g4sda108.bat
2009-10-23 13:04:39 40960 ----a-w- c:\windows\system32\257133.exe
2009-10-23 13:04:34 93696 ----a-w- c:\windows\system32\3993581.exe
2009-10-23 13:04:34 120 ----a-w- c:\windows\system32\90109.BAT
2009-10-23 13:04:29 828 ----a-w- c:\windows\system32\1094019.exe
2009-10-22 18:41:29 0 ----a-w- c:\windows\ViewNX.INI
2009-10-22 17:53:27 61006 ----a-w- c:\users\user\Kép 432.jpg
2009-10-22 17:53:24 63254 ----a-w- c:\users\user\Kép 431.jpg
2009-10-22 17:53:20 60576 ----a-w- c:\users\user\Kép 415.jpg
2009-10-22 08:24:34 104 ----a-w- C:\jsdrthg1cd108.bat
2009-10-22 08:24:16 40960 ----a-w- c:\windows\system32\2069926.exe
2009-10-22 08:24:11 94208 ----a-w- c:\windows\system32\2810415.exe
2009-10-22 08:24:11 120 ----a-w- c:\windows\system32\106281.BAT
2009-10-22 08:24:07 828 ----a-w- c:\windows\system32\889889.exe
2009-10-21 12:01:13 104 ----a-w- C:\kjderkic108.bat
2009-10-21 12:00:57 40960 ----a-w- c:\windows\system32\580604.exe
2009-10-21 12:00:52 94208 ----a-w- c:\windows\system32\4618428.exe
2009-10-21 12:00:52 120 ----a-w- c:\windows\system32\96437.BAT
2009-10-21 12:00:48 828 ----a-w- c:\windows\system32\2552606.exe
2009-10-19 15:43:52 1905 ----a-w- c:\windows\diagwrn.xml
2009-10-19 15:43:52 1905 ----a-w- c:\windows\diagerr.xml
2009-10-19 12:51:30 0 d-----w- c:\windows\system32\wbem\repository
2009-10-19 12:50:17 0 d-----w- c:\windows\Registration
2009-10-19 07:44:24 112 ----a-w- C:\xvhuy12d108.bat
2009-10-19 07:44:07 40960 ----a-w- c:\windows\system32\9032386.exe
2009-10-19 07:44:03 88064 ----a-w- c:\windows\system32\8498586.exe
2009-10-19 07:44:03 120 ----a-w- c:\windows\system32\97687.BAT
2009-10-19 07:43:59 680 ----a-w- c:\windows\system32\5804102.exe

==================== Find3M ====================

2009-11-11 01:54:31 26624 ----a-w- c:\windows\system32\CertEnrollCtrl.exe
2009-11-11 01:54:23 97792 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-11-11 01:54:19 54272 ----a-w- c:\windows\system32\wlrmdr.exe
2009-11-11 01:54:19 34304 ----a-w- c:\windows\system32\mpnotify.exe
2009-11-11 01:54:05 405504 ----a-w- c:\windows\system32\vds.exe
2009-11-11 01:54:05 39936 ----a-w- c:\windows\system32\vdsldr.exe
2009-11-11 01:53:57 42496 ----a-w- c:\windows\system32\netiougc.exe
2009-11-11 01:53:34 338432 ----a-w- c:\windows\system32\rstrui.exe
2009-11-11 01:53:15 35840 ----a-w- c:\windows\system32\UI0Detect.exe
2009-11-11 01:53:11 3428864 ----a-w- c:\windows\system32\SLsvc.exe
2009-11-11 01:52:40 212992 ----a-w- c:\windows\system32\recdisc.exe
2009-11-11 01:52:37 36864 ----a-w- c:\windows\system32\rasautou.exe
2009-11-11 01:52:28 60416 ----a-w- c:\windows\system32\lodctr.exe
2009-11-11 01:52:28 53760 ----a-w- c:\windows\system32\unlodctr.exe
2009-11-11 01:52:23 80384 ----a-w- c:\windows\system32\printui.exe
2009-11-11 01:52:09 66048 ----a-w- c:\windows\system32\csrstub.exe
2009-11-11 01:52:09 540672 ----a-w- c:\windows\system32\ntvdm.exe
2009-11-11 01:52:06 94720 ----a-w- c:\windows\system32\newdev.exe
2009-11-11 01:52:04 35328 ----a-w- c:\windows\system32\bridgeunattend.exe
2009-11-11 01:52:01 41472 ----a-w- c:\windows\system32\netbtugc.exe
2009-11-11 01:51:38 61440 ----a-w- c:\windows\system32\auditpol.exe
2009-11-11 01:51:05 101888 ----a-w- c:\windows\system32\consent.exe
2009-11-11 01:51:02 100352 ----a-w- c:\windows\system32\hdwwiz.exe
2009-11-11 01:50:58 86016 ----a-w- c:\windows\system32\MuiUnattend.exe
2009-11-11 01:50:34 164352 ----a-w- c:\windows\system32\iscsicli.exe
2009-11-11 01:50:23 34816 ----a-w- c:\windows\hh.exe
2009-11-11 01:49:40 76288 ----a-w- c:\windows\system32\wermgr.exe
2009-11-11 01:49:26 45056 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-11-11 01:49:18 101888 ----a-w- c:\windows\system32\dwm.exe
2009-11-11 01:49:08 214016 ----a-w- c:\windows\system32\drvinst.exe
2009-11-11 01:48:45 72704 ----a-w- c:\windows\system32\expand.exe
2009-11-11 01:48:30 40960 ----a-w- c:\windows\system32\sdbinst.exe
2009-11-01 12:25:32 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-11-01 12:25:28 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-26 13:42:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-26 13:42:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-26 13:42:42 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-19 17:17:43 79744 ----a-w- c:\windows\system32\drivers\glaide32.sys
2009-10-18 10:53:23 40960 ----a-w- c:\windows\system32\1212257.exe
2009-10-18 10:30:38 69632 ----a-w- C:\mkdjh.exe
2009-10-18 10:30:38 194752 ----a-w- C:\nkrxuhut.exe
2009-10-16 07:44:23 44544 ----a-w- c:\windows\system32\winupdate.exe
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 15:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 153600 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-28 15:17:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-03 21:30:43 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-20 17:42:19 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-20 17:42:19 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-20 17:42:19 65536 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:48:36,64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Tuzi

Tuzi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 19 November 2009 - 04:09 AM

I got BSOD again:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Technical information:
***STOP: 0x000000D1 (0x00000014, 0x000000FF, 0x00000000, 0xB19FC034
***hiber_iastor.sys - Address B19FC034 base at B1938000, DateStamp 46018619

Edited by Orange Blossom, 21 October 2010 - 08:58 PM.
Removed no longer relevant content. ~ OB


#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 November 2009 - 10:41 AM

Hi,

1. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Rightclick on mbam-setup.exe and select Run as Administrator to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

2. Please post a new DDS logfile, together with the logfile from MBAM.

#4 Tuzi

Tuzi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 30 November 2009 - 04:01 PM

Hi,
Black_Bird

Thanks for your interest in my computer problems.
I'm a man of few words because the English isn't my native language.
So:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

30.11.2009 16:37:49
mbam-log-2009-11-30 (16-37-49).txt

Scan type: Full Scan (C:\|D:\|E:\|M:\|)
Objects scanned: 342532
Time elapsed: 1 hour(s), 44 minute(s), 45 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 148
Registry Values Infected: 18
Registry Data Items Infected: 8
Folders Infected: 15
Files Infected: 112

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\mkdjh.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\cikfj56ri43.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\cikfj56ri44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\jidh7to43.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\jidh7to44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\1119283.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\1452687.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\5951589.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\8498586.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
C:\Windows\System32\2810415.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\3993581.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\4618428.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\5006765.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\glaide32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT3321.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP7007.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP2BA9.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP4534.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP5E33.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP6909.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP6A98.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\txpxr_21096554025.b1k (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\txpxr_22631836162.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\txpxr_449645274276.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\txpxr_712809312109.b1k (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\txpxr_7668365850.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP7140.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP7238.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP7359.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP9DD2.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPB43B.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPBD15.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPC82B.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPD399.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPDA42.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMPEDC7.tmp (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT652E.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT6AEC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT78F5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTF173.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Program Files\Save2pc\save2pc.exe (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\user\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

===============================================================================

DDS (Ver_09-10-26.01) - NTFSx86
Run by user at 17:28:29,74 on 30.11.2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3322.2034 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
D:\Program Files\HACK\SSH\WinSSHD.exe
D:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Winamp\winampa.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\restorer32_a.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\BC\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = about:blank
mStart Page = hxxp://home.sweetim.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
uRun: [restorer32_a] c:\users\user\restorer32_a.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SIMBAR={F9D687C1-ECE0-4E32-BE90-B7522D146D4B}; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://www.tripletsandus.com/80s/80s_games/foosball.htm"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [TrayServer] d:\program files\movie maker\TrayServer.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [WinVNC] "d:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [WinSSHD Activation State Checker] "d:\program files\hack\ssh\WinsshdActStateCheck.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [restorer32_a] c:\windows\system32\restorer32_a.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ter8m] RUNDLL32.EXE c:\windows\temp\msxm192z.dll,w
dRun: [restorer32_a] c:\windows\system32\config\systemprofile\restorer32_a.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\projec~1.lnk - c:\program files\domain tools\projectwhois\ProjectWhois.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\users\user\NkMonitor.exe
mPolicies-explorer: NoSecurityTab = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\program files\poker\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-11-17 26624]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-5-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-5-18 55160]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1100000.088\SymDS.sys [2009-11-4 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1100000.088\SymEFA.sys [2009-11-4 169008]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20090829.001\BHDrvx86.sys [2009-11-4 506928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.088\ccHPx86.sys [2009-11-4 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20090828.002\IDSVix86.sys [2009-11-4 342576]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1100000.088\Ironx86.sys [2009-11-4 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1100000.088\symtdiv.sys [2009-11-4 338480]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2008-12-27 27432]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2009-1-3 21504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2009-11-4 126392]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2007-12-17 13904]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-4 34128]
R3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\drivers\tscomm.sys [2008-12-27 39976]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-1-26 2831232]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2008-12-27 18984]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-15 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2008-12-27 20264]
S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [2009-9-25 22760]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-11-30 15:02:19 1 ----a-w- c:\users\user\oashdihasidhasuidhiasdhiashdiuasdhasd
2009-11-30 12:00:35 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2009-11-30 12:00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 12:00:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 12:00:30 0 d-----w- c:\programdata\Malwarebytes
2009-11-30 12:00:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 22:38:45 24064 ----a-w- c:\windows\system32\tdlcmd.dll
2009-11-17 08:45:09 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-11-16 17:57:54 0 d-----w- c:\windows\WinRAR
2009-11-11 17:05:13 19456 ----a-w- c:\windows\system32\tdlwsp.dll
2009-11-05 18:29:51 26933 ----a-w- c:\windows\system32\F53F.tmp
2009-11-05 18:29:50 28160 ----a-w- c:\windows\system32\F231.tmp
2009-11-05 18:29:49 92 ----a-w- c:\windows\system32\EE38.tmp
2009-11-04 16:14:58 26936 ----a-w- c:\windows\system32\DF7.tmp
2009-11-04 16:14:57 92 ----a-w- c:\windows\system32\8B5.tmp
2009-11-04 16:14:57 28160 ----a-w- c:\windows\system32\AD9.tmp
2009-11-04 16:11:36 0 d-----w- c:\windows\pss
2009-11-04 10:29:56 26935 ----a-w- c:\windows\system32\23A2.tmp
2009-11-04 10:29:55 92 ----a-w- c:\windows\system32\1E8F.tmp
2009-11-04 10:29:55 28160 ----a-w- c:\windows\system32\20A3.tmp
2009-11-04 09:18:49 28160 ----a-w- c:\windows\system32\2055.tmp
2009-11-04 09:18:49 26935 ----a-w- c:\windows\system32\2354.tmp
2009-11-04 09:18:48 92 ----a-w- c:\windows\system32\1E60.tmp
2009-11-04 09:02:02 26935 ----a-w- c:\windows\system32\1896.tmp
2009-11-04 09:02:01 28160 ----a-w- c:\windows\system32\1587.tmp
2009-11-04 09:02:00 92 ----a-w- c:\windows\system32\1364.tmp
2009-11-04 07:48:34 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-04 07:48:34 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-04 07:48:34 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-04 07:48:21 0 d-----w- c:\windows\system32\drivers\NIS
2009-11-04 07:48:20 0 d-----w- c:\program files\Norton Internet Security
2009-11-04 07:46:04 0 d-----w- c:\program files\NortonInstaller
2009-11-04 06:48:15 28160 ----a-w- c:\windows\system32\397.tmp
2009-11-04 06:48:14 92 ----a-w- c:\windows\system32\125.tmp
2009-11-04 06:00:58 104 ----a-w- C:\s1f108.bat
2009-11-04 06:00:46 26935 ----a-w- c:\windows\system32\AC0C.tmp
2009-11-04 06:00:45 28160 ----a-w- c:\windows\system32\A8EE.tmp
2009-11-04 06:00:44 92 ----a-w- c:\windows\system32\A6DA.tmp
2009-11-04 06:00:43 53248 ----a-w- c:\windows\system32\6332316.exe
2009-11-04 06:00:43 120 ----a-w- c:\windows\system32\107109.BAT
2009-11-04 06:00:37 868 ----a-w- c:\windows\system32\7984278.exe
2009-11-03 05:47:42 3686 ----a-w- c:\windows\system32\5F4.tmp
2009-11-03 05:47:37 112 ----a-w- c:\windows\system32\520984.BAT
2009-11-02 15:37:39 28160 ----a-w- c:\windows\system32\1C10.tmp
2009-11-02 15:37:38 26936 ----a-w- c:\windows\system32\1A0C.tmp
2009-11-02 15:37:37 92 ----a-w- c:\windows\system32\1623.tmp
2009-11-02 09:47:52 28160 ----a-w- c:\windows\system32\871E.tmp
2009-11-02 09:47:51 92 ----a-w- c:\windows\system32\8373.tmp
2009-11-02 09:47:51 26935 ----a-w- c:\windows\system32\8568.tmp
2009-11-02 07:56:35 28160 ----a-w- c:\windows\system32\A67E.tmp
2009-11-02 07:56:34 92 ----a-w- c:\windows\system32\A207.tmp
2009-11-02 07:56:34 27253 ----a-w- c:\windows\system32\A40C.tmp
2009-11-02 07:56:24 112 ----a-w- c:\windows\system32\97109.BAT
2009-11-01 21:23:43 163840 ----a-w- c:\windows\system32\SecureNet.dll
2009-11-01 21:13:13 0 d-----w- c:\program files\Vidalia Bundle
2009-11-01 15:07:05 52 ----a-w- c:\windows\system32\D586.tmp
2009-11-01 15:07:05 28160 ----a-w- c:\windows\system32\D808.tmp
2009-11-01 10:11:19 52 ----a-w- c:\windows\system32\7932.tmp
2009-11-01 10:11:19 28160 ----a-w- c:\windows\system32\7B94.tmp
2009-11-01 10:11:15 112 ----a-w- c:\windows\system32\93250.BAT
2009-10-31 16:22:35 52 ----a-w- c:\windows\system32\819E.tmp
2009-10-31 16:22:35 28160 ----a-w- c:\windows\system32\8384.tmp
2009-10-31 16:22:28 112 ----a-w- c:\windows\system32\91765.BAT

==================== Find3M ====================

2009-11-11 01:54:31 26624 ----a-w- c:\windows\system32\CertEnrollCtrl.exe
2009-11-11 01:54:23 97792 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-11-11 01:54:19 54272 ----a-w- c:\windows\system32\wlrmdr.exe
2009-11-11 01:54:19 34304 ----a-w- c:\windows\system32\mpnotify.exe
2009-11-11 01:54:05 405504 ----a-w- c:\windows\system32\vds.exe
2009-11-11 01:54:05 39936 ----a-w- c:\windows\system32\vdsldr.exe
2009-11-11 01:53:57 42496 ----a-w- c:\windows\system32\netiougc.exe
2009-11-11 01:53:34 338432 ----a-w- c:\windows\system32\rstrui.exe
2009-11-11 01:53:15 55808 ----a-w- c:\windows\system32\UI0Detect.exe
2009-11-11 01:53:11 3428864 ----a-w- c:\windows\system32\SLsvc.exe
2009-11-11 01:52:40 212992 ----a-w- c:\windows\system32\recdisc.exe
2009-11-11 01:52:37 36864 ----a-w- c:\windows\system32\rasautou.exe
2009-11-11 01:52:28 60416 ----a-w- c:\windows\system32\lodctr.exe
2009-11-11 01:52:28 53760 ----a-w- c:\windows\system32\unlodctr.exe
2009-11-11 01:52:23 80384 ----a-w- c:\windows\system32\printui.exe
2009-11-11 01:52:09 66048 ----a-w- c:\windows\system32\csrstub.exe
2009-11-11 01:52:09 540672 ----a-w- c:\windows\system32\ntvdm.exe
2009-11-11 01:52:06 94720 ----a-w- c:\windows\system32\newdev.exe
2009-11-11 01:52:04 35328 ----a-w- c:\windows\system32\bridgeunattend.exe
2009-11-11 01:52:01 41472 ----a-w- c:\windows\system32\netbtugc.exe
2009-11-11 01:51:38 61440 ----a-w- c:\windows\system32\auditpol.exe
2009-11-11 01:51:05 101888 ----a-w- c:\windows\system32\consent.exe
2009-11-11 01:51:02 100352 ----a-w- c:\windows\system32\hdwwiz.exe
2009-11-11 01:50:58 86016 ----a-w- c:\windows\system32\MuiUnattend.exe
2009-11-11 01:50:34 164352 ----a-w- c:\windows\system32\iscsicli.exe
2009-11-11 01:50:23 34816 ----a-w- c:\windows\hh.exe
2009-11-11 01:49:40 76288 ----a-w- c:\windows\system32\wermgr.exe
2009-11-11 01:49:26 45056 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-11-11 01:49:18 101888 ----a-w- c:\windows\system32\dwm.exe
2009-11-11 01:49:08 214016 ----a-w- c:\windows\system32\drvinst.exe
2009-11-11 01:48:45 72704 ----a-w- c:\windows\system32\expand.exe
2009-11-11 01:48:30 40960 ----a-w- c:\windows\system32\sdbinst.exe
2009-11-05 18:29:52 46848 ----a-w- c:\windows\system32\restorer32_a.exe
2009-11-01 12:25:32 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-11-01 12:25:28 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-30 15:45:53 64000 ----a-w- c:\windows\system32\drivers\zdilblnu9.sys
2009-10-30 15:45:53 52224 ----a-w- c:\windows\system32\5B4C.tmp
2009-10-30 15:45:53 28160 ----a-w- c:\windows\system32\5F54.tmp
2009-10-30 15:45:52 26621 ----a-w- c:\windows\system32\5928.tmp
2009-10-30 07:01:05 112 ----a-w- C:\cikfj56ri108.bat
2009-10-27 14:15:05 112 ----a-w- C:\jidh7to108.bat
2009-10-26 13:42:42 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-26 13:42:42 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-26 13:42:42 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-26 11:16:26 104 ----a-w- C:\wy33c108.bat
2009-10-26 11:16:10 40960 ----a-w- c:\windows\system32\8569864.exe
2009-10-25 08:23:56 104 ----a-w- C:\olifk56bs108.bat
2009-10-25 08:23:39 40960 ----a-w- c:\windows\system32\8902967.exe
2009-10-24 17:12:29 40960 ----a-w- c:\windows\system32\804603.exe
2009-10-23 13:04:56 104 ----a-w- C:\kuf58g4sda108.bat
2009-10-23 13:04:39 40960 ----a-w- c:\windows\system32\257133.exe
2009-10-22 08:24:34 104 ----a-w- C:\jsdrthg1cd108.bat
2009-10-22 08:24:16 40960 ----a-w- c:\windows\system32\2069926.exe
2009-10-21 12:01:13 104 ----a-w- C:\kjderkic108.bat
2009-10-21 12:00:57 40960 ----a-w- c:\windows\system32\580604.exe
2009-10-19 07:44:24 112 ----a-w- C:\xvhuy12d108.bat
2009-10-19 07:44:07 40960 ----a-w- c:\windows\system32\9032386.exe
2009-10-18 10:53:23 40960 ----a-w- c:\windows\system32\1212257.exe
2009-10-18 10:30:38 194752 ----a-w- C:\nkrxuhut.exe
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 15:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-05-28 15:17:11 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-03 21:30:43 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-20 17:42:19 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-20 17:42:19 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-20 17:42:19 65536 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:29:20,90 ===============

After the removal process I still couldn't update Windows, Norton Internet Security, MBAM ...

Regards,
Tuzi

#5 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2009 - 11:43 AM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you want to continue, do this please:

1. Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

2. Download OTM (by OldTimer) to your Desktop.* Doubleclick on OTM.exe to start the tool.
* Copy (select and press Ctrl-C) all of this bold code:
:Processes
explorer.exe

:Services
BtwSrv

:Reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ter8m"=-
"restorer32_a"=-

:Files
c:\users\user\restorer32_a.exe
c:\windows\temp\msxm192z.dll
c:\windows\system32\config\systemprofile\restorer32_a.exe
c:\users\user\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\F53F.tmp
c:\windows\system32\F231.tmp
c:\windows\system32\EE38.tmp
c:\windows\system32\DF7.tmp
c:\windows\system32\8B5.tmp
c:\windows\system32\AD9.tmp
c:\windows\system32\23A2.tmp
c:\windows\system32\1E8F.tmp
c:\windows\system32\20A3.tmp
c:\windows\system32\2055.tmp
c:\windows\system32\2354.tmp
c:\windows\system32\1E60.tmp
c:\windows\system32\1896.tmp
c:\windows\system32\1587.tmp
c:\windows\system32\1364.tmp
c:\windows\system32\397.tmp
c:\windows\system32\125.tmp
C:\s1f108.bat
c:\windows\system32\AC0C.tmp
c:\windows\system32\A8EE.tmp
c:\windows\system32\A6DA.tmp
c:\windows\system32\6332316.exe
c:\windows\system32\107109.BAT
c:\windows\system32\7984278.exe
c:\windows\system32\5F4.tmp
c:\windows\system32\520984.BAT
c:\windows\system32\1C10.tmp
c:\windows\system32\1A0C.tmp
c:\windows\system32\1623.tmp
c:\windows\system32\871E.tmp
c:\windows\system32\8373.tmp
c:\windows\system32\8568.tmp
c:\windows\system32\A67E.tmp
c:\windows\system32\A207.tmp
c:\windows\system32\A40C.tmp
c:\windows\system32\97109.BAT
c:\windows\system32\D586.tmp
c:\windows\system32\D808.tmp
c:\windows\system32\7932.tmp
c:\windows\system32\7B94.tmp
c:\windows\system32\93250.BAT
c:\windows\system32\819E.tmp
c:\windows\system32\8384.tmp
c:\windows\system32\91765.BAT
c:\programdata\PKP_DLdw.DAT
c:\programdata\PKP_DLdu.DAT
c:\windows\system32\drivers\zdilblnu9.sys
c:\windows\system32\5B4C.tmp
c:\windows\system32\5F54.tmp
c:\windows\system32\5928.tmp
C:\cikfj56ri108.bat
C:\jidh7to108.bat
C:\wy33c108.bat
c:\windows\system32\8569864.exe
C:\olifk56bs108.bat
c:\windows\system32\8902967.exe
c:\windows\system32\804603.exe
C:\kuf58g4sda108.bat
c:\windows\system32\257133.exe
C:\jsdrthg1cd108.bat
c:\windows\system32\2069926.exe
C:\kjderkic108.bat
c:\windows\system32\580604.exe
C:\xvhuy12d108.bat
c:\windows\system32\9032386.exe
c:\windows\system32\1212257.exe
C:\nkrxuhut.exe

:Commands
[emptytemp]
[Reboot]
* Paste the copied text (press Ctrl-V) into the "Paste Instructions for Items to be Moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTM
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

3. Please post a new DDS log, together with the logfile from OTM.

#6 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2009 - 12:29 PM

Because you didn't reply anymore, I am closing this topic.
If you want to have this topic reopened, please feel free to send me a private message.

All others, please start a new topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users