Fake Antivirus Alert-hijackthis log

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Fake Antivirus Alert-hijackthis log

Postby devangel » Mon Mar 22, 2010 9:06 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Faisal at 2010-03-22 15:41:25
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 119 GB (53%) free of 226 GB
Total RAM: 1977 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:45 PM, on 3/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ParetoLogic\FileCure\FileCure.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Faisal\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Users\Faisal\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\8c2a8ec\CU8c2a.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Translate Client\translateclient.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Users\Faisal\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Faisal\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Faisal.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\hijackthis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Faisal\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_4736z
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/def ... com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://id.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://aa.rd.yahoo.com/customize/ie/def ... com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://aa.rd.yahoo.com/customize/ie/def ... com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://id.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://aa.rd.yahoo.com/customize/ie/def ... com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoods.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Faisal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Faisal\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\Faisal\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CleanUp Antivirus] "C:\ProgramData\8c2a8ec\CU8c2a.exe" /s /d
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRman000
O8 - Extra context menu item: Download all links with IDM - C:\Users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AB20FA-4281-4EEA-893C-29E6CDA90A9B}: NameServer = 202.134.0.96,222.124.204.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{22AB20FA-4281-4EEA-893C-29E6CDA90A9B}: NameServer = 202.134.0.96,222.124.204.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17240 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\FileCure Startup.job
C:\Windows\tasks\FileCure.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1496676750-2994780868-2124275657-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1496676750-2994780868-2124275657-1000UA.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\User_Feed_Synchronization-{EF204864-2242-4446-98FA-5C0AFF293C9B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoods.dll [2010-01-21 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-07-31 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [2009-07-31 736240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-07-31 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-07-31 2554680]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-07-31 909040]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL []
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll [2010-01-21 167936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-01 6957600]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-12 186904]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-02-12 862728]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-23 30192]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-05-05 251648]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-05-04 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-10-28 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2008-10-28 346672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-11-05 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-11-05 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-11-05 154136]
"PLFSetI"=C:\Windows\PLFSetI.exe [2009-07-07 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-02-20 156968]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-02-20 202024]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2009-02-07 173288]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2008-09-23 798720]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2009-08-13 24576]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=2 /w /h []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-03-01 1833504]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Google Update"=C:\Users\Faisal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
"googletalk"=C:\Users\Faisal\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"SmileboxTray"=C:\Users\Faisal\AppData\Roaming\Smilebox\SmileboxTray.exe [2010-03-10 287368]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-03 3882312]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []
"CleanUp Antivirus"=C:\ProgramData\8c2a8ec\CU8c2a.exe [2010-03-21 2693120]
"SM?RT-Protection"=C:\Program Files\Smadav\SM?RTP.exe [2010-03-21 1466402]
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe [2009-12-28 2137600]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Translate Client.lnk - C:\Program Files\Translate Client\translateclient.exe

C:\Users\Faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
OneNote Table Of Contents.onetoc2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-10-28 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f06d32f-baf7-11de-a9e8-00235aebf6ba}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7f752aa-e9bb-11de-b7b6-00235aebf6ba}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-22 15:38:58 ----D---- C:\Program Files\trend micro
2010-03-22 15:38:57 ----D---- C:\rsit
2010-03-21 21:10:41 ----D---- C:\ProgramData\Kaspersky Lab
2010-03-21 21:10:41 ----D---- C:\Program Files\Kaspersky Lab
2010-03-21 21:03:47 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2010-03-21 20:07:23 ----D---- C:\Users\Faisal\AppData\Roaming\Sammsoft
2010-03-21 19:40:10 ----D---- C:\Program Files\Advanced Registry Optimizer
2010-03-21 19:06:31 ----D---- C:\QUARANTENA_VIRIT
2010-03-21 19:00:21 ----A---- C:\Windows\system32\ztvunrar36.dll
2010-03-21 19:00:21 ----A---- C:\Windows\system32\ztvunace26.dll
2010-03-21 19:00:21 ----A---- C:\Windows\system32\ztvcabinet.dll
2010-03-21 19:00:21 ----A---- C:\Windows\system32\unrar3.dll
2010-03-21 19:00:21 ----A---- C:\Windows\system32\unacev2.dll
2010-03-21 19:00:18 ----D---- C:\Users\Faisal\AppData\Roaming\Simply Super Software
2010-03-21 19:00:18 ----D---- C:\ProgramData\Simply Super Software
2010-03-21 17:14:45 ----D---- C:\Program Files\Smadav
2010-03-21 17:14:36 ----SHD---- C:\[Smad-Cage]
2010-03-21 01:25:21 ----SHD---- C:\Users\Faisal\AppData\Roaming\CleanUp Antivirus
2010-03-21 01:15:34 ----SHD---- C:\ProgramData\CUXYXNXKHAA
2010-03-21 01:11:48 ----SHD---- C:\ProgramData\8c2a8ec
2010-03-14 14:20:42 ----D---- C:\Program Files\facemoods.com
2010-02-27 09:59:43 ----D---- C:\Users\Faisal\AppData\Roaming\Xilisoft
2010-02-27 09:54:49 ----D---- C:\Program Files\MSECache
2010-02-27 09:54:26 ----D---- C:\Program Files\Xilisoft
2010-02-27 08:13:22 ----D---- C:\Users\Faisal\AppData\Roaming\GeoVid
2010-02-27 08:13:09 ----A---- C:\Windows\system32\gdiplus.dll
2010-02-27 08:13:09 ----A---- C:\Windows\system32\dsetup.dll
2010-02-27 08:13:05 ----D---- C:\ProgramData\GeoVid
2010-02-27 08:13:05 ----D---- C:\Program Files\Common Files\GeoVid
2010-02-27 08:13:04 ----D---- C:\Program Files\GeoVid
2010-02-27 07:08:10 ----D---- C:\Program Files\E.M. PowerPoint Video Converter
2010-02-26 16:45:05 ----D---- C:\Program Files\Windows Portable Devices
2010-02-26 12:26:48 ----A---- C:\Windows\system32\UIAnimation.dll
2010-02-26 12:26:47 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-02-26 12:26:47 ----A---- C:\Windows\system32\UIRibbon.dll
2010-02-26 12:26:15 ----A---- C:\Windows\system32\WMPhoto.dll
2010-02-26 12:26:15 ----A---- C:\Windows\system32\cdd.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\xpsservices.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\XpsPrint.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-02-26 12:26:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\OpcServices.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\FntCache.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\dxdiagn.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\dxdiag.exe
2010-02-26 12:26:14 ----A---- C:\Windows\system32\DWrite.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\d3d10warp.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\d3d10level9.dll
2010-02-26 12:26:14 ----A---- C:\Windows\system32\d2d1.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\dxgi.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\d3d11.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\d3d10core.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\d3d10_1.dll
2010-02-26 12:26:13 ----A---- C:\Windows\system32\d3d10.dll
2010-02-26 12:25:53 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-02-26 12:25:52 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-02-26 12:25:52 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-02-26 12:25:44 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-02-26 12:25:41 ----A---- C:\Windows\system32\wpdshext.dll
2010-02-26 12:25:41 ----A---- C:\Windows\system32\wpd_ci.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\WPDSp.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-02-26 12:25:40 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-02-26 12:24:51 ----A---- C:\Windows\system32\oleaccrc.dll
2010-02-26 12:24:50 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-02-26 12:24:50 ----A---- C:\Windows\system32\oleacc.dll
2010-02-25 08:39:28 ----A---- C:\Windows\system32\gameux.dll
2010-02-25 08:39:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-25 08:39:27 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 21:31:35 ----D---- C:\Windows\system32\eu-ES
2010-02-24 21:31:35 ----D---- C:\Windows\system32\ca-ES
2010-02-24 21:31:33 ----D---- C:\Windows\system32\vi-VN
2010-02-24 03:34:20 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 03:34:11 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 03:33:59 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 03:33:59 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 03:33:59 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 03:33:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 03:33:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 03:33:58 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 03:33:58 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 03:33:58 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 03:33:58 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 04:52:08 ----D---- C:\Program Files\FunWebProducts
2010-02-23 04:52:07 ----D---- C:\Program Files\MyWebSearch

======List of files/folders modified in the last 1 months======

2010-03-22 15:56:35 ----D---- C:\Windows\Temp
2010-03-22 15:56:33 ----D---- C:\Program Files\Mozilla Firefox
2010-03-22 15:53:02 ----D---- C:\Windows\System32
2010-03-22 15:38:58 ----RD---- C:\Program Files
2010-03-22 15:15:03 ----D---- C:\Windows\tracing
2010-03-22 15:12:45 ----D---- C:\Windows\inf
2010-03-22 15:12:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-22 15:02:50 ----SHD---- C:\System Volume Information
2010-03-22 14:40:04 ----SHD---- C:\Windows\Installer
2010-03-22 14:35:27 ----D---- C:\Windows
2010-03-21 21:37:21 ----SD---- C:\ProgramData\Microsoft
2010-03-21 21:12:11 ----D---- C:\Windows\system32\drivers
2010-03-21 21:11:55 ----D---- C:\Windows\system32\catroot
2010-03-21 21:10:41 ----HD---- C:\ProgramData
2010-03-21 21:06:19 ----RSD---- C:\Windows\assembly
2010-03-21 20:02:42 ----A---- C:\Windows\win.ini
2010-03-21 19:06:26 ----D---- C:\Windows\Tasks
2010-03-21 17:12:22 ----D---- C:\Windows\Prefetch
2010-03-19 18:45:53 ----D---- C:\Windows\system32\catroot2
2010-03-16 22:14:10 ----A---- C:\Windows\winamp.ini
2010-03-13 14:49:49 ----D---- C:\Users\Faisal\AppData\Roaming\Smilebox
2010-03-12 10:56:17 ----D---- C:\Windows\winsxs
2010-03-12 03:03:27 ----D---- C:\Program Files\Windows Mail
2010-03-12 03:03:15 ----D---- C:\ProgramData\Microsoft Help
2010-03-11 03:03:11 ----D---- C:\Program Files\Movie Maker
2010-03-03 00:04:42 ----D---- C:\Users\Faisal\AppData\Roaming\translateclient
2010-03-03 00:04:38 ----D---- C:\Program Files\Translate Client
2010-03-02 12:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-27 08:13:09 ----D---- C:\Program Files\Microsoft Office
2010-02-27 08:13:05 ----D---- C:\Program Files\Common Files
2010-02-27 07:08:14 ----RSD---- C:\Windows\Fonts
2010-02-26 22:33:23 ----D---- C:\Windows\Microsoft.NET
2010-02-26 17:03:58 ----D---- C:\Windows\rescache
2010-02-26 16:48:25 ----D---- C:\Windows\system32\Tasks
2010-02-26 16:45:07 ----D---- C:\Windows\system32\en-US
2010-02-26 16:45:04 ----D---- C:\Windows\system32\wbem
2010-02-26 16:45:02 ----D---- C:\Windows\system32\pt-PT
2010-02-26 16:45:02 ----D---- C:\Windows\system32\pt-BR
2010-02-26 16:45:02 ----D---- C:\Windows\system32\it-IT
2010-02-26 16:45:02 ----D---- C:\Windows\system32\he-IL
2010-02-26 16:45:02 ----D---- C:\Windows\system32\bg-BG
2010-02-26 16:45:01 ----D---- C:\Windows\system32\zh-TW
2010-02-26 16:45:01 ----D---- C:\Windows\system32\zh-HK
2010-02-26 16:45:01 ----D---- C:\Windows\system32\zh-CN
2010-02-26 16:45:01 ----D---- C:\Windows\system32\uk-UA
2010-02-26 16:45:01 ----D---- C:\Windows\system32\tr-TR
2010-02-26 16:45:01 ----D---- C:\Windows\system32\th-TH
2010-02-26 16:45:01 ----D---- C:\Windows\system32\sv-SE
2010-02-26 16:45:01 ----D---- C:\Windows\system32\sr-Latn-CS
2010-02-26 16:45:01 ----D---- C:\Windows\system32\sl-SI
2010-02-26 16:45:01 ----D---- C:\Windows\system32\sk-SK
2010-02-26 16:45:01 ----D---- C:\Windows\system32\pl-PL
2010-02-26 16:45:01 ----D---- C:\Windows\system32\nl-NL
2010-02-26 16:45:01 ----D---- C:\Windows\system32\lv-LV
2010-02-26 16:45:01 ----D---- C:\Windows\system32\lt-LT
2010-02-26 16:45:01 ----D---- C:\Windows\system32\ko-KR
2010-02-26 16:45:01 ----D---- C:\Windows\system32\hu-HU
2010-02-26 16:45:01 ----D---- C:\Windows\system32\hr-HR
2010-02-26 16:45:01 ----D---- C:\Windows\system32\fr-FR
2010-02-26 16:45:01 ----D---- C:\Windows\system32\fi-FI
2010-02-26 16:45:01 ----D---- C:\Windows\system32\et-EE
2010-02-26 16:45:01 ----D---- C:\Windows\system32\es-ES
2010-02-26 16:45:01 ----D---- C:\Windows\system32\el-GR
2010-02-26 16:45:01 ----D---- C:\Windows\system32\de-DE
2010-02-26 16:45:01 ----D---- C:\Windows\system32\cs-CZ
2010-02-26 16:45:00 ----D---- C:\Windows\system32\ru-RU
2010-02-26 16:45:00 ----D---- C:\Windows\system32\ro-RO
2010-02-26 16:45:00 ----D---- C:\Windows\system32\nb-NO
2010-02-26 16:45:00 ----D---- C:\Windows\system32\ja-JP
2010-02-26 16:45:00 ----D---- C:\Windows\system32\da-DK
2010-02-26 16:45:00 ----D---- C:\Windows\system32\ar-SA
2010-02-26 16:44:57 ----D---- C:\Windows\AppPatch
2010-02-26 14:52:18 ----D---- C:\Windows\system32\WDI
2010-02-24 21:39:05 ----SHD---- C:\Boot
2010-02-24 21:33:01 ----D---- C:\Program Files\Windows Calendar
2010-02-24 21:32:59 ----D---- C:\Program Files\Windows Sidebar
2010-02-24 21:32:59 ----D---- C:\Program Files\Windows Media Player
2010-02-24 21:32:59 ----D---- C:\Program Files\Internet Explorer
2010-02-24 21:32:58 ----D---- C:\Program Files\Windows Collaboration
2010-02-24 21:32:57 ----D---- C:\Program Files\Common Files\System
2010-02-24 21:32:56 ----D---- C:\Program Files\Windows Photo Gallery
2010-02-24 21:32:52 ----D---- C:\Windows\servicing
2010-02-24 21:32:52 ----D---- C:\Program Files\Windows Defender
2010-02-24 21:32:41 ----D---- C:\Windows\IME
2010-02-24 21:32:40 ----D---- C:\Windows\system32\XPSViewer
2010-02-24 21:32:37 ----D---- C:\Windows\system32\oobe
2010-02-24 21:32:37 ----D---- C:\Windows\system32\migration
2010-02-24 21:32:32 ----D---- C:\Windows\system32\SLUI
2010-02-24 21:32:32 ----D---- C:\Windows\system32\setup
2010-02-24 21:32:32 ----D---- C:\Windows\system32\AdvancedInstallers
2010-02-24 21:32:31 ----D---- C:\Windows\system32\manifeststore
2010-02-24 21:32:31 ----D---- C:\Windows\system32\en
2010-02-24 21:32:26 ----D---- C:\Windows\system32\migwiz
2010-02-24 21:31:33 ----D---- C:\Windows\system32\Boot
2010-02-24 21:30:19 ----D---- C:\Windows\system32\RTCOM
2010-02-23 04:52:26 ----D---- C:\ProgramData\Yahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2010-03-21 311312]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-10 19504]
R2 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-10 16432]
R2 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-10 59952]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-03 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-01-20 1205312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-01 2330976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-11-13 57344]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-30 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-11 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-02-25 112992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-01-19 517120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-02-23 62976]
S3 td_cbus;BRIDGE COMMUNICATION USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\td_cbus.sys [2003-10-16 51040]
S3 td_cmdfl;BRIDGE COMMUNICATION Handset Filter; C:\Windows\system32\DRIVERS\td_cmdfl.sys [2003-10-16 6032]
S3 td_cmdm;BRIDGE COMMUNICATION Handset Drivers; C:\Windows\system32\DRIVERS\td_cmdm.sys [2003-10-16 82608]
S3 td_cserd;BRIDGE COMMUNICATION Handset Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\td_cserd.sys [2003-10-16 64064]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-08-06 24640]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-14 578848]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-19 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-04 707104]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-12 354840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-28 306736]
R2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-08-06 5497856]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-05 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-24 144632]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-23 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 138168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-24 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-08-13 306432]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

-----------------EOF-----------------
devangel
 
Posts: 2
Joined: Mon Mar 22, 2010 8:55 am

Re: Fake Antivirus Alert-hijackthis log

Postby devangel » Mon Mar 22, 2010 10:24 am

ComboFix 10-03-21.03 - Faisal 03/22/2010 16:54:31.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.62.1033.18.1977.667 [GMT 7:00]
Running from: c:\users\Faisal\Documents\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1496676750-2994780868-2124275657-500
c:\$recycle.bin\S-1-5-21-4238190956-3723616882-135069847-500
c:\program files\FunWebProducts
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\temp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Faisal\AppData\Roaming\.#
c:\users\Faisal\AppData\Roaming\.#\MBX@1448@1C72928.###
c:\users\Faisal\AppData\Roaming\.#\MBX@1448@1C72958.###
c:\users\Faisal\AppData\Roaming\.#\MBX@1448@1C72988.###
c:\users\Faisal\AppData\Roaming\.#\MBX@BC8@1CC2928.###
c:\users\Faisal\AppData\Roaming\.#\MBX@BC8@1CC2958.###
c:\users\Faisal\AppData\Roaming\.#\MBX@BC8@1CC2988.###
c:\users\Faisal\AppData\Roaming\CleanUp Antivirus
c:\users\Faisal\AppData\Roaming\CleanUp Antivirus\cookies.sqlite
c:\windows\SW_Win2146X32.DLL
c:\windows\system32\Connect.dll
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 10:06 . 2010-03-22 10:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 09:25 . 2010-02-24 03:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-22 08:38 . 2010-03-22 08:52 -------- d-----w- c:\program files\trend micro
2010-03-22 08:38 . 2010-03-22 08:40 -------- d-----w- C:\rsit
2010-03-21 14:12 . 2010-03-21 14:12 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-03-21 14:12 . 2010-03-21 14:12 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-03-21 14:10 . 2010-03-22 09:14 -------- d-----w- c:\programdata\Kaspersky Lab
2010-03-21 14:10 . 2010-03-21 14:10 -------- d-----w- c:\program files\Kaspersky Lab
2010-03-21 14:03 . 2010-03-21 14:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-03-21 13:07 . 2010-03-21 13:07 -------- d-----w- c:\users\Faisal\AppData\Roaming\Sammsoft
2010-03-21 12:40 . 2010-03-22 08:29 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-03-21 12:18 . 2010-03-21 12:18 256 ----a-w- c:\windows\listcmd.bin
2010-03-21 12:06 . 2010-03-21 14:08 -------- d-----w- C:\QUARANTENA_VIRIT
2010-03-21 12:01 . 2010-03-21 12:01 -------- d-----w- c:\users\Faisal\AppData\Local\PackageAware
2010-03-21 12:00 . 2006-06-19 05:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-21 12:00 . 2006-05-25 07:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-21 12:00 . 2005-08-25 17:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-21 12:00 . 2003-02-02 12:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-03-21 12:00 . 2002-03-05 17:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-21 12:00 . 2010-03-21 12:00 -------- d-----w- c:\users\Faisal\AppData\Roaming\Simply Super Software
2010-03-21 12:00 . 2010-03-21 12:00 -------- d-----w- c:\programdata\Simply Super Software
2010-03-21 10:14 . 2010-03-21 10:14 -------- d-----w- c:\program files\Smadav
2010-03-21 10:14 . 2010-03-21 12:33 -------- d-----w- C:\[Smad-Cage]
2010-03-20 18:15 . 2010-03-20 18:15 -------- d-sh--w- c:\programdata\CUXYXNXKHAA
2010-03-20 18:11 . 2010-03-22 09:14 -------- d-sh--w- c:\programdata\8c2a8ec
2010-03-14 07:20 . 2010-03-14 07:20 -------- d-----w- c:\program files\facemoods.com
2010-03-12 16:34 . 2010-03-12 16:34 5861754 ----a-w- c:\users\Faisal\katalog-oriflame-maret-2010.zip
2010-02-27 02:59 . 2010-02-27 02:59 -------- d-----w- c:\users\Faisal\AppData\Roaming\Xilisoft
2010-02-27 02:54 . 2010-02-27 02:54 -------- d-----w- c:\program files\MSECache
2010-02-27 02:54 . 2010-02-27 02:54 -------- d-----w- c:\program files\Xilisoft
2010-02-27 01:13 . 2010-02-27 01:14 -------- d-----w- c:\users\Faisal\AppData\Roaming\GeoVid
2010-02-27 01:13 . 2005-06-07 08:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-02-27 01:13 . 2004-08-18 08:00 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-27 01:13 . 2010-02-27 01:13 -------- d-----w- c:\programdata\GeoVid
2010-02-27 01:13 . 2010-02-27 01:13 -------- d-----w- c:\program files\Common Files\GeoVid
2010-02-27 01:13 . 2010-02-27 01:13 -------- d-----w- c:\program files\GeoVid
2010-02-27 00:08 . 2010-02-27 00:08 -------- d-----w- c:\program files\E.M. PowerPoint Video Converter
2010-02-26 09:45 . 2010-02-26 09:45 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-26 05:25 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-26 05:25 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-02-26 05:25 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-02-26 05:25 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-02-26 05:25 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-02-26 05:25 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-02-26 05:25 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-02-26 05:25 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-02-26 05:25 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-02-26 05:25 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-02-26 05:25 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-02-26 05:25 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-02-26 05:24 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-26 05:24 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-26 05:24 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-25 01:39 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-25 01:39 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-25 01:39 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 14:31 . 2010-02-24 14:32 -------- d-----w- c:\windows\system32\ca-ES
2010-02-24 14:31 . 2010-02-24 14:32 -------- d-----w- c:\windows\system32\eu-ES
2010-02-24 14:31 . 2010-02-24 14:32 -------- d-----w- c:\windows\system32\vi-VN
2010-02-23 20:34 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:33 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:33 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:33 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:33 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:33 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:33 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:33 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:33 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-22 15:08 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-22 15:08 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 10:08 . 2009-07-07 16:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 09:53 . 2010-03-22 09:53 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-03-22 09:52 . 2010-03-22 09:52 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-03-22 09:15 . 2010-03-22 09:15 43 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
2010-03-22 09:15 . 2010-03-20 18:15 65 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
2010-03-22 08:31 . 2010-03-21 12:47 5 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\FS.drv
2010-03-22 08:18 . 2010-03-21 13:19 56 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
2010-03-22 07:56 . 2010-03-22 07:37 75 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
2010-03-22 07:46 . 2010-03-20 18:16 34 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
2010-03-21 14:15 . 2010-03-21 10:12 74 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
2010-03-21 14:15 . 2010-03-20 18:16 45 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
2010-03-21 13:39 . 2010-03-21 13:39 65 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
2010-03-21 13:08 . 2010-03-21 13:08 2 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
2010-03-21 11:34 . 2010-03-21 11:34 56 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\ppal.sys
2010-03-21 10:12 . 2010-03-21 04:48 18 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
2010-03-21 04:57 . 2010-03-21 04:57 33 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
2010-03-21 04:48 . 2010-03-21 04:48 80 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
2010-03-21 04:48 . 2010-03-21 04:48 35 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
2010-03-21 04:48 . 2010-03-21 04:48 19 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
2010-03-21 04:48 . 2010-03-21 04:48 15 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
2010-03-21 04:48 . 2010-03-20 18:16 24 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
2010-03-20 21:34 . 2010-03-20 21:34 13 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
2010-03-20 19:36 . 2010-03-20 19:36 42 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
2010-03-20 18:25 . 2010-03-20 18:21 2693120 ----a-w- c:\programdata\8c2a8ec\CU8c2a.exe
2010-03-20 18:16 . 2010-03-20 18:15 55 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
2010-03-20 18:16 . 2010-03-20 18:16 28 ----a-w- c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
2010-03-13 07:49 . 2009-12-09 06:40 -------- d-----w- c:\users\Faisal\AppData\Roaming\Smilebox
2010-03-11 20:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 20:03 . 2008-09-28 02:56 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 19:15 . 2009-11-15 19:21 287368 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxTray.exe
2010-03-07 19:32 . 2009-11-21 04:59 79367 ----a-w- c:\users\Faisal\AppData\Roaming\Google\Google Talk\uninstall.exe
2010-03-02 17:04 . 2009-11-19 16:21 -------- d-----w- c:\users\Faisal\AppData\Roaming\translateclient
2010-03-02 17:04 . 2009-11-19 16:21 -------- d-----w- c:\program files\Translate Client
2010-02-27 05:21 . 2009-07-31 13:09 103208 ----a-w- c:\users\Faisal\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-27 00:08 . 2010-03-20 18:15 457688 ----a-w- c:\programdata\8c2a8ec\sqlite3.dll
2010-02-27 00:08 . 2010-03-20 18:15 714200 ----a-w- c:\programdata\8c2a8ec\mozcrt19.dll
2010-02-26 09:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-26 09:44 . 2010-02-26 09:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-24 14:33 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-02-24 14:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-02-24 14:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-02-24 14:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-24 14:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-02-22 21:52 . 2009-08-07 09:22 -------- d-----w- c:\programdata\Yahoo! Companion
2010-02-17 10:05 . 2009-11-16 10:12 397960 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxStarter.exe
2010-02-17 10:05 . 2009-11-16 09:17 168584 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2010-02-17 10:05 . 2009-11-15 19:21 217736 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxDvd.exe
2010-02-17 09:50 . 2010-02-17 09:50 1602184 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxClient.exe
2010-02-17 09:10 . 2010-02-17 09:10 344712 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2010-02-17 09:10 . 2010-02-17 09:10 135816 ----a-w- c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2010-02-12 06:14 . 2010-02-12 06:14 15849560 ----a-w- c:\users\Faisal\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
2010-02-03 17:38 . 2010-02-03 17:38 -------- d-----w- c:\program files\FramePhotoEditor
2010-02-03 12:06 . 2010-02-03 12:06 680 ----a-w- c:\users\Faisal\AppData\Local\d3d9caps.dat
2010-02-03 03:05 . 2008-09-28 03:12 -------- d-----w- c:\program files\Microsoft
2010-02-03 02:54 . 2009-12-19 18:24 -------- d-----w- c:\program files\Microsoft SQL Server
2010-02-03 02:50 . 2010-02-03 02:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 12:29 . 2008-09-28 03:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 16:53 . 2009-12-06 07:15 -------- d-----w- c:\program files\Bridge Communication
2010-01-22 16:47 . 2008-09-28 02:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 15:38 . 2010-02-25 01:39 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-25 01:39 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-25 01:39 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-25 01:39 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-01-26 11:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-26 11:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-26 11:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-26 11:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-23 11:36 . 2009-11-23 11:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
2010-01-21 10:01 225280 ----a-w- c:\program files\facemoods.com\facemoods\1.3.60.32\facemoods.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.3.60.32\facemoodsTlbr.dll" [2010-01-21 167936]

[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Update"="c:\users\Faisal\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-20 133104]
"googletalk"="c:\users\Faisal\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SmileboxTray"="c:\users\Faisal\AppData\Roaming\Smilebox\SmileboxTray.exe" [2010-03-09 287368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2009-12-28 2137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-23 30192]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-05 251648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-04 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-07 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-02-19 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-19 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-02-06 173288]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2009-08-13 24576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

c:\users\Faisal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OneNote Table Of Contents.onetoc2 [2009-8-5 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-2-28 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):f9,fa,bc,27,5f,b5,ca,01

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-23 30192]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 112992]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-01-18 517120]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 td_cbus;BRIDGE COMMUNICATION USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\td_cbus.sys [2003-10-16 51040]
R3 td_cmdfl;BRIDGE COMMUNICATION Handset Filter;c:\windows\system32\DRIVERS\td_cmdfl.sys [2003-10-16 6032]
R3 td_cmdm;BRIDGE COMMUNICATION Handset Drivers;c:\windows\system32\DRIVERS\td_cmdm.sys [2003-10-16 82608]
R3 td_cserd;BRIDGE COMMUNICATION Handset Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\td_cserd.sys [2003-10-16 64064]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-01 2805000]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-04 707104]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-05 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-11-13 57344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]

2010-03-22 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2009-12-13 00:57]

2010-02-14 c:\windows\Tasks\FileCure.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2009-12-13 00:57]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496676750-2994780868-2124275657-1000Core.job
- c:\users\Faisal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 02:25]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1496676750-2994780868-2124275657-1000UA.job
- c:\users\Faisal\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 02:25]

2010-03-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-03-22 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{EF204864-2242-4446-98FA-5C0AFF293C9B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-26 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com
mStart Page = hxxp://id.yahoo.com/
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/def ... com/search
IE: Download all links with IDM - c:\users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEGetAll.htm
IE: Download FLV video content with IDM - c:\users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEGetVL.htm
IE: Download with IDM - c:\users\Faisal\AppData\Local\Temp\Rar$EX00.964\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {22AB20FA-4281-4EEA-893C-29E6CDA90A9B} = 202.134.0.96,222.124.204.34
FF - ProfilePath - c:\users\Faisal\AppData\Roaming\Mozilla\Firefox\Profiles\8ckuweuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Faisal\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-CleanUp Antivirus - c:\programdata\8c2a8ec\CU8c2a.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Convert XLS_is1 - c:\program files\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 17:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):24,81,54,df,ee,e1,59,42,3e,df,4c,16,15,2b,c7,95,92,6d,01,a2,1d,
3b,c1,e5,64,c8,86,28,67,5f,a1,ab,19,2a,2a,85,94,3a,a4,d9,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ca,d9,00,b0,28,6c,a6,3b,24,ed,a1,df,42,54,aa,e9,8d,63,8e,a8,b0,
25,40,f9,4a,9f,0f,0f,11,a8,ab,26,f2,d6,f3,2f,a5,f7,42,07,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{e0fd3edf-6347-4d71-be1c-77fc31f0b392}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000128
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,9b,d7,4f,20,e6,0c,f9,e3,2e,4d,91,eb,9e,ca,8f,8d,ad,2e,e3,66,2a,81,\

[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{fb1bf7b1-937c-4fdd-a675-978fe87e53bf}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000008

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5448)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Smadav\SmadExtc.dll
c:\program files\TuneUp Utilities 2008\SDShelEx-win32.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\shellex.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-03-22 17:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 10:19

Pre-Run: 123,714,723,840 bytes free
Post-Run: 125,176,602,624 bytes free

- - End Of File - - 6B45FACD9967F8E6AC42E4D32BF0E651

is this Okay..??
devangel
 
Posts: 2
Joined: Mon Mar 22, 2010 8:55 am

Re: Fake Antivirus Alert-hijackthis log

Postby patrik » Mon Mar 22, 2010 2:32 pm

Hello, welcome to the Myantispyware forum.

Open notepad, copy/paste the text in the code box below into notepad:
Code: Select all
RegLock::
[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{e0fd3edf-6347-4d71-be1c-77fc31f0b392}]
[HKEY_USERS\S-1-5-21-1496676750-2994780868-2124275657-1000_Classes\CLSID\{fb1bf7b1-937c-4fdd-a675-978fe87e53bf}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
Image
When finished, it will produce a report for you. Save the log to your desktop.

Download and install Malwarebytes Anti-malware (MBAM).
Run, perform Quick Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad (save the log to your desktop) and you may be prompted to Restart.

Post back with MBAM log + combofix log.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 4 guests

cron