Cannot get rid of a google redirect virus

johnb35 said:
Please remove these programs by using add/remove programs in control panel.

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 7
MyIdentityDefender Toolbar (CyberDefender Corporation) Hopefully this will uninstall since it is part of the infection.
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)

Then go here to download the latest version of Java.

http://www.java.com/en/download/index.jsp
Click to expand...



Yes MyIdentityDefender Toolbar (CyberDefender Corporation) did uninstall.
And I did install the latest version of java. Thanks again for the help.
 
Please rerun hijackthis and place a check next to the following entry.

O20 - Winlogon Notify: mllmk - C:\WINDOWS\

Then click on fix checked at the bottom.

If I were you I would consider changing your antivirus to a more reputable program and uninstall your current one. You have 4 good free reputable programs to choose from or buy a paid version of many available.

AVG - which I use and install on all my clients computers
AVIRA
AVAST
Microsoft Security Essentials.
 
johnb35 said:
Please rerun hijackthis and place a check next to the following entry.

O20 - Winlogon Notify: mllmk - C:\WINDOWS\

Then click on fix checked at the bottom.

If I were you I would consider changing your antivirus to a more reputable program and uninstall your current one. You have 4 good free reputable programs to choose from or buy a paid version of many available.

AVG - which I use and install on all my clients computers
AVIRA
AVAST
Microsoft Security Essentials.
Click to expand...

When I ran combofix it deleted Cyberdefender (my antivirus program) minus a couple of shortcuts that no longer function so I deleted them. I am downloading AVG currently freeware. Do you suggest the full version?
 
I decided to go with Microsoft Security Essentials instead or at least temporarily. And it already discovered a trojan and removed it. Trojan:Win32/Malagent. I will keep my fingers crossed. Any other suggestions? Thank you for the help.
 
Cyberdefender is actually bad software thats why it got removed. You aren't the only person that got hit with this. Look here.

http://www.complaintsboard.com/complaints/cyberdefender-c95821.html


I thought you were running Authentium because of these files. Did you used to run it?

O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

We need to get them removed.

Go into add/remove programs and uninstall this entry

AVSDK5

reboot the machine and post a fresh hijackthis log.
 
I am not sure if that was something the cyberdefender tech downloaded to help him remove the last problem I had. The company would remote fix my computer for me (this was one thing I enjoyed being able to watch them clean the computer and learn as much as I could). I think there software sucked and they were just selling the tech support packages. Their software would allow a number of threats through than thier tech's look like your hero when they clean your computer and it seems to run faster.Anyway enuff of a rant about cyberscammers.

I tried to find AVSDK5 in add/remove in control panel and couldn't find it. I did a search and came up with
AthentiumExeption.ini C:WINDOWS 1kb configuration settings 7/11/2010 3:42
Athentium C:Program Files\Common Files File folder 6/13/2010 3:11
AthentiumExeption.ini C:Qoobox\Quarantine\C\Progr... 1kb Vir File 7/11/2010 3:42
eBlocsAthentium.dll.vir C:Qoobox\Quarantine\C\Progr... 791 kb Vir File 6/13/2010 4:54
 
Realized I had to delete/fix through HijackThis or at least I hope I was supposed to lol.Here is the updated log file,


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:05 PM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\jetNT\jsdaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C919AC-AB31-40D4-8E2C-60FFBE3272A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{A744EB18-4B38-400C-BF1D-17400493164B}: NameServer = 71.250.0.12 71.242.0.12
O20 - Winlogon Notify: mllmk - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetNT\jsdaemon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 5017 bytes
 
Last edited:
Did you have hijackthis fix this entry?

O20 - Winlogon Notify: mllmk - C:\WINDOWS\


If not, please do so now.
 
This is new file after trying to fix that file 3 times

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:48 PM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\jetNT\jsdaemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11C919AC-AB31-40D4-8E2C-60FFBE3272A2}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{A744EB18-4B38-400C-BF1D-17400493164B}: NameServer = 71.250.0.12 71.242.0.12
O20 - Winlogon Notify: mllmk - C:\WINDOWS\
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetNT\jsdaemon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 5018 bytes
 
Do a search for this filename

mllmk

and tell me where the locations of the file is besides c:\windows


You must manually delete these.
 
Hit Start and than search and typed in both mllmk and Winlogon Notify came up with nothing. It didn't even list it as a folder in C.
 
How do I manually delete this file (O20 - Winlogon Notify: mllmk - C:\WINDOWS\) if I do a search for said file and it does not come up? I tried to fix it through HiJack but it didn't delete the file. Should I just leave it alone?
 
Do you feel comfortable editing the registry? It should get removed. Click start, click run, type regedit, click ok. Click the edit menu, click find. IN the find what box type

mllmk

click find next.

It should only find one entry, right click, click on delete on that one entry only.

click on find next again. It shouldn't find it again hopefully.
 
johnb35 said:
Do you feel comfortable editing the registry? It should get removed. Click start, click run, type regedit, click ok. Click the edit menu, click find. IN the find what box type

mllmk

click find next.

It should only find one entry, right click, click on delete on that one entry only.

click on find next again. It shouldn't find it again hopefully.
Click to expand...

Ok so I deleted mllmk. Searched for it again and there was some default file left over which I deleted also. There seems to be a lot of old programs in my registry that I no longer have including Authentium, Symantec, Trend micro,etc. Is this normal??
 
You can use ccleaner to clear out all that leftover data.

Open Ccleaner, click on Registry on the left, make sure all boxes are checked and then click on scan for issues, when its done scanning click on fix issues. You may have to do that a few times to get everything cleaned out.
 
johnb35 said:
You can use ccleaner to clear out all that leftover data.

Open Ccleaner, click on Registry on the left, make sure all boxes are checked and then click on scan for issues, when its done scanning click on fix issues. You may have to do that a few times to get everything cleaned out.
Click to expand...

Ok all done. I feel like a kid at a candy store I have never done anything like this before and the fact that all this stuff was still on my computer even after Cyberdefender techs cleaned my computer several times makes me feel like an idiot for trusting them in the firstplace. John you have done more to help me and educate me in 2 days than that company did in a year. Thank you. I am also considering starting to use firefox. Is it really that good ??
 
Last edited:
Firefox is less prone to malware infections than Internet Explorer is. However, its just a matter of educating yourself on where and where not to go online.

I've made a sticky thread about the major brands of antivirus/malware/firewall programs with recommendations.

http://www.computerforum.com/166728-list-security-programs-use.html

I would not recommend downloading any software that is not in this thread unless it's something new that just came out or have ran it by us here at the forum.
 
After Scan Log

ComboFix 12-10-17.05 - C Dogg 10/17/2012 14:42:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.447.136 [GMT -5:00]
Running from: c:\users\C Dogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43DEXN0S\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFRABF4.tmp
c:\progra~1\WEBFET~2\bar\1.bin\ybBAr.dll
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\gen1\COMMON.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files\MyWebSearch\bar\jsifb\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\wbnotify\COMMON.F3S
c:\program files\ShoppingReport
c:\program files\TelevisionFanaticEI
c:\program files\UNWISE.EXE
c:\program files\WebfettiIE\bar\1.bin\ybBAr.dll
c:\program files\WebfettiIE\bar\1.bin\ybSRcas.dll
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEula.mht
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\Logs\2009-01-13 16-35-220.log
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\filelist.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-0.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-1.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-10.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-100.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-101.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-102.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-103.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-104.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-105.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-106.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-107.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-108.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-109.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-11.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-110.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-111.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-112.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-113.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-114.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-115.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-116.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-117.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-118.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-119.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-12.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-120.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-121.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-122.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-123.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-124.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-125.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-126.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-127.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-128.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-129.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-13.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-130.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-131.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-132.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-133.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-134.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-135.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-136.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-137.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-138.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-139.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-14.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-140.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-141.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-142.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-143.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-144.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-145.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-146.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-147.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-148.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-149.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-15.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-150.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-151.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-152.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-153.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-154.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-155.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-156.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-157.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-158.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-159.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-16.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-160.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-161.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-162.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-163.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-164.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-165.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-166.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-167.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-168.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-169.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-17.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-170.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-171.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-172.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-173.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-174.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-175.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-176.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-177.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-178.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-179.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-18.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-180.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-181.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-182.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-183.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-184.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-185.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-186.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-187.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-188.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-189.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-19.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-190.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-191.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-192.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-193.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-194.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-195.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-196.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-197.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-198.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-199.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-2.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-20.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-200.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-201.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-202.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-203.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-204.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-205.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-206.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-207.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-208.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-209.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-21.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-210.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-211.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-212.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-213.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-214.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-215.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-216.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-217.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-218.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-219.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-22.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-220.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-221.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-222.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-223.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-224.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-225.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-226.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-227.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-228.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-229.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-23.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-230.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-231.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-232.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-233.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-234.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-235.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-236.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-237.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-238.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-239.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-24.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-240.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-241.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-242.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-243.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-244.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-245.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-246.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-247.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-248.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-249.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-25.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-250.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-251.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-252.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-253.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-254.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-255.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-256.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-257.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-258.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-259.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-26.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-260.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-261.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-262.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-263.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-264.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-265.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-266.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-267.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-268.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-269.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-27.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-270.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-271.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-272.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-273.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-274.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-275.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-276.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-277.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-278.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-279.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-28.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-280.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-281.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-282.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-283.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-284.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-285.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-286.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-287.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-288.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-289.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-29.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-290.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-291.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-292.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-293.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-294.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-295.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-296.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-297.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-298.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-299.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-3.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-30.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-300.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-301.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-302.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-303.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-304.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-305.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-306.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-307.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-308.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-31.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-32.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-33.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-34.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-35.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-36.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-37.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-38.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-39.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-4.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-40.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-41.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-42.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-43.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-44.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-45.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-46.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-47.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-48.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-49.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-5.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-50.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-51.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-52.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-53.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-54.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-55.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-56.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-57.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-58.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-59.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-6.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-60.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-61.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-62.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-63.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-64.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-65.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-66.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-67.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-68.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-69.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-7.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-70.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-71.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-72.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-73.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-74.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-75.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-76.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-77.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-78.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-79.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-8.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-80.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-81.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-82.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-83.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-84.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-85.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-86.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-87.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-88.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-89.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-9.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-90.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-91.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-92.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-93.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-94.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-95.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-96.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-97.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-98.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\QuarantineW\2009-01-13 16-36-400\regb-99.db
c:\users\C Dogg\AppData\Roaming\ErrorRepairTool\resultsw.db
c:\users\C Dogg\AppData\Roaming\PriceGong
c:\users\C Dogg\AppData\Roaming\System Doctor Free
c:\users\C Dogg\AppData\Roaming\System Doctor Free\Logs\update.log
c:\users\C Dogg\AppData\Roaming\WeatherDPA
c:\users\C Dogg\AppData\Roaming\WeatherDPA\Weather\log.txt
c:\users\C Dogg\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\C Dogg\AppData\Roaming\Zango
c:\users\C Dogg\Toontown-setup.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 20:06 . 2012-10-17 21:05 -------- d-----w- c:\users\C Dogg\AppData\Local\temp
2012-10-17 20:06 . 2012-10-17 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 17:52 . 2012-10-17 17:52 -------- d-----w- c:\program files\CCleaner
2012-10-17 07:12 . 2012-10-17 07:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97FDEA30-A315-44C2-ACEF-2B85D6A2A554}\offreg.dll
2012-10-16 08:03 . 2012-09-19 05:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97FDEA30-A315-44C2-ACEF-2B85D6A2A554}\mpengine.dll
2012-10-10 02:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 02:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 02:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 02:53 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 02:53 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 02:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 02:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-05 17:20 . 2012-10-05 17:20 -------- d-----w- c:\programdata\353B7
2012-09-23 21:48 . 2012-09-23 21:48 -------- d-----w- c:\users\C Dogg\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 18:44 . 2012-07-24 18:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 18:44 . 2011-05-24 15:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 01:34 . 2012-01-05 01:55 161736 ----a-w- c:\program files\64res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edd4f682-e67a-4175-bb45-c4066da2f7d9}"= "c:\program files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll" [2012-01-14 62864]
.
[HKEY_CLASSES_ROOT\clsid\{edd4f682-e67a-4175-bb45-c4066da2f7d9}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-12-08 19:22 2735200 ----a-w- c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f29557fd-78aa-40e6-aba8-9fa219764018}]
2010-12-09 18:51 3911776 ----a-w- c:\program files\Radio_TV_1\tbRadi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-08 2735200]
"{f29557fd-78aa-40e6-aba8-9fa219764018}"= "c:\program files\Radio_TV_1\tbRadi.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{f29557fd-78aa-40e6-aba8-9fa219764018}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-12-08 2735200]
"{F29557FD-78AA-40E6-ABA8-9FA219764018}"= "c:\program files\Radio_TV_1\tbRadi.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{f29557fd-78aa-40e6-aba8-9fa219764018}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cdasnative
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareMaster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMN
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bomgar_Cleanup_AF9057067030744]
del [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bomgar_Cleanup_ZD9057864220962]
rd [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Early Detection Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender Early Detection Center Upgrader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDoctor Free
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 17:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 16:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender AntiSpyware 2010]
2010-06-04 17:03 19303752 ----a-w- c:\program files\CyberDefender\CDAntiSpyware\CDAS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 16:54 150016 ----a-w- c:\program files\Hp\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 20:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2002-04-11 14:36 1458448 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NielsenOnline]
2010-11-17 17:38 47424 ----a-w- c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-20 06:04 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-20 06:04 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurBabymaker Search Scope Monitor]
2012-01-14 21:58 38440 ----a-w- c:\progra~1\OURBAB~2\bar\1.bin\27SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurBabyMaker_27 Browser Plugin Loader]
2012-01-14 21:58 30096 ----a-w- c:\progra~1\OURBAB~2\bar\1.bin\27brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 17:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-15 09:07 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-08-21 13:07 5576408 ----a-w- c:\users\C Dogg\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-08-21 13:07 1193176 ----a-w- c:\users\C Dogg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-04-29 15:38 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebfettiIE Browser Plugin Loader]
2010-12-25 03:37 20480 ----a-w- c:\progra~1\WEBFET~2\bar\1.bin\ybbrmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 18:44]
.
2012-10-17 c:\windows\Tasks\CyberDefender AntiSpyware 2010.job
- c:\program files\CyberDefender\CDAntiSpyware\CDAS.exe [2011-06-16 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{DD662A0C-12FE-4B38-BA53-247F7EC82F46} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BackUpDutyLite - c:\program files\BackUpDutyLite\BackUpDutyLite.exe
MSConfigStartUp-CyberDefender Registry Cleaner - c:\program files\cyberdefender\registry cleaner\Startcdrc.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-PCPowerSpeed - c:\program files\PCPowerSpeed\PCPowerTray.exe
MSConfigStartUp-RegWork - c:\program files\RegWork\RegWork.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-TelevisionFanatic Browser Plugin Loader - c:\progra~1\TELEVI~2\bar\1.bin\64brmon.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Zynga Toolbar - c:\progra~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-17 16:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1187534965-2613986523-2937727801-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*ø[^tf®_-N'`ñ‚‡e]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1187534965-2613986523-2937727801-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2*ø[^tf®_-N'`ñ‚‡e\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3388)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
c:\progra~1\OURBAB~2\bar\1.bin\27barsvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\progra~1\WEBFET~2\bar\1.bin\ybbarsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-10-17 16:15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-17 21:14
.
Pre-Run: 9,643,278,336 bytes free
Post-Run: 10,644,017,152 bytes free
.
- - End Of File - - CB458AD344E0734DBB64F05280CC8C1D
 
You must log in or register to reply here.
Back
Top