virus removal help (hijackthis log inside)

M

master4265

New Member
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:36:13 PM, on 4/9/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\MyWebSearch\bar\8.bin\MWSOEMON.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.startsearcher.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\8.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\8.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\8.bin\MWSBAR.DLL
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: BHO Project - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - C:\Program Files\Object\bho_project.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: closespace - {dc39956d-10ae-498a-46cd-2c40d5234578} - C:\Windows\system32\j6E_UjBQ9-.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\8.bin\MWSBAR.DLL
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\8.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE097C-347A-4078-A3BB-147B62858966}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwssvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11006 bytes
 
You have a mess with My WebSearch. Please do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

After running malwarebytes then rerun a fresh hijackthis log and post both logs.
 
malwarebytes log


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6321

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/9/2011 11:47:05 PM
mbam-log-2011-04-09 (23-47-05).txt

Scan type: Quick scan
Objects scanned: 146348
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 4
Registry Keys Infected: 169
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 32
Files Infected: 102

Memory Processes Infected:
c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> 2076 -> Unloaded process successfully.
c:\program files\mywebsearch\bar\8.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3460 -> Unloaded process successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> 4320 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RelevantKnowledge (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Not selected for removal.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\tv\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge (Spyware.MarketScore) -> Delete on reboot.
c:\program files\relevantknowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.
c:\programdata\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\relevantknowledge\rlls.dll (Adware.RelevantKnowledge) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\8.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\MyWebSearch\bar\8.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\relevantknowledge\rlservice.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\Object\bho_project.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\8.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\nscf.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\relevantknowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\program files\questbrwsearch\uninstall.exe (Adware.QuestBrowse) -> Quarantined and deleted successfully.
















hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:05 PM, on 4/9/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Connectify\Connectify.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.startsearcher.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: closespace - {dc39956d-10ae-498a-46cd-2c40d5234578} - C:\Windows\system32\j6E_UjBQ9-.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: GameBox Toolbar - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE097C-347A-4078-A3BB-147B62858966}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O18 - Protocol: gameboxchrome - {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9779 bytes
 
You were really infected with Mywebsearch and a few others.

How is the system running now? You really never did say what was actually going on with your system.

Please post an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it. Then copy and paste that log back here.
 
Laptop randomly crashes and it's really slow.

uninstall list:

µTorrent
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atlantica
Babylon toolbar
Belkin 54Mbps Wireless Network Adapter
Bonjour
CCleaner
Conduit Engine
Conexant HDA D110 MDC V.92 Modem
Connectify
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DivX Setup
Dogpile Bundle Toolbar
Face Theme
free-downloads.net Toolbar
GameBox Toolbar
Growl for Windows
HiJackThis
I8kfanGUI V3.1
iTunes
Java(TM) 6 Update 24
Junk Mail filter update
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
MediaBar
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2010
MotioninJoy ds3 driver version 0.6.0001
MSVCRT
Nexon Game Manager
Palringo
Pando Media Booster
Project64 1.6
QuickTime
SAMSUNG USB Driver for Mobile Phones
Search Toolbar
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Stumble Sites Add On
UltraISO Premium V9.36
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
 
Please uninstall the following programs via add/remove programs in control panel.

Ask Toolbar
Babylon toolbar
Dogpile Bundle Toolbar
free-downloads.net Toolbar
GameBox Toolbar
McAfee Security Scan Plus
MediaBar
Search Toolbar
uTorrentBar Toolbar

I also highly recommend uninstalling utorrent as p2p software is a high risk of getting you infected.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
computer runs smoother and faster




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:21:06 PM, on 4/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Connectify\Connectify.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: closespace - {dc39956d-10ae-498a-46cd-2c40d5234578} - C:\Windows\system32\j6E_UjBQ9-.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE097C-347A-4078-A3BB-147B62858966}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6209 bytes

ComboFix 11-04-09.01 - tv 04/10/2011 12:23:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.225 [GMT -4:00]
Running from: c:\users\tv\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\users\tv\AppData\Roaming\Local
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Gnomeo___Juliet_2011_TS_XViD_-_IMAGiNE_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\how.i.met.your.mother.615.hdtv-lol_ns.avi(2).ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\how.i.met.your.mother.615.hdtv-lol_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\how.i.met.your.mother.617.hdtv-lol_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\jersey.shore.s02e19.pdtv.xvid-fqm_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\jersey.shore.s02e20.ws.pdtv.xvid-fqm_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\jersey.shore.s02e21.pdtv.xvid-fqm_ns.avi(2).ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\jersey.shore.s02e21.pdtv.xvid-fqm_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\kourtney.kim.take.ny.s01e01.hdtv.xvid-shotv_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\MdrnFmly0123.HDTV.XviD-LOL_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\MdrnFmly0124.HDTV.XviD-LOL_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\modern.family.215.hdtv-lol_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Modern.Family.S01E11.HDTV.XviD-P0W4_ns.avi(2).ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Modern.Family.S01E11.HDTV.XviD-P0W4_ns.avi(3).ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Modern.Family.S01E11.HDTV.XviD-P0W4_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\modern.family.s01e12.hdtv.xvid-2hd_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\modern.family.s02e01.hdtv.xvid-fqm_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Gnomeo___Juliet_2011_TS_XViD_-_IMAGiNE_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\how.i.met.your.mother.615.hdtv-lol_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\how.i.met.your.mother.615.hdtv-lol_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\how.i.met.your.mother.617.hdtv-lol_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\jersey.shore.s02e19.pdtv.xvid-fqm_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\jersey.shore.s02e20.ws.pdtv.xvid-fqm_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\jersey.shore.s02e21.pdtv.xvid-fqm_ns.avi(2).ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\jersey.shore.s02e21.pdtv.xvid-fqm_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kourtney.kim.take.ny.s01e01.hdtv.xvid-shotv_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\MdrnFmly0123.HDTV.XviD-LOL_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\MdrnFmly0124.HDTV.XviD-LOL_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\modern.family.215.hdtv-lol_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Modern.Family.S01E11.HDTV.XviD-P0W4_ns(2).avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Modern.Family.S01E11.HDTV.XviD-P0W4_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Modern.Family.S01E11.HDTV.XviD-P0W4_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\modern.family.s01e12.hdtv.xvid-2hd_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\modern.family.s02e01.hdtv.xvid-fqm_ns.avi
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\wipeout.us.s04e05.hdtv.xvid-bajskorv_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\www.DirectLinkSpot.com_jersey.shore.s02e20.ws.pdtv.xvid-fqm_ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\You_Again__2010__ns.avi.ddp
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\wipeout.us.s04e05.hdtv.xvid-bajskorv_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\www.DirectLinkSpot.com_jersey.shore.s02e20.ws.pdtv.xvid-fqm_ns.avi.ddr
c:\users\tv\AppData\Roaming\Local\Temp\DDM\Settings\You_Again__2010__ns.avi.ddr
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 16:16 . 2011-04-10 16:19 -------- d-----w- C:\32788R22FWJFW
2011-04-10 03:37 . 2011-04-10 03:37 -------- d-----w- c:\users\tv\AppData\Roaming\Malwarebytes
2011-04-10 03:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 03:36 . 2011-04-10 03:36 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 03:36 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 03:36 . 2011-04-10 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 18:31 . 2011-04-09 18:31 388096 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-09 18:31 . 2011-04-09 18:31 -------- d-----w- c:\program files\Trend Micro
2011-04-09 01:12 . 2005-03-10 00:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-04-09 01:12 . 2005-03-10 00:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-04-09 01:12 . 2011-04-09 01:12 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-04-09 01:12 . 2005-03-10 00:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-04-09 01:12 . 2005-03-10 00:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-04-09 00:55 . 2011-04-09 00:55 -------- d-----w- c:\users\tv\AppData\Roaming\MotioninJoy
2011-04-09 00:55 . 2010-08-19 23:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2011-04-09 00:55 . 2011-04-09 00:55 -------- d-----w- c:\program files\MotioninJoy
2011-04-09 00:37 . 2011-04-09 00:37 -------- d-----w- c:\programdata\Nexon
2011-04-08 22:59 . 2011-04-08 22:59 -------- d-----w- C:\Nexon
2011-04-08 22:15 . 2011-04-09 00:37 -------- d-----w- c:\users\tv\AppData\Local\PMB Files
2011-04-08 22:15 . 2011-04-08 22:15 -------- d-----w- c:\programdata\PMB Files
2011-04-08 22:15 . 2011-04-08 22:15 -------- d-----w- c:\program files\Pando Networks
2011-03-25 02:52 . 2011-03-25 02:52 -------- d-----w- c:\windows\system32\EventProviders
2011-03-17 17:47 . 2011-03-17 17:47 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-03-12 06:13 . 2011-03-12 06:13 -------- d-----w- c:\program files\iPod
2011-03-12 06:13 . 2011-03-12 06:15 -------- d-----w- c:\program files\iTunes
2011-03-12 01:26 . 2011-03-12 01:26 -------- d-----w- C:\d99ca4276d4c1d19dec3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 17:35 . 2011-01-29 01:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-16 01:25 . 2011-01-29 00:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-15 18:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 02:07 . 2011-03-08 02:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-04 00:06 . 2011-03-04 00:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-02-20 14:49 . 2011-02-20 14:49 127234 ----a-w- c:\windows\system32\--5cYC__4eGSYb.exe
2011-02-19 05:33 . 2011-03-10 01:09 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-10 01:09 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-10 01:09 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 19:24 . 2011-02-11 19:24 2128384 ----a-w- c:\windows\system32\j6E_UjBQ9-.dll
2011-02-05 16:13 . 2011-02-05 16:15 464384 ----a-w- c:\windows\system32\drivers\netr73.sys
2011-02-03 05:45 . 2011-02-09 22:15 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-29 00:15 . 2011-01-29 00:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-22 04:01 . 2011-01-22 04:01 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-14 00:28 . 2011-01-14 00:28 40960 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-01-14 00:28 . 2011-01-14 00:28 40960 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-01-13 09:41 . 2011-01-21 22:02 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF0024D5-367F-41EA-8BFE-33B3BBAF25F9}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc39956d-10ae-498a-46cd-2c40d5234578}]
2011-02-11 19:24 2128384 ----a-w- c:\windows\System32\j6E_UjBQ9-.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-14 136176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2011-03-09 1532992]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 bjamcbtl;bjamcbtl;c:\windows\system32\drivers\bjamcbtl.sys [x]
R1 eupfqntd;eupfqntd;c:\windows\system32\drivers\eupfqntd.sys [x]
R1 MpKsl01d1a9de;MpKsl01d1a9de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94CAA0C9-8B44-4B5D-A9DC-28738CB4A648}\MpKsl01d1a9de.sys [x]
R1 MpKsl126ab8a9;MpKsl126ab8a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C496770-91AB-4105-BDBB-0D397428F028}\MpKsl126ab8a9.sys [x]
R1 MpKsl145c692d;MpKsl145c692d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E2FE453-F776-4A93-8F9A-6CBF2B3DDC98}\MpKsl145c692d.sys [x]
R1 MpKsl1afd5efa;MpKsl1afd5efa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9ADAA5-5251-45A5-9434-B3CC2EFBB170}\MpKsl1afd5efa.sys [x]
R1 MpKsl1d5ab709;MpKsl1d5ab709;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKsl1d5ab709.sys [x]
R1 MpKsl1d999b3f;MpKsl1d999b3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKsl1d999b3f.sys [x]
R1 MpKsl27f2145e;MpKsl27f2145e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl27f2145e.sys [x]
R1 MpKsl29fa9d72;MpKsl29fa9d72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl29fa9d72.sys [x]
R1 MpKsl2a038f42;MpKsl2a038f42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79E4EC0A-1A20-46C4-9FF7-27A4892EA93B}\MpKsl2a038f42.sys [x]
R1 MpKsl2e5c139f;MpKsl2e5c139f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CDA97C7-4C7F-442F-93CC-2419492D0E71}\MpKsl2e5c139f.sys [x]
R1 MpKsl32496be9;MpKsl32496be9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKsl32496be9.sys [x]
R1 MpKsl331b6ec1;MpKsl331b6ec1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A19C61-75AE-4F8E-940D-B630F376CC80}\MpKsl331b6ec1.sys [x]
R1 MpKsl3e3bffe5;MpKsl3e3bffe5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EA4E484-40AE-4457-A9F4-22C61238BEDE}\MpKsl3e3bffe5.sys [x]
R1 MpKsl42a8a462;MpKsl42a8a462;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl42a8a462.sys [x]
R1 MpKsl4392a1df;MpKsl4392a1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKsl4392a1df.sys [x]
R1 MpKsl43ba5bdd;MpKsl43ba5bdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl43ba5bdd.sys [x]
R1 MpKsl45572503;MpKsl45572503;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl45572503.sys [x]
R1 MpKsl45abb76d;MpKsl45abb76d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl45abb76d.sys [x]
R1 MpKsl546c76ec;MpKsl546c76ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl546c76ec.sys [x]
R1 MpKsl5ba5e844;MpKsl5ba5e844;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{824E3B18-5D5C-4EB6-8E1A-F53B21DCD672}\MpKsl5ba5e844.sys [x]
R1 MpKsl61986f8e;MpKsl61986f8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsl61986f8e.sys [x]
R1 MpKsl647deed2;MpKsl647deed2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsl647deed2.sys [x]
R1 MpKsl66cc9a5e;MpKsl66cc9a5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9ADAA5-5251-45A5-9434-B3CC2EFBB170}\MpKsl66cc9a5e.sys [x]
R1 MpKsl684f1da6;MpKsl684f1da6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBB558E-578A-44F4-AB6F-0690F1499BDF}\MpKsl684f1da6.sys [x]
R1 MpKsl71e1a6d4;MpKsl71e1a6d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl71e1a6d4.sys [x]
R1 MpKsl754d769a;MpKsl754d769a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl754d769a.sys [x]
R1 MpKsl796a6e04;MpKsl796a6e04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKsl796a6e04.sys [x]
R1 MpKsl7fd12526;MpKsl7fd12526;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7A8A21-75A8-4A37-A4BA-6990F8F919D4}\MpKsl7fd12526.sys [x]
R1 MpKsl82ef18f9;MpKsl82ef18f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsl82ef18f9.sys [x]
R1 MpKsl87e90851;MpKsl87e90851;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl87e90851.sys [x]
R1 MpKsl89329a0d;MpKsl89329a0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl89329a0d.sys [x]
R1 MpKsl8e3f47f5;MpKsl8e3f47f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A2CA0E-1D87-4911-953B-BB011DBABB7D}\MpKsl8e3f47f5.sys [x]
R1 MpKsl913a38c3;MpKsl913a38c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsl913a38c3.sys [x]
R1 MpKsl93085c6b;MpKsl93085c6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl93085c6b.sys [x]
R1 MpKsl9449ab88;MpKsl9449ab88;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675C8B66-D2C4-42B5-91CB-F8BDFD95C5AE}\MpKsl9449ab88.sys [x]
R1 MpKsl9b126b6f;MpKsl9b126b6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKsl9b126b6f.sys [x]
R1 MpKsl9e114610;MpKsl9e114610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKsl9e114610.sys [x]
R1 MpKsla0f92690;MpKsla0f92690;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKsla0f92690.sys [x]
R1 MpKslaa8dc6da;MpKslaa8dc6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKslaa8dc6da.sys [x]
R1 MpKslace57f73;MpKslace57f73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCAE8B1D-A246-4EA0-A4D8-AD7A03C8F77B}\MpKslace57f73.sys [x]
R1 MpKslaf1f51fa;MpKslaf1f51fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKslaf1f51fa.sys [x]
R1 MpKslaf8ddcb5;MpKslaf8ddcb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBB558E-578A-44F4-AB6F-0690F1499BDF}\MpKslaf8ddcb5.sys [x]
R1 MpKslba55561c;MpKslba55561c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{960F5673-D0DF-4AC5-979C-4A2A40F105F9}\MpKslba55561c.sys [x]
R1 MpKslbf490d1a;MpKslbf490d1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33067F-32BC-47B8-BD36-61FE54C4FB6A}\MpKslbf490d1a.sys [x]
R1 MpKslc439a076;MpKslc439a076;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKslc439a076.sys [x]
R1 MpKslc4cbccdd;MpKslc4cbccdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7A8A21-75A8-4A37-A4BA-6990F8F919D4}\MpKslc4cbccdd.sys [x]
R1 MpKslcc9781b8;MpKslcc9781b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19352E89-92CD-4544-A755-7069161BA370}\MpKslcc9781b8.sys [x]
R1 MpKslcd0e9fa9;MpKslcd0e9fa9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{710092F0-19F7-4689-819B-6D4887DA427E}\MpKslcd0e9fa9.sys [x]
R1 MpKsld89e8d22;MpKsld89e8d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBEB6F16-2B68-426A-B635-5DDA8B003B14}\MpKsld89e8d22.sys [x]
R1 MpKsldeb476f4;MpKsldeb476f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33067F-32BC-47B8-BD36-61FE54C4FB6A}\MpKsldeb476f4.sys [x]
R1 MpKsle06709e2;MpKsle06709e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsle06709e2.sys [x]
R1 MpKsle166d5d6;MpKsle166d5d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsle166d5d6.sys [x]
R1 MpKslea50dfe9;MpKslea50dfe9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6825ADE8-DB74-47DE-9B20-4879B8EBA08C}\MpKslea50dfe9.sys [x]
R1 MpKslebf246d4;MpKslebf246d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKslebf246d4.sys [x]
R1 MpKsleddb132d;MpKsleddb132d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsleddb132d.sys [x]
R1 MpKslf3dd2099;MpKslf3dd2099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKslf3dd2099.sys [x]
R1 MpKslf54f31e6;MpKslf54f31e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKslf54f31e6.sys [x]
R1 MpKslf6a51161;MpKslf6a51161;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKslf6a51161.sys [x]
R1 MpKslf854970e;MpKslf854970e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKslf854970e.sys [x]
R1 MpKslfb66b737;MpKslfb66b737;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0509BFE3-E6EB-4215-AA77-D5203BDBCE50}\MpKslfb66b737.sys [x]
R1 MpKslfff24c42;MpKslfff24c42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A19C61-75AE-4F8E-940D-B630F376CC80}\MpKslfff24c42.sys [x]
R1 MpKslfff6de68;MpKslfff6de68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675C8B66-D2C4-42B5-91CB-F8BDFD95C5AE}\MpKslfff6de68.sys [x]
R1 mrjzfvdq;mrjzfvdq;c:\windows\system32\drivers\mrjzfvdq.sys [x]
R1 tjehazij;tjehazij;c:\windows\system32\drivers\tjehazij.sys [x]
R1 xarcyefv;xarcyefv;c:\windows\system32\drivers\xarcyefv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 30312]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2011-02-05 464384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 121576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-22 436792]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2701373313-3249781711-3257853738-1000Core.job
- c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 14:36]
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2701373313-3249781711-3257853738-1000UA.job
- c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 14:36]
.
2011-01-23 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: {2D717395-6237-4E63-BB75-C874B23C5C45} = 192.168.2.1
TCP: {C2CE097C-347A-4078-A3BB-147B62858966} = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,71,78,85,72,57,97,d5,b5,0c,60,87,d7,1a,14,4b,4f,23,cb,4c,db,
83,42,f1,cb,1a,ba,a5,3e,4b,8c,29,48,05,d9,f1,ab,e0,9c,62,74,ec,48,c6,26,b8,\
"rkeysecu"=hex:29,8e,62,8d,0d,ba,9b,ec,0f,97,9a,6f,45,f3,c3,7a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\sppsvc.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-04-10 14:08:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 18:08
.
Pre-Run: 144,142,811,136 bytes free
Post-Run: 144,354,340,864 bytes free
.
- - End Of File - - 55FFC75295BB13B4F2A070E0FA2BB71D
 
Please move combofix to your desktop so you can perform the following procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Killall::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dc39956d-10ae-498a-46cd-2c40d5234578}]
2011-02-11 19:24 2128384 ----a-w- c:\windows\System32\j6E_UjBQ9-.dll

Driver::
bjamcbtl
eupfqntd
mrjzfvdq
xarcyefv
tjehazij

Service::
bjamcbtl
eupfqntd
mrjzfvdq
xarcyefv
tjehazij

File::
c:\windows\system32\drivers\mrjz fvdq.sys 
c:\windows\system32\drivers\tjeh azij.sys 
c:\windows\system32\drivers\xarc yefv.sys 
c:\windows\system32\drivers\bjam cbtl.sys 
c:\windows\system32\drivers\eupf qntd.sys

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Please post a fresh hijackthis log after running the combofix script.
 
ComboFix 11-04-11.01 - tv 04/11/2011 12:55:32.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.435 [GMT -4:00]
Running from: c:\users\tv\Downloads\ComboFix.exe
Command switches used :: c:\users\tv\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\bjam cbtl.sys"
"c:\windows\system32\drivers\eupf qntd.sys"
"c:\windows\system32\drivers\mrjz fvdq.sys"
"c:\windows\system32\drivers\tjeh azij.sys"
"c:\windows\system32\drivers\xarc yefv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bjamcbtl
-------\Service_eupfqntd
-------\Service_mrjzfvdq
-------\Service_tjehazij
-------\Service_xarcyefv
.
.
((((((((((((((((((((((((( Files Created from 2011-03-11 to 2011-04-11 )))))))))))))))))))))))))))))))
.
.
2011-04-11 17:05 . 2011-04-11 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 16:26 . 2011-03-23 14:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA06AFED-5361-4DB7-BA2D-050B51ECD63D}\mpengine.dll
2011-04-11 00:03 . 2011-04-11 00:05 -------- d-----w- C:\devkitpro
2011-04-11 00:00 . 2011-04-11 00:00 -------- d-----w- C:\ubuntu
2011-04-10 03:37 . 2011-04-10 03:37 -------- d-----w- c:\users\tv\AppData\Roaming\Malwarebytes
2011-04-10 03:36 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 03:36 . 2011-04-10 03:36 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 03:36 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 03:36 . 2011-04-10 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 18:31 . 2011-04-09 18:31 388096 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-09 18:31 . 2011-04-09 18:31 -------- d-----w- c:\program files\Trend Micro
2011-04-09 01:12 . 2005-03-10 00:50 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2011-04-09 01:12 . 2005-03-10 00:50 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2011-04-09 01:12 . 2011-04-09 01:12 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2011-04-09 01:12 . 2005-03-10 00:50 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-04-09 01:12 . 2005-03-10 00:50 46592 ----a-w- c:\windows\system32\libusb0.dll
2011-04-09 00:55 . 2011-04-09 00:55 -------- d-----w- c:\users\tv\AppData\Roaming\MotioninJoy
2011-04-09 00:55 . 2010-08-19 23:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2011-04-09 00:55 . 2011-04-09 00:55 -------- d-----w- c:\program files\MotioninJoy
2011-04-09 00:37 . 2011-04-09 00:37 -------- d-----w- c:\programdata\Nexon
2011-04-08 22:59 . 2011-04-08 22:59 -------- d-----w- C:\Nexon
2011-04-08 22:15 . 2011-04-09 00:37 -------- d-----w- c:\users\tv\AppData\Local\PMB Files
2011-04-08 22:15 . 2011-04-08 22:15 -------- d-----w- c:\programdata\PMB Files
2011-04-08 22:15 . 2011-04-08 22:15 -------- d-----w- c:\program files\Pando Networks
2011-03-25 02:52 . 2011-03-25 02:52 -------- d-----w- c:\windows\system32\EventProviders
2011-03-17 17:47 . 2011-03-17 17:47 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 17:35 . 2011-01-29 01:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-16 01:25 . 2011-01-29 00:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-15 18:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 02:07 . 2011-03-08 02:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-04 00:06 . 2011-03-04 00:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-02-20 14:49 . 2011-02-20 14:49 127234 ----a-w- c:\windows\system32\--5cYC__4eGSYb.exe
2011-02-19 05:33 . 2011-03-10 01:09 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-10 01:09 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-10 01:09 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 19:24 . 2011-02-11 19:24 2128384 ----a-w- c:\windows\system32\j6E_UjBQ9-.dll
2011-02-05 16:13 . 2011-02-05 16:15 464384 ----a-w- c:\windows\system32\drivers\netr73.sys
2011-02-03 05:45 . 2011-02-09 22:15 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 22:11 . 2011-01-14 00:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 00:15 . 2011-01-29 00:15 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-22 04:01 . 2011-01-22 04:01 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-14 00:28 . 2011-01-14 00:28 40960 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-01-14 00:28 . 2011-01-14 00:28 40960 ----a-r- c:\users\tv\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Google Update"="c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-14 136176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2011-03-09 1532992]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 MpKsl01d1a9de;MpKsl01d1a9de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94CAA0C9-8B44-4B5D-A9DC-28738CB4A648}\MpKsl01d1a9de.sys [x]
R1 MpKsl126ab8a9;MpKsl126ab8a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C496770-91AB-4105-BDBB-0D397428F028}\MpKsl126ab8a9.sys [x]
R1 MpKsl145c692d;MpKsl145c692d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E2FE453-F776-4A93-8F9A-6CBF2B3DDC98}\MpKsl145c692d.sys [x]
R1 MpKsl1afd5efa;MpKsl1afd5efa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9ADAA5-5251-45A5-9434-B3CC2EFBB170}\MpKsl1afd5efa.sys [x]
R1 MpKsl1d5ab709;MpKsl1d5ab709;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKsl1d5ab709.sys [x]
R1 MpKsl1d999b3f;MpKsl1d999b3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKsl1d999b3f.sys [x]
R1 MpKsl27f2145e;MpKsl27f2145e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl27f2145e.sys [x]
R1 MpKsl29fa9d72;MpKsl29fa9d72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl29fa9d72.sys [x]
R1 MpKsl2a038f42;MpKsl2a038f42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79E4EC0A-1A20-46C4-9FF7-27A4892EA93B}\MpKsl2a038f42.sys [x]
R1 MpKsl2e5c139f;MpKsl2e5c139f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CDA97C7-4C7F-442F-93CC-2419492D0E71}\MpKsl2e5c139f.sys [x]
R1 MpKsl32496be9;MpKsl32496be9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKsl32496be9.sys [x]
R1 MpKsl331b6ec1;MpKsl331b6ec1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A19C61-75AE-4F8E-940D-B630F376CC80}\MpKsl331b6ec1.sys [x]
R1 MpKsl3e3bffe5;MpKsl3e3bffe5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EA4E484-40AE-4457-A9F4-22C61238BEDE}\MpKsl3e3bffe5.sys [x]
R1 MpKsl42a8a462;MpKsl42a8a462;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl42a8a462.sys [x]
R1 MpKsl4392a1df;MpKsl4392a1df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKsl4392a1df.sys [x]
R1 MpKsl43ba5bdd;MpKsl43ba5bdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl43ba5bdd.sys [x]
R1 MpKsl45572503;MpKsl45572503;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl45572503.sys [x]
R1 MpKsl45abb76d;MpKsl45abb76d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl45abb76d.sys [x]
R1 MpKsl546c76ec;MpKsl546c76ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl546c76ec.sys [x]
R1 MpKsl5ba5e844;MpKsl5ba5e844;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{824E3B18-5D5C-4EB6-8E1A-F53B21DCD672}\MpKsl5ba5e844.sys [x]
R1 MpKsl61986f8e;MpKsl61986f8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsl61986f8e.sys [x]
R1 MpKsl647deed2;MpKsl647deed2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsl647deed2.sys [x]
R1 MpKsl66cc9a5e;MpKsl66cc9a5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C9ADAA5-5251-45A5-9434-B3CC2EFBB170}\MpKsl66cc9a5e.sys [x]
R1 MpKsl684f1da6;MpKsl684f1da6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBB558E-578A-44F4-AB6F-0690F1499BDF}\MpKsl684f1da6.sys [x]
R1 MpKsl71e1a6d4;MpKsl71e1a6d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl71e1a6d4.sys [x]
R1 MpKsl754d769a;MpKsl754d769a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl754d769a.sys [x]
R1 MpKsl796a6e04;MpKsl796a6e04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKsl796a6e04.sys [x]
R1 MpKsl7fd12526;MpKsl7fd12526;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7A8A21-75A8-4A37-A4BA-6990F8F919D4}\MpKsl7fd12526.sys [x]
R1 MpKsl82ef18f9;MpKsl82ef18f9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsl82ef18f9.sys [x]
R1 MpKsl87e90851;MpKsl87e90851;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF842A-E249-4A58-A702-472398DEC9F5}\MpKsl87e90851.sys [x]
R1 MpKsl89329a0d;MpKsl89329a0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{127E3044-F587-4EB6-B590-7A3BCB9D828A}\MpKsl89329a0d.sys [x]
R1 MpKsl8e3f47f5;MpKsl8e3f47f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A2CA0E-1D87-4911-953B-BB011DBABB7D}\MpKsl8e3f47f5.sys [x]
R1 MpKsl913a38c3;MpKsl913a38c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsl913a38c3.sys [x]
R1 MpKsl93085c6b;MpKsl93085c6b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118C02F0-5FFB-4281-8B8E-389A2C3EC297}\MpKsl93085c6b.sys [x]
R1 MpKsl9449ab88;MpKsl9449ab88;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675C8B66-D2C4-42B5-91CB-F8BDFD95C5AE}\MpKsl9449ab88.sys [x]
R1 MpKsl9b126b6f;MpKsl9b126b6f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKsl9b126b6f.sys [x]
R1 MpKsl9e114610;MpKsl9e114610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKsl9e114610.sys [x]
R1 MpKsla0f92690;MpKsla0f92690;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKsla0f92690.sys [x]
R1 MpKslaa8dc6da;MpKslaa8dc6da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKslaa8dc6da.sys [x]
R1 MpKslace57f73;MpKslace57f73;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCAE8B1D-A246-4EA0-A4D8-AD7A03C8F77B}\MpKslace57f73.sys [x]
R1 MpKslaf1f51fa;MpKslaf1f51fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKslaf1f51fa.sys [x]
R1 MpKslaf8ddcb5;MpKslaf8ddcb5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BBB558E-578A-44F4-AB6F-0690F1499BDF}\MpKslaf8ddcb5.sys [x]
R1 MpKslba55561c;MpKslba55561c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{960F5673-D0DF-4AC5-979C-4A2A40F105F9}\MpKslba55561c.sys [x]
R1 MpKslbf490d1a;MpKslbf490d1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33067F-32BC-47B8-BD36-61FE54C4FB6A}\MpKslbf490d1a.sys [x]
R1 MpKslc439a076;MpKslc439a076;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51326F72-84AF-4F94-96D2-61C3ADFAFE04}\MpKslc439a076.sys [x]
R1 MpKslc4cbccdd;MpKslc4cbccdd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7A8A21-75A8-4A37-A4BA-6990F8F919D4}\MpKslc4cbccdd.sys [x]
R1 MpKslcc9781b8;MpKslcc9781b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19352E89-92CD-4544-A755-7069161BA370}\MpKslcc9781b8.sys [x]
R1 MpKslcd0e9fa9;MpKslcd0e9fa9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{710092F0-19F7-4689-819B-6D4887DA427E}\MpKslcd0e9fa9.sys [x]
R1 MpKsld89e8d22;MpKsld89e8d22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBEB6F16-2B68-426A-B635-5DDA8B003B14}\MpKsld89e8d22.sys [x]
R1 MpKsldeb476f4;MpKsldeb476f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33067F-32BC-47B8-BD36-61FE54C4FB6A}\MpKsldeb476f4.sys [x]
R1 MpKsle06709e2;MpKsle06709e2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsle06709e2.sys [x]
R1 MpKsle166d5d6;MpKsle166d5d6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30CBB4CA-CE69-44C4-BFC8-83E37F6CBF0A}\MpKsle166d5d6.sys [x]
R1 MpKslea50dfe9;MpKslea50dfe9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6825ADE8-DB74-47DE-9B20-4879B8EBA08C}\MpKslea50dfe9.sys [x]
R1 MpKslebf246d4;MpKslebf246d4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKslebf246d4.sys [x]
R1 MpKsleddb132d;MpKsleddb132d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{324B0E96-8217-47F9-8379-4F9D1F72D42F}\MpKsleddb132d.sys [x]
R1 MpKslf3dd2099;MpKslf3dd2099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKslf3dd2099.sys [x]
R1 MpKslf54f31e6;MpKslf54f31e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67455749-DAAA-45C7-9032-5F8BB56A46CF}\MpKslf54f31e6.sys [x]
R1 MpKslf6a51161;MpKslf6a51161;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E78045D9-48F4-45BF-A66A-4FF78369BBCE}\MpKslf6a51161.sys [x]
R1 MpKslf854970e;MpKslf854970e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23A8CE33-1AD2-49BC-A6A2-0E76F4E00678}\MpKslf854970e.sys [x]
R1 MpKslfb66b737;MpKslfb66b737;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0509BFE3-E6EB-4215-AA77-D5203BDBCE50}\MpKslfb66b737.sys [x]
R1 MpKslfff24c42;MpKslfff24c42;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A19C61-75AE-4F8E-940D-B630F376CC80}\MpKslfff24c42.sys [x]
R1 MpKslfff6de68;MpKslfff6de68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675C8B66-D2C4-42B5-91CB-F8BDFD95C5AE}\MpKslfff6de68.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 30312]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2011-02-05 464384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-05-25 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-05-25 121576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-14 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-22 436792]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-10 18944]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2701373313-3249781711-3257853738-1000Core.job
- c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 14:36]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2701373313-3249781711-3257853738-1000UA.job
- c:\users\tv\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 14:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: {2D717395-6237-4E63-BB75-C874B23C5C45} = 192.168.2.1
TCP: {C2CE097C-347A-4078-A3BB-147B62858966} = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2701373313-3249781711-3257853738-1000\Software\SecuROM\License information*]
"datasecu"=hex:d7,71,78,85,72,57,97,d5,b5,0c,60,87,d7,1a,14,4b,4f,23,cb,4c,db,
83,42,f1,cb,1a,ba,a5,3e,4b,8c,29,48,05,d9,f1,ab,e0,9c,62,74,ec,48,c6,26,b8,\
"rkeysecu"=hex:29,8e,62,8d,0d,ba,9b,ec,0f,97,9a,6f,45,f3,c3,7a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-04-11 13:11:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-11 17:11
ComboFix2.txt 2011-04-10 18:08
.
Pre-Run: 139,198,529,536 bytes free
Post-Run: 138,808,823,808 bytes free
.
- - End Of File - - D18E43646455B72F948B6C8EBE1DCA90
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:32 PM, on 4/11/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Connectify\Connectify.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.startsearcher.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\tv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CE097C-347A-4078-A3BB-147B62858966}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2D717395-6237-4E63-BB75-C874B23C5C45}: NameServer = 192.168.2.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\Connectifyd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5817 bytes
 
Rerun hijackthis and place checks next to the following entries.

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\tv\AppData\Local\Google\Update\GoogleUpd ate.exe" /c

Then click on fix checked at the bottom.

You are not running any active antivirus/malware software so I highly recommend downloading either AVAST or Microsoft Security Essentials.

You may now uninstall combofix by clicking on start and type in the search box.

combofix /uninstall and hit enter. This will remove combofix and remove its affiliated files and folders and other things.
 
You must log in or register to reply here.
Back
Top