1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Computer Online Scan and AV8 pop ups virus

Discussion in 'Virus & Other Malware Removal' started by nmarlow, Sep 23, 2010.

Thread Status:
Not open for further replies.
  1. nmarlow

    nmarlow Thread Starter

    Joined:
    Sep 23, 2010
    Messages:
    2
    I have an ASUS K50ij-rx05 running Windows 7 64-bit. I recently started getting pop ups on my computer including My Computer Online Scan and AV8 Scan. I know these are a part of mulitple viruses, but I am not sure how to get rid of them. I have tried running Malwarebytes and Kaspersky, and they find viruses and things, but they just come back after I remove them. I have run them in safe mode as well and nothing has changed. I ran all the programs you requested and I am pasting and attaching the log files. Any help removing these will be greatly appreciated.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:41:47 AM, on 9/23/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\setup_9.0.0.722_22.09.2010_14-25[1].exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\andy128.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXULWAOU\HijackThis[1].exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.verizon.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {ea6905c1-afe7-44a8-b5cf-5a41c3fdf685} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Updater For My.Freeze.com Toolbar - {C26CD490-5F01-41E3-B150-EB29F19DA056} - (no file)
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [xuri49tkd] C:\Windows\andy128.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.cartoonnetwork.com/games/cc/trickortreatbeat/index.html"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    O4 - Startup: setup_9.0.0.722_22.09.2010_14-25[1].lnk = C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\startup.exe
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.oma11pwww05
    O15 - Trusted Zone: *.prod.westworlds.com
    O15 - Trusted Zone: *.west.com
    O15 - Trusted Zone: *.westathome.com
    O15 - Trusted Zone: *.westathome.net
    O15 - Trusted Zone: *.workathomeagent.net
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 11775 bytes



    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Brian at 9:45:04.00 on Thu 09/23/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1326 [GMT -4:00]

    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxducoms.exe
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Windows\SysWOW64\svchost.exe -k ssed
    C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\AbtSvcHost_.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Users\Brian\Desktop\Virus Removal Tool\setup_9.0.0.722_22.09.2010_14-25[1]\setup_9.0.0.722_22.09.2010_14-25[1].exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\andy128.exe
    C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HXULWAOU\dds[1].scr
    C:\Windows\system32\conhost.exe
    ============== Pseudo HJT Report ===============
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://home.verizon.yahoo.com/
    uSearch Bar = Preserve
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn4\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: {C26CD490-5F01-41E3-B150-EB29F19DA056} - No File
    BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn4\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    TB: {EA6905C1-AFE7-44A8-B5CF-5A41C3FDF685} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
    uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.5; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2; MS-RTC LM 8; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)" -"http://www.cartoonnetwork.com/games/cc/trickortreatbeat/index.html"
    mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
    mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r
    mRun: [P2Go_Menu] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
    mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
    mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
    mRun: [ADSMTray] c:\program files (x86)\asus\asus data security manager\ADSMTray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [ConnectionCenter] "c:\program files (x86)\citrix\ica client\concentr.exe" /startup
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRun: [xuri49tkd] c:\windows\andy128.exe
    StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\brian\desktop\virus removal tool\setup_9.0.0.722_22.09.2010_14-25[1]\startup.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{f0df4513-3c4c-4eb8-8012-2c5f70af3988}\_A1DDD39913A1970387B7B3.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: oma11pwww05
    Trusted Zone: prod.westworlds.com
    Trusted Zone: west.com
    Trusted Zone: westathome.com
    Trusted Zone: westathome.net
    Trusted Zone: workathomeagent.net
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    TB-X64: {EA6905C1-AFE7-44A8-B5CF-5A41C3FDF685} - No File
    mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe
    mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
    mRun-x64: [lxdumon.exe] "c:\program files (x86)\lexmark 5600-6600 series\lxdumon.exe"
    mRun-x64: [EzPrint] "c:\program files (x86)\lexmark 5600-6600 series\ezprint.exe"
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\cpyq0vv3.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm035YYUS&fl=0&ptb=g0tBgV5ChXww7q6uEjGQKA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c6d8&searchfor=
    FF - plugin: c:\program files (x86)\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files (x86)\virtools\3d life player\npvirtools.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\brian\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\brian\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    ============= SERVICES / DRIVERS ===============
    R?2 ssed;ssed;c:\windows\system32\svchost.exe -k ssed [2009-7-13 27136]
    R0 70987732;70987732 Boot Guard Driver;c:\windows\system32\drivers\70987732.sys [2010-9-22 40464]
    R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-7-21 15928]
    R1 70987731;70987731;c:\windows\system32\drivers\70987731.sys [2010-9-22 157712]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 87600]
    R1 setup_9.0.0.722_22.09.2010_14-25[1]drv;setup_9.0.0.722_22.09.2010_14-25[1]drv;c:\windows\system32\drivers\7098773.sys [2010-9-22 352784]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AbtSvcHost;AbtSvcHost;c:\windows\syswow64\AbtSvcHost_.exe [2010-7-24 49584]
    R2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2009-7-21 14904]
    R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
    R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-3-18 172328]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-11-23 140800]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-23 1222144]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
    S1 sed;sed;c:\windows\syswow64\drivers\sed.sys [2010-9-22 33792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-9-18 133104]
    S2 NapAgMan;Network Access Protection Manager;c:\windows\system32\napaserv.exe --> c:\windows\system32\napaserv.exe [?]
    S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-8-21 44032]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1255736]
    =============== Created Last 30 ================
    2010-09-23 09:11:34 1136 --sha-w- c:\windows\setup_9.0.0.722_22.09.2010_14-25[1]drv.spi
    2010-09-23 08:47:31 34976 ----a-w- c:\windows\fs1235.dat
    2010-09-23 08:44:13 29 ----a-w- c:\windows\bk20856.dat
    2010-09-22 21:28:35 0 d-----w- c:\program files (x86)\Trend Micro
    2010-09-22 17:41:34 59392 ----a-w- c:\windows\syswow64\sed.dll
    2010-09-22 12:51:19 1 ---h--w- c:\windows\bk23567.dat
    2010-09-22 12:51:19 1 ----a-w- c:\windows\fdgg34353edfgdfdf
    2010-09-22 12:42:30 0 d-----w- c:\programdata\Kaspersky Lab
    2010-09-22 12:41:37 40464 ----a-w- c:\windows\system32\drivers\70987732.sys
    2010-09-22 12:41:37 352784 ----a-w- c:\windows\system32\drivers\7098773.sys
    2010-09-22 12:41:37 157712 ----a-w- c:\windows\system32\drivers\70987731.sys
    2010-09-22 08:45:00 172032 ---h--w- c:\windows\andy128.exe
    2010-09-17 11:18:56 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-09-15 18:24:34 558592 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-25 12:26:42 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-25 12:26:42 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
    ==================== Find3M ====================
    2010-09-23 12:18:40 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2010-09-23 09:23:18 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2010-09-23 08:38:19 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
    2010-09-22 20:52:26 17408 ----a-w- c:\windows\syswow64\rpcnetp.dll
    2010-09-22 20:52:11 17408 ----a-w- c:\windows\syswow64\rpcnetp.exe
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-07-29 01:22:38 161304 ----a-w- c:\windows\system32\igfxtray.exe
    2010-07-29 01:22:36 508952 ----a-w- c:\windows\system32\igfxsrvc.exe
    2010-07-29 01:22:34 415256 ----a-w- c:\windows\system32\igfxpers.exe
    2010-07-29 01:22:32 386584 ----a-w- c:\windows\system32\hkcmd.exe
    2010-07-29 01:22:32 223768 ----a-w- c:\windows\system32\igfxext.exe
    2010-07-29 01:22:30 3156504 ----a-w- c:\windows\system32\GfxUI.exe
    2010-07-29 01:22:28 152600 ----a-w- c:\windows\system32\difx64.exe
    2010-07-29 01:18:58 92672 ----a-w- c:\windows\system32\igfxCoIn_v2189.dll
    2010-07-29 01:10:42 10610400 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
    2010-07-29 01:10:36 6547968 ----a-w- c:\windows\system32\igdumd64.dll
    2010-07-29 01:02:54 4967424 ----a-w- c:\windows\syswow64\igdumd32.dll
    2010-07-29 00:58:10 571904 ----a-w- c:\windows\syswow64\igdumdx32.dll
    2010-07-29 00:55:00 4720128 ----a-w- c:\windows\system32\igd10umd64.dll
    2010-07-29 00:47:56 4411904 ----a-w- c:\windows\syswow64\igd10umd32.dll
    2010-07-29 00:41:12 15035392 ----a-w- c:\windows\system32\ig4icd64.dll
    2010-07-29 00:32:14 11042304 ----a-w- c:\windows\syswow64\ig4icd32.dll
    2010-07-29 00:27:34 380416 ----a-w- c:\windows\system32\igfxTMM.dll
    2010-07-29 00:27:26 27648 ----a-w- c:\windows\system32\igfxexps.dll
    2010-07-29 00:27:26 243200 ----a-w- c:\windows\system32\igfxpph.dll
    2010-07-29 00:27:02 61952 ----a-w- c:\windows\system32\igfxsrvc.dll
    2010-07-29 00:26:30 108032 ----a-w- c:\windows\system32\hccutils.dll
    2010-07-29 00:26:20 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2010-07-29 00:26:20 271360 ----a-w- c:\windows\system32\igfxdev.dll
    2010-07-29 00:26:20 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
    2010-07-29 00:25:44 830464 ----a-w- c:\windows\system32\igfxress.dll
    2010-07-29 00:25:44 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2010-07-29 00:22:00 23552 ----a-w- c:\windows\syswow64\igfxexps32.dll
    2010-07-29 00:20:54 228864 ----a-w- c:\windows\syswow64\igfxdv32.dll
    2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
    2010-07-25 22:12:25 29184 ----a-w- c:\windows\syswow64\CtLoJack.dll
    2010-07-20 23:06:00 507904 ----a-r- c:\windows\syswow64\btwapi.dll
    2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-07-12 16:52:12 49584 ----a-w- c:\windows\syswow64\AbtSvcHost_.exe
    2010-07-12 16:52:12 49584 ----a-w- c:\windows\syswow64\AbtSvcHost.exe
    2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-04-08 15:31:56 106496 ----a-w- c:\program files (x86)\common files\CPInstallAction.dll
    2008-08-12 02:45:20 155648 ----a-w- c:\program files (x86)\common files\MSIactionall.dll
    2008-05-22 13:35:54 51962 ----a-w- c:\program files (x86)\common files\banner.jpg
    2007-06-12 14:34:50 35822 ----a-w- c:\program files (x86)\common files\ASPG_icon.ico
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-06-12 22:03:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010061220100613\index.dat
    2010-06-19 11:06:45 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010061920100620\index.dat
    2010-06-21 01:54:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010062020100621\index.dat
    2010-02-07 00:13:42 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-04-14 14:19:48 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-04-14 14:19:48 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-04-14 14:19:48 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    ============= FINISH: 9:47:38.16 ===============


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-23 09:54:18
    Windows 6.1.7600
    Running: qyzhgl1m.exe

    ---- Files - GMER 1.0.15 ----
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc 0 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc\_avt 512 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Doc\_lit 512 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music 0 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music\_avt 512 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Music\_lit 512 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video 0 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video\_avt 512 bytes
    File C:\$WINDOWS.~Q\DATA\Users\Brian\Safe Video\_lit 512 bytes
    File C:\ADSM_PData_0150 0 bytes
    File C:\ADSM_PData_0150\DB 0 bytes
    File C:\ADSM_PData_0150\DB\SI.db 624 bytes
    File C:\ADSM_PData_0150\DB\UL.db 16 bytes
    File C:\ADSM_PData_0150\DB\VL.db 16 bytes
    File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
    File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
    File C:\ADSM_PData_0150\_avt 512 bytes
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. nmarlow

    nmarlow Thread Starter

    Joined:
    Sep 23, 2010
    Messages:
    2
    Not sure why other people who are posting after me are getting help, but I can't get help. Please help me with the horrible virus!!!
     
  3. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/951847

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice