1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Task Manager Closes Upon Starting

Discussion in 'Virus & Other Malware Removal' started by Smoge, Jan 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Smoge

    Smoge Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    4
    My computer was recently infected with one of the fake FBI alert virus, which I thought I had successfully removed. However, my task manager is still having problems. Immediately after opening, it will close.

    Hijackthis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:18:02 PM, on 1/16/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Companion\companionuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Troy Malsam\Desktop\HijackThis.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzeb049YYUS_ZJxdm128YYUS
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O15 - Trusted IP range: http://192.168.10.1
    O15 - ESC Trusted IP range: http://192.168.10.1
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} - http://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} (IBM Lotus iNotes 8.5 Control) - http://domino2.limacityschools.org/dwa85W.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 9365 bytes

    dds.txt

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
    Run by Troy Malsam at 19:18:15 on 2013-01-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1181 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Common Files\Steam\SteamService.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Live\Companion\companionuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Troy Malsam\Desktop\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
    uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
    uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
    uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
    mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
    uWindows: Load = c:\users\troyma~1\locals~1\temp\mspaifxx.pif
    mWinlogon: Userinit = c:\windows\system32\userinit.exe
    BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
    BHO: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files\couponalert_2p\bar\1.bin\2pSrcAs.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\18.7.2.3\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: SearchSettings Class: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\search settings\kb128\SearchSettings.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\18.7.2.3\coieplg.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    TB: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\dealio toolbar\DealioToolbarIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files\couponalert_2p\bar\1.bin\2pbar.dll
    TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCoup.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Google Update] "c:\users\troy malsam\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [systeminit.exe] c:\users\troyma~1\appdata\local\temp\systeminit.exe
    uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    uRun: [CrashDumps] rundll32.exe "c:\users\troy malsam\appdata\local\falloutnv\crashdumps\mbssgxg.dll",DllRegisterServerW
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [CyberLink] c:\users\troy malsam\appdata\roaming\54809a\54809A.exe
    uRun: [Adobe CS Manager] c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SS_MW] c:\program files\radica\stylin' studio\SS_MW.exe
    mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
    mRun: [CouponAlert_2p Browser Plugin Loader] c:\progra~1\coupon~2\bar\1.bin\2pbrmon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    StartupFolder: c:\users\troyma~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzeb049YYUS_ZJxdm128YYUS
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {444785F1-DE89-4295-863A-D46C3A781394} - hxxp://webplayer.unity3d.com/download_webplayer/UnityWebPlayer.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://domino2.limacityschools.org/dwa85W.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
    DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
    TCP: NameServer = 192.168.10.1
    TCP: Interfaces\{0078279E-8349-48A2-941C-83420A7E14DA} : DHCPNameServer = 192.168.10.1
    TCP: Interfaces\{4B8DB134-9445-4147-BE84-E777B9D1E0A3} : DHCPNameServer = 192.168.10.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: c:\program files\couponalert_2p\bar\1.bin\NP2pStub.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\troy malsam\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\plugins\np-mswmp.dll
    FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}\plugins\np-mswmp.dll
    FF - plugin: c:\users\troy malsam\appdata\roaming\mozilla\firefox\profiles\ztc61qm1.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: !HIDDEN! 2011-07-01 22:52; [email protected]_2p.com; c:\program files\couponalert_2p\bar\1.bin
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207020.003\symds.sys [2012-6-11 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207020.003\symefa.sys [2012-6-11 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20130115.001\IDSvix86.sys [2013-1-16 386720]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207020.003\ironx86.sys [2012-6-11 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207020.003\symtdiv.sys [2012-6-11 331384]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2012-1-8 8704]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-11-30 382824]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2010-12-3 836384]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
    R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-8-26 207360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-2-25 131912]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-7 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Waew
    2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Ittuu
    2013-01-16 23:09:06 -------- d-----w- c:\users\troy malsam\appdata\roaming\Axag
    2013-01-16 23:04:08 -------- d-----w- c:\users\troy malsam\appdata\roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
    2013-01-16 23:04:00 181248 --sha-w- c:\programdata\ms00A10AEB.dat
    2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Xaure
    2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Veacu
    2013-01-16 23:03:53 -------- d-----w- c:\users\troy malsam\appdata\roaming\Asno
    2013-01-12 16:56:38 -------- d-----w- c:\users\troy malsam\appdata\local\Warframe
    2013-01-08 20:59:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-08 20:59:49 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-08 20:58:51 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-06 19:58:43 -------- d-----w- c:\program files\OverTheEdge
    2012-12-22 17:01:40 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-12-21 18:20:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 18:20:50 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-18 21:18:04 -------- d-----w- c:\users\troy malsam\appdata\local\4A Games
    2012-12-18 02:47:45 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
    2012-12-18 02:47:45 28008 ----a-w- c:\windows\system32\nvhdap32.dll
    2012-12-18 02:47:45 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
    2012-12-18 02:47:44 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-12-18 02:47:44 7819016 ----a-w- c:\windows\system32\nvcuda.dll
    2012-12-18 02:47:44 6149904 ----a-w- c:\windows\system32\nvopencl.dll
    2012-12-18 02:47:44 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-12-18 02:47:43 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-12-18 02:47:43 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-12-18 02:47:42 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 00:43:23 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-09 00:43:22 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-03 15:39:40 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2012-12-03 15:39:40 2496976 ----a-w- c:\windows\system32\nvapi.dll
    2012-12-03 15:39:40 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-12-03 15:39:40 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-12-03 15:39:40 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-12-01 04:38:18 2869608 ----a-w- c:\windows\system32\nvsvc.dll
    2012-12-01 04:38:13 3984744 ----a-w- c:\windows\system32\nvcpl.dll
    2012-12-01 04:37:55 645480 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-12-01 04:37:55 62312 ----a-w- c:\windows\system32\nvshext.dll
    2012-12-01 04:37:55 108392 ----a-w- c:\windows\system32\nvmctray.dll
    2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 19:19:54.26 ===============

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/11/2008 5:49:18 PM
    System Uptime: 1/16/2013 6:58:54 PM (1 hours ago)
    .
    Motherboard: OEM_MB | | IVY8
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 6.106 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.22 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Tun Miniport Adapter
    Device ID: ROOT\*TUNMP\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TUNMP\0000
    Service: tunmp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NVIDIA nForce 10/100 Mbps Ethernet
    Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
    Manufacturer: NVIDIA
    Name: NVIDIA nForce 10/100 Mbps Ethernet
    PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A5B103C&REV_A2\3&2411E6FE&0&38
    Service: NVENETFD
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_BEEP\XX_COUPONALERT_2PSERVICE_XX
    Service: CouponAlert_2pService
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_BEEP\XX_MYWEBSEARCHSERVICE_XX
    Service: MyWebSearchService
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (L2TP)
    Device ID: ROOT\MS_L2TPMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (L2TP)
    PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
    Service: Rasl2tp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (Network Monitor)
    Device ID: ROOT\MS_NDISWANBH\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (Network Monitor)
    PNP Device ID: ROOT\MS_NDISWANBH\0000
    Service: NdisWan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (IP)
    Device ID: ROOT\MS_NDISWANIP\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (IP)
    PNP Device ID: ROOT\MS_NDISWANIP\0000
    Service: NdisWan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (IPv6)
    Device ID: ROOT\MS_NDISWANIPV6\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (IPv6)
    PNP Device ID: ROOT\MS_NDISWANIPV6\0000
    Service: NdisWan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (PPPOE)
    Device ID: ROOT\MS_PPPOEMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (PPPOE)
    PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
    Service: RasPppoe
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (PPTP)
    Device ID: ROOT\MS_PPTPMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (PPTP)
    PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
    Service: PptpMiniport
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: WAN Miniport (SSTP)
    Device ID: ROOT\MS_SSTPMINIPORT\0000
    Manufacturer: Microsoft
    Name: WAN Miniport (SSTP)
    PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
    Service: RasSstp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.2
    Adobe Shockwave Player 11.5
    Advanced PC Tweaker v4.2
    Amazon MP3 Downloader 1.0.15
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    applicationupdater
    Ask Toolbar
    Audacity 1.2.6
    Auslogics Disk Defrag
    Big Fish Games: Game Manager
    Bing Bar
    Bonjour
    CamStudio
    Cards_Calendar_OrderGift_DoMorePlugout
    Cave Story Deluxe
    Compatibility Pack for the 2007 Office system
    Coupon Alert
    Coupon Printer for Windows
    Coupons.com Toolbar
    CyberLink DVD Suite Deluxe
    D-Link DFE-530TX+
    D-Link PCI Fast Ethernet Adapter
    D3DX10
    Dark Souls: Prepare to Die Edition
    Dealio Toolbar v4.0
    Dedicated Server
    Desura
    DFOLauncher
    Dungeon Fighter Online
    Ease Audio Converter 4.80
    Explorer Suite III
    Fallout: New Vegas
    Flash Movie Player 1.5
    FlipShare
    Free Mp3 Wma Converter V 1.8.0
    Free MP3 WMA OGG Converter 8.2.5
    FTL: Faster Than Light
    Garry's Mod
    GCFScape 1.8.0
    GECK - New Vegas Edition
    GoldWave v5.20
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Gyazo 1.0
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Half-Life Dedicated Server Update Tool
    Hardware Diagnostic Tools
    Hi-Rez Studios Games
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Demo
    HP MediaSmart DVD
    HP Photosmart Essential 2.5
    HP Photosmart Essential 3.0
    HP Product Detection
    HP Recovery Manager RSS
    HP Update
    HPAsset component for HP Active Support Library
    HPPhotoSmartPhotobookWebPack1
    HPTCSSetup
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    JavaFX 2.1.1
    Junk Mail filter update
    LabelPrint
    League of Legends
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    Left 4 Dead 2 Authoring Tools
    Left 4 Dead 2 Dedicated Server
    LightScribe System Software
    LightScribeTemplateLabeler
    LogMeIn Hamachi
    Map Button (Windows Live Toolbar)
    Mesh Runtime
    Messenger Companion
    Metro 2033
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    MobileMe Control Panel
    Mozilla Firefox 5.0.1 (x86 en-US)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mumble 1.2.3
    muvee autoProducer 6.1
    My HP Games
    My Web Search (Smiley Central)
    MySQL Connector/ODBC 3.51
    MySQL Server 5.0
    Mystery Case Files: Ravenhearst &reg;
    Norton Internet Security
    Norton Security Scan
    NVIDIA 3D Vision Controller Driver 310.70
    NVIDIA 3D Vision Driver 310.70
    NVIDIA Control Panel 310.70
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA Graphics Driver 310.70
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    OBCO Final Release (Compiled Version - some features disabled).
    OGA Notifier 2.0.0048.0
    Paint.NET v3.5.10
    Pando Media Booster
    ParetoLogic DriverCure
    PCIe Soft Data Fax Modem with SmartCP
    PhotoMovieMaker
    PictureMover
    Portal
    Portforward Static IP Address 1.0.43
    Power2Go
    PowerDirector
    ProGen
    PSSWCORE
    Python 2.5.2
    QuickTime
    Realm of the Mad God
    Realtek High Definition Audio Driver
    RegAce System Suite
    Safari
    Search Settings 1.2.1
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Segoe UI
    Simple Port Forwarding
    Skype Toolbars
    Skype™ 5.10
    Smart Menus (Windows Live Toolbar)
    Source SDK Base - Orange Box
    sp44626
    Spelling Dictionaries Support For Adobe Reader 8
    Sphere (remove only)
    Spiral Knights
    SPORE Creature Creator Trial Edition
    SQLyog Community 6.03
    Steam
    Stylin' Studio v1.0
    System Requirements Lab
    System Requirements Lab CYRI
    Team Fortress 2
    Team Fortress 2 Dedicated Server
    Terraria
    The Binding Of Isaac
    The Weather Channel App
    The Weather Channel Desktop 6
    TortoiseSVN 1.6.7.18415 (32 bit)
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VideoToolkit01
    VTFEdit 1.2.5
    Warcraft III
    Warframe
    WeGame Client 2.2.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    XSplit
    .
    ==== End Of File ===========================

    ark.txt

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-16 19:28:43
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000065 ST332082 rev.3.CH 298.09GB
    Running: m7shzt81.exe; Driver: C:\Users\TROYMA~1\AppData\Local\Temp\fwldypod.sys

    ---- System - GMER 2.0 ----
    SSDT 88518648 ZwAlertResumeThread
    SSDT 88518728 ZwAlertThread
    SSDT 88525558 ZwAllocateVirtualMemory
    SSDT 87D392C0 ZwAlpcConnectPort
    SSDT 88527900 ZwAssignProcessToJobObject
    SSDT 88518398 ZwCreateMutant
    SSDT 885275D8 ZwCreateSymbolicLinkObject
    SSDT 88BBB060 ZwCreateThread
    SSDT 885279E0 ZwDebugActiveProcess
    SSDT 88525728 ZwDuplicateObject
    SSDT 884F4E68 ZwFreeVirtualMemory
    SSDT 88518488 ZwImpersonateAnonymousToken
    SSDT 88518568 ZwImpersonateThread
    SSDT 87D39248 ZwLoadDriver
    SSDT 884F4D68 ZwMapViewOfSection
    SSDT 885182B8 ZwOpenEvent
    SSDT 88BAA9C0 ZwOpenProcess
    SSDT 88525648 ZwOpenProcessToken
    SSDT 88527C08 ZwOpenSection
    SSDT 88525818 ZwOpenThread
    SSDT 88527810 ZwProtectVirtualMemory
    SSDT 88527FA8 ZwResumeThread
    SSDT 884F4AB8 ZwSetContextThread
    SSDT 884F4B98 ZwSetInformationProcess
    SSDT 88527AC0 ZwSetSystemInformation
    SSDT 88527EA8 ZwSuspendProcess
    SSDT 88518BF0 ZwSuspendThread
    SSDT 8864DE58 ZwTerminateProcess
    SSDT 884F49D8 ZwTerminateThread
    SSDT 884F4C88 ZwUnmapViewOfSection
    SSDT 884F4F38 ZwWriteVirtualMemory
    SSDT 88527710 ZwCreateThreadEx
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!KeSetEvent + 11D 82CB57E0 8 Bytes [48, 86, 51, 88, 28, 87, 51, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 82CB57F4 4 Bytes [58, 55, 52, 88]
    .text ntkrnlpa.exe!KeSetEvent + 13D 82CB5800 4 Bytes [C0, 92, D3, 87]
    .text ntkrnlpa.exe!KeSetEvent + 191 82CB5854 4 Bytes CALL D54458DB
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82CB58B8 4 Bytes [98, 83, 51, 88]
    .text ...
    ? C:\Users\TROYMA~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE[868] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00275560
    .text C:\Windows\System32\rundll32.exe[1240] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 001E5560
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1384] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 003F5560
    .text C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe[2112] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002B5560
    .text C:\Windows\ehome\ehtray.exe[2404] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 014A5560
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 032C0594
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 032C012A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 032C03D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 032C04B2
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 032C02EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 032C0048
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 032C020C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 032C0676
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 032C0758
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 001C1FF8
    .text C:\Program Files\Internet Explorer\iexplore.exe[3172] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 001C1F8C
    .text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread 77835024 3 Bytes JMP 00835560
    .text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtResumeThread + 4 77835028 1 Byte [89]
    .text C:\Program Files\Radica\Stylin' Studio\SS_MW.exe[3264] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00265560
    .text C:\Windows\ehome\ehmsas.exe[3364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 000D5560
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3452] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00925560
    .text ...
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02E11FF8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4888] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02E11F8C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 002C5560
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02D31FF8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5168] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02D31F8C
    .text C:\Windows\system32\NOTEPAD.EXE[5192] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
    .text C:\Windows\system32\wuauclt.exe[5364] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00075560
    .text C:\Windows\system32\svchost.exe[5652] svchost.exe 005D2083 6 Bytes PUSH 00050000; RET
    .text C:\Windows\system32\svchost.exe[5652] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00065560
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00045560
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ntdll.dll!NtSetInformationProcess 77835194 5 Bytes JMP 05380594
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!ReadProcessMemory + 3E 76741CB3 7 Bytes JMP 0538012A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!WriteProcessMemory + 106 76741DBE 7 Bytes JMP 053803D0
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateIoCompletionPort + 52 76769D96 7 Bytes JMP 053804B2
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!VirtualAllocEx + 54 7678AF50 7 Bytes JMP 053802EE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!CreateThread 7678CB0E 5 Bytes JMP 05380048
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] kernel32.dll!GetProcessHandleCount + 35 767D5DD3 7 Bytes JMP 0538020C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!SetWindowsHookExW 75F687AD 5 Bytes JMP 694425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CallNextHookEx 75F68E3B 5 Bytes JMP 69467FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!UnhookWindowsHookEx 75F698DB 5 Bytes JMP 6948ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!EnableWindow 75F6CD8B 5 Bytes JMP 69449EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcA 75F6DB88 7 Bytes JMP 69409805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExA 75F6DC2A 5 Bytes JMP 6941363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!CreateWindowExW 75F71305 5 Bytes JMP 694703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DefWindowProcW 75F803B4 7 Bytes JMP 69468042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamW 75F910B0 5 Bytes JMP 693A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamW 75F92EF5 5 Bytes JMP 69598FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxParamA 75FA8152 5 Bytes JMP 69598F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!DialogBoxIndirectParamA 75FA847D 5 Bytes JMP 6959901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectA 75FBD4D9 5 Bytes JMP 69598ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxIndirectW 75FBD5D3 5 Bytes JMP 69598E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExA 75FBD639 5 Bytes JMP 69598DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] USER32.dll!MessageBoxExW 75FBD65D 5 Bytes JMP 69598D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!OleLoadFromStream 776A1E80 5 Bytes JMP 69599784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoGetTreatAsClass + D2F 776BFAE3 7 Bytes JMP 05380676
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] ole32.dll!CoCreateInstance + 3E 776D9F7C 7 Bytes JMP 05380758
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestW 7688632D 5 Bytes JMP 02DB1FF8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5768] WININET.dll!HttpSendRequestA 768B525A 5 Bytes JMP 02DB1F8C
    .text C:\Windows\system32\ctfmon.exe[5836] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
    .text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[6128] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00055560
    .text C:\Users\Troy Malsam\Desktop\HijackThis.exe[8136] ntdll.dll!NtResumeThread 77835024 5 Bytes JMP 00145560
    ---- EOF - GMER 2.0 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

    Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Kevin....
     
  3. Smoge

    Smoge Thread Starter

    Joined:
    Jan 16, 2013
    Messages:
    4
    Followed your instructions, here is the file

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
    Ran by SYSTEM at 23-01-2013 18:46:35
    Running from J:\
    Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
    HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard)
    HKLM\...\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
    HKLM\...\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe [524288 2008-04-25] (Radica)
    HKLM\...\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [53352 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [970240 2009-04-09] (Spigot, Inc.)
    HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
    HKLM\...\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-09-09] (CyberLink Corp.)
    HKLM\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-01] (VER_COMPANY_NAME)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\Default\...\Run: [HPADVISOR] [x]
    HKU\Default User\...\Run: [HPADVISOR] [x]
    HKU\Troy Malsam\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
    HKU\Troy Malsam\...\Run: [Google Update] "C:\Users\Troy Malsam\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-01-22] (Google Inc.)
    HKU\Troy Malsam\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
    HKU\Troy Malsam\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
    HKU\Troy Malsam\...\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe /Minimized [x]
    HKU\Troy Malsam\...\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
    HKU\Troy Malsam\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [13105848 2013-01-14] (The Weather Channel)
    HKU\Troy Malsam\...\Run: [CrashDumps] rundll32.exe "C:\Users\Troy Malsam\AppData\Local\FalloutNV\CrashDumps\mbssgxg.dll",DllRegisterServerW [x]
    HKU\Troy Malsam\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-11] (Google Inc.)
    HKU\Troy Malsam\...\Run: [CyberLink] C:\Users\Troy Malsam\AppData\Roaming\54809A\54809A.exe [45560 2009-04-10] ()
    HKU\Troy Malsam\...\Run: [Adobe CS Manager] C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79\dbfdabfdcebcbc.exe [132608 2013-01-16] ()
    HKU\Troy Malsam\...\Run: [Qocauv] "C:\Users\Troy Malsam\AppData\Roaming\Zyvyo\syeb.exe" [x]
    HKU\Troy Malsam\...\CurrentVersion\Windows: [Load] C:\Users\TROYMA~1\LOCALS~1\Temp\mscqiyri.com
    HKU\UpdatusUser\...\Run: [HPADVISOR] [x]
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
    ShortcutTarget: PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Troy Malsam\Start Menu\Programs\Startup\runctf.lnk
    ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    ==================== Services (Whitelisted) ===================
    3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-02-25] (Desura Pty Ltd)
    2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [455944 2009-11-19] ()
    2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1435568 2012-12-10] (LogMeIn Inc.)
    2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 NIS; "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
    3 npggsvc; C:\Windows\system32\GameMon.des -service [2769658 2009-02-18] (INCA Internet Co., Ltd.)
    2 Winmgmt; C:\PROGRA~2\ms0004C3DA.dat [139264 2013-01-18] (Microsoft Corporation)
    2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
    4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
    4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
    4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
    4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
    ==================== Drivers (Whitelisted) ====================
    3 AE1000; C:\Windows\System32\DRIVERS\ae1000va.sys [836384 2010-02-12] (Ralink Technology Corp.)
    1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130111.001\BHDrvx86.sys [995488 2012-10-23] (Symantec Corporation)
    3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-20] (Microsoft Corporation)
    1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-10-09] (Symantec Corporation)
    3 EraserUtilDrv11220; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [106656 2012-10-09] (Symantec Corporation)
    3 FETNDISB; C:\Windows\System32\DRIVERS\dlkfet5b.sys [43008 2007-07-13] (D-Link )
    3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)
    1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130116.002\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
    2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL [9250 2009-04-21] ()
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130118.017\NAVENG.SYS [93296 2013-01-16] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130118.017\NAVEX15.SYS [1603824 2013-01-16] (Symantec Corporation)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
    1 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
    1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
    0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
    0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-11] (Symantec Corporation)
    1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
    1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1207020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
    3 AIRPLUS; C:\Windows\System32\DRIVERS\airplus.sys [x]
    3 catchme; \??\C:\Users\TROYMA~1\AppData\Local\Temp\catchme.sys [x]
    3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
    3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]
    3 XDva390; \??\C:\Windows\system32\XDva390.sys [x]
    3 XDva392; \??\C:\Windows\system32\XDva392.sys [x]
    3 XDva393; \??\C:\Windows\system32\XDva393.sys [x]
    0 xheor; C:\Windows\System32\drivers\ptanr.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-01-23 18:46 - 2013-01-23 18:46 - 00000000 ____D C:\FRST
    2013-01-18 15:51 - 2013-01-18 16:07 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Kuyg
    2013-01-18 15:51 - 2013-01-18 16:07 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Kuyg
    2013-01-18 15:51 - 2013-01-18 15:59 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Zyvyo
    2013-01-18 15:51 - 2013-01-18 15:59 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Zyvyo
    2013-01-18 15:51 - 2013-01-18 15:52 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ulgao
    2013-01-18 15:51 - 2013-01-18 15:52 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ulgao
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Meut
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ilbyowo
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Meut
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ilbyowo
    2013-01-18 12:43 - 2013-01-18 15:51 - 00002727 ____A C:\Users\All Users\Application Data\AD3C4000sm.js
    2013-01-18 12:43 - 2013-01-18 15:51 - 00002727 ____A C:\Users\All Users\AD3C4000sm.js
    2013-01-18 12:42 - 2013-01-18 16:06 - 95023320 ___AT C:\Users\All Users\Application Data\AD3C4000sm.pad
    2013-01-18 12:42 - 2013-01-18 16:06 - 95023320 ___AT C:\Users\All Users\AD3C4000sm.pad
    2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\ms0004C3DA.dat
    2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\Application Data\ms0004C3DA.dat
    2013-01-17 13:19 - 2013-01-17 16:27 - 00018432 ____A C:\Users\Troy Malsam\My Documents\Annexation of Texas Report.wps
    2013-01-17 13:19 - 2013-01-17 16:27 - 00018432 ____A C:\Users\Troy Malsam\Documents\Annexation of Texas Report.wps
    2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Malwarebytes
    2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Malwarebytes
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2013-01-17 12:47 - 2013-01-17 12:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-01-17 12:47 - 2012-12-14 13:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-17 12:27 - 2013-01-17 12:39 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Yrylol
    2013-01-17 12:27 - 2013-01-17 12:39 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Yrylol
    2013-01-17 12:27 - 2013-01-17 12:30 - 95023320 ___AT C:\Users\All Users\BBF.pad
    2013-01-17 12:27 - 2013-01-17 12:30 - 95023320 ___AT C:\Users\All Users\Application Data\BBF.pad
    2013-01-17 12:27 - 2013-01-17 12:28 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ihgaul
    2013-01-17 12:27 - 2013-01-17 12:28 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ihgaul
    2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ypny
    2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ypny
    2013-01-16 16:39 - 2013-01-16 16:38 - 00261024 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-01-16 16:39 - 2013-01-16 16:38 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-16 16:39 - 2013-01-16 16:38 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-16 16:39 - 2013-01-16 16:38 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-01-16 16:28 - 2013-01-16 16:28 - 00023821 ____A C:\Users\Troy Malsam\Desktop\ark.txt
    2013-01-16 16:20 - 2013-01-16 16:20 - 00012338 ____A C:\Users\Troy Malsam\Desktop\attach.txt
    2013-01-16 16:20 - 2013-01-16 16:19 - 00026541 ____A C:\Users\Troy Malsam\Desktop\dds.txt
    2013-01-16 16:19 - 2013-01-16 16:19 - 00365568 ____A C:\Users\Troy Malsam\Desktop\m7shzt81.exe
    2013-01-16 16:18 - 2013-01-16 16:18 - 00009366 ____A C:\Users\Troy Malsam\Desktop\hijackthis.log
    2013-01-16 16:15 - 2013-01-16 16:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Troy Malsam\Desktop\HijackThis.exe
    2013-01-16 15:44 - 2013-01-16 15:44 - 00003296 ____A C:\{CAFB8363-169B-4E64-A8DB-E34533CB367C}
    2013-01-16 15:09 - 2013-01-16 15:11 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ittuu
    2013-01-16 15:09 - 2013-01-16 15:11 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ittuu
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Waew
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Axag
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Waew
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Axag
    2013-01-16 15:04 - 2013-01-17 12:49 - 95023320 ___AT C:\Users\All Users\BEA01A00sm.pad
    2013-01-16 15:04 - 2013-01-17 12:49 - 95023320 ___AT C:\Users\All Users\Application Data\BEA01A00sm.pad
    2013-01-16 15:04 - 2013-01-16 15:12 - 95023320 ___AT C:\Users\All Users\Application Data\885A.pad
    2013-01-16 15:04 - 2013-01-16 15:12 - 95023320 ___AT C:\Users\All Users\885A.pad
    2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\BEA01A00sm.js
    2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\Application Data\BEA01A00sm.js
    2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\Application Data\d286bf41-218d-432a-b15f-d40cebc6b19c79
    2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
    2013-01-16 15:03 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Xaure
    2013-01-16 15:03 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Xaure
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Veacu
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Asno
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Veacu
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Asno
    2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Warframe
    2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Warframe
    2013-01-12 08:56 - 2013-01-15 16:37 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Warframe
    2013-01-12 08:56 - 2013-01-12 08:56 - 00002099 ____A C:\Users\Troy Malsam\Desktop\Warframe.lnk
    2013-01-08 12:59 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-08 12:59 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
    2013-01-08 12:59 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-08 12:58 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-06 11:58 - 2013-01-06 11:58 - 00000000 ____D C:\Program Files\OverTheEdge
    2013-01-06 10:28 - 2013-01-14 15:31 - 00017408 ____A C:\Users\Troy Malsam\My Documents\The Scarlet Letter Report.wps
    2013-01-06 10:28 - 2013-01-14 15:31 - 00017408 ____A C:\Users\Troy Malsam\Documents\The Scarlet Letter Report.wps
    ==================== One Month Modified Files and Folders ========
    2013-01-23 18:46 - 2013-01-23 18:46 - 00000000 ____D C:\FRST
    2013-01-18 16:12 - 2008-09-11 13:53 - 01359757 ____A C:\Windows\WindowsUpdate.log
    2013-01-18 16:11 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-01-18 16:11 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-18 16:11 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-18 16:11 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-18 16:07 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Kuyg
    2013-01-18 16:07 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Kuyg
    2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\TSVNCache
    2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\TSVNCache
    2013-01-18 16:07 - 2010-04-01 20:23 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\TSVNCache
    2013-01-18 16:06 - 2013-01-18 12:42 - 95023320 ___AT C:\Users\All Users\Application Data\AD3C4000sm.pad
    2013-01-18 16:06 - 2013-01-18 12:42 - 95023320 ___AT C:\Users\All Users\AD3C4000sm.pad
    2013-01-18 15:59 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Zyvyo
    2013-01-18 15:59 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Zyvyo
    2013-01-18 15:55 - 2010-03-26 11:15 - 00000000 ____D C:\Program Files\Steam
    2013-01-18 15:52 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ulgao
    2013-01-18 15:52 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ulgao
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Meut
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ilbyowo
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Meut
    2013-01-18 15:51 - 2013-01-18 15:51 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ilbyowo
    2013-01-18 15:51 - 2013-01-18 12:43 - 00002727 ____A C:\Users\All Users\Application Data\AD3C4000sm.js
    2013-01-18 15:51 - 2013-01-18 12:43 - 00002727 ____A C:\Users\All Users\AD3C4000sm.js
    2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\LogMeIn Hamachi
    2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\LogMeIn Hamachi
    2013-01-18 15:50 - 2011-05-21 21:47 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\LogMeIn Hamachi
    2013-01-18 15:49 - 2010-01-28 15:09 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-18 15:46 - 2008-08-26 06:33 - 00000000 ____D C:\Users\All Users\NVIDIA
    2013-01-18 15:46 - 2008-08-26 06:33 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
    2013-01-18 15:45 - 2008-01-20 18:47 - 01077118 ____A C:\Windows\PFRO.log
    2013-01-18 15:36 - 2010-07-23 19:12 - 00000000 ____D C:\Windows\Simple Port Forwarding
    2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\Local Settings\d3d9caps.dat
    2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\Local Settings\Application Data\d3d9caps.dat
    2013-01-18 12:47 - 2008-12-25 12:29 - 00002032 ____A C:\Users\Troy Malsam\AppData\Local\d3d9caps.dat
    2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\ms0004C3DA.dat
    2013-01-18 12:42 - 2013-01-18 12:42 - 00139264 __ASH (Microsoft Corporation) C:\Users\All Users\Application Data\ms0004C3DA.dat
    2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Windows Live
    2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Windows Live
    2013-01-17 18:08 - 2010-11-07 17:48 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Windows Live
    2013-01-17 16:27 - 2013-01-17 13:19 - 00018432 ____A C:\Users\Troy Malsam\My Documents\Annexation of Texas Report.wps
    2013-01-17 16:27 - 2013-01-17 13:19 - 00018432 ____A C:\Users\Troy Malsam\Documents\Annexation of Texas Report.wps
    2013-01-17 16:27 - 2009-08-19 04:51 - 00023166 ____A C:\Users\Troy Malsam\Application Data\wklnhst.dat
    2013-01-17 16:27 - 2009-08-19 04:51 - 00023166 ____A C:\Users\Troy Malsam\AppData\Roaming\wklnhst.dat
    2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\PMB Files
    2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\PMB Files
    2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\PMB Files
    2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\All Users\PMB Files
    2013-01-17 16:04 - 2009-10-14 11:20 - 00000000 ____D C:\Users\All Users\Application Data\PMB Files
    2013-01-17 15:32 - 2012-10-28 13:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-17 15:21 - 2010-01-28 15:09 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-17 15:17 - 2009-06-30 14:46 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282813114-2919542827-3659624599-1000UA.job
    2013-01-17 15:00 - 2010-07-20 21:43 - 00000456 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
    2013-01-17 15:00 - 2010-03-15 16:00 - 00000454 ____A C:\Windows\Tasks\ParetoLogic Registration.job
    2013-01-17 13:27 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
    2013-01-17 13:17 - 2009-06-30 14:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1282813114-2919542827-3659624599-1000Core.job
    2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Malwarebytes
    2013-01-17 12:50 - 2013-01-17 12:50 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Malwarebytes
    2013-01-17 12:49 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\BEA01A00sm.pad
    2013-01-17 12:49 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\Application Data\BEA01A00sm.pad
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000912 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-17 12:48 - 2013-01-17 12:48 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2013-01-17 12:48 - 2013-01-17 12:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\CrashDumps
    2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\CrashDumps
    2013-01-17 12:43 - 2010-05-30 15:18 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\CrashDumps
    2013-01-17 12:39 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Yrylol
    2013-01-17 12:39 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Yrylol
    2013-01-17 12:30 - 2013-01-17 12:27 - 95023320 ___AT C:\Users\All Users\BBF.pad
    2013-01-17 12:30 - 2013-01-17 12:27 - 95023320 ___AT C:\Users\All Users\Application Data\BBF.pad
    2013-01-17 12:28 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ihgaul
    2013-01-17 12:28 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ihgaul
    2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ypny
    2013-01-17 12:27 - 2013-01-17 12:27 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ypny
    2013-01-16 16:39 - 2008-08-26 06:43 - 00000000 ____D C:\Program Files\Common Files\Java
    2013-01-16 16:38 - 2013-01-16 16:39 - 00261024 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-01-16 16:38 - 2013-01-16 16:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-16 16:38 - 2013-01-16 16:39 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-16 16:38 - 2013-01-16 16:39 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-01-16 16:38 - 2012-08-06 17:10 - 00859552 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2013-01-16 16:38 - 2010-04-15 14:41 - 00780192 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2013-01-16 16:37 - 2008-08-26 06:43 - 00000000 ____D C:\Program Files\Java
    2013-01-16 16:28 - 2013-01-16 16:28 - 00023821 ____A C:\Users\Troy Malsam\Desktop\ark.txt
    2013-01-16 16:20 - 2013-01-16 16:20 - 00012338 ____A C:\Users\Troy Malsam\Desktop\attach.txt
    2013-01-16 16:19 - 2013-01-16 16:20 - 00026541 ____A C:\Users\Troy Malsam\Desktop\dds.txt
    2013-01-16 16:19 - 2013-01-16 16:19 - 00365568 ____A C:\Users\Troy Malsam\Desktop\m7shzt81.exe
    2013-01-16 16:18 - 2013-01-16 16:18 - 00009366 ____A C:\Users\Troy Malsam\Desktop\hijackthis.log
    2013-01-16 16:15 - 2013-01-16 16:15 - 00388608 ____A (Trend Micro Inc.) C:\Users\Troy Malsam\Desktop\HijackThis.exe
    2013-01-16 15:44 - 2013-01-16 15:44 - 00003296 ____A C:\{CAFB8363-169B-4E64-A8DB-E34533CB367C}
    2013-01-16 15:12 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\Application Data\885A.pad
    2013-01-16 15:12 - 2013-01-16 15:04 - 95023320 ___AT C:\Users\All Users\885A.pad
    2013-01-16 15:11 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Ittuu
    2013-01-16 15:11 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Ittuu
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Waew
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Axag
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Waew
    2013-01-16 15:09 - 2013-01-16 15:09 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Axag
    2013-01-16 15:09 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Xaure
    2013-01-16 15:09 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Xaure
    2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\BEA01A00sm.js
    2013-01-16 15:04 - 2013-01-16 15:04 - 00002727 ____A C:\Users\All Users\Application Data\BEA01A00sm.js
    2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\Application Data\d286bf41-218d-432a-b15f-d40cebc6b19c79
    2013-01-16 15:04 - 2013-01-16 15:04 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\d286bf41-218d-432a-b15f-d40cebc6b19c79
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Veacu
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Asno
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Veacu
    2013-01-16 15:03 - 2013-01-16 15:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Asno
    2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Warframe
    2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Warframe
    2013-01-15 16:37 - 2013-01-12 08:56 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Warframe
    2013-01-14 16:00 - 2009-04-17 14:55 - 00000570 ___AH C:\Windows\Tasks\Norton Security Scan for Troy Malsam.job
    2013-01-14 15:56 - 2008-12-29 18:51 - 00000052 ____A C:\Windows\System32\DOErrors.log
    2013-01-14 15:31 - 2013-01-06 10:28 - 00017408 ____A C:\Users\Troy Malsam\My Documents\The Scarlet Letter Report.wps
    2013-01-14 15:31 - 2013-01-06 10:28 - 00017408 ____A C:\Users\Troy Malsam\Documents\The Scarlet Letter Report.wps
    2013-01-14 08:04 - 2012-02-11 06:45 - 00001107 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
    2013-01-14 08:04 - 2012-02-11 06:45 - 00001107 ____A C:\Users\All Users\Desktop\The Weather Channel App.lnk
    2013-01-13 09:00 - 2010-06-06 10:02 - 00000512 ____A C:\Windows\Tasks\One-Click Tweak.job
    2013-01-12 18:26 - 2009-01-22 06:46 - 00002078 ____A C:\Users\Troy Malsam\Desktop\Google Chrome.lnk
    2013-01-12 08:56 - 2013-01-12 08:56 - 00002099 ____A C:\Users\Troy Malsam\Desktop\Warframe.lnk
    2013-01-11 14:56 - 2010-11-10 13:06 - 00000000 ____D C:\Users\Troy Malsam\Application Data\Skype
    2013-01-11 14:56 - 2010-11-10 13:06 - 00000000 ____D C:\Users\Troy Malsam\AppData\Roaming\Skype
    2013-01-09 19:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-01-09 19:41 - 2006-11-02 04:47 - 00303248 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-09 15:17 - 2006-11-02 02:33 - 00750820 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-08 16:43 - 2012-05-10 09:35 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-01-08 16:43 - 2011-06-16 07:06 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-01-06 11:58 - 2013-01-06 11:58 - 00000000 ____D C:\Program Files\OverTheEdge
    2013-01-04 22:28 - 2009-03-14 18:42 - 00000000 ____D C:\Users\Troy Malsam\My Documents\My Games
    2013-01-04 22:28 - 2009-03-14 18:42 - 00000000 ____D C:\Users\Troy Malsam\Documents\My Games
    2012-12-31 12:33 - 2010-01-21 14:31 - 00000000 ____D C:\Program Files\Warcraft III
    2012-12-30 00:01 - 2012-11-11 15:31 - 00000384 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Troy Malsam.job
    2012-12-30 00:00 - 2012-11-11 15:31 - 00000000 ____D C:\Users\All Users\RegAce
    2012-12-30 00:00 - 2012-11-11 15:31 - 00000000 ____D C:\Users\All Users\Application Data\RegAce
    2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Paint.NET
    2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\Local Settings\Application Data\Paint.NET
    2012-12-29 12:41 - 2012-02-03 17:03 - 00000000 ____D C:\Users\Troy Malsam\AppData\Local\Paint.NET
    2012-12-27 23:09 - 2010-03-15 16:00 - 00000392 ____A C:\Windows\Tasks\DriverCure.job
    2012-12-27 22:33 - 2010-03-15 16:00 - 00000000 ____D C:\Users\All Users\DriverCure
    2012-12-27 22:33 - 2010-03-15 16:00 - 00000000 ____D C:\Users\All Users\Application Data\DriverCure
    2012-12-25 22:43 - 2010-03-15 16:00 - 00000428 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job
    2012-12-25 07:16 - 2006-11-02 04:52 - 00139189 ____A C:\Windows\setupact.log
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\@
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\L
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0\U
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0
    C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\@
    C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\L
    C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0\U
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2012-12-12 12:43] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A

    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2013-01-17 12:51:07
    ==================== Memory info ===========================
    Percentage of memory in use: 18%
    Total physical RAM: 3069.76 MB
    Available physical RAM: 2506.08 MB
    Total Pagefile: 2752.81 MB
    Available Pagefile: 2576.61 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1966.11 MB
    ==================== Partitions =============================
    1 Drive c: (COMPAQ) (Fixed) (Total:286.56 GB) (Free:6.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.53 GB) (Free:1.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    8 Drive j: () (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 1910 MB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: 1549F232
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 287 GB 32 KB
    Partition 2 Primary 12 GB 287 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C COMPAQ NTFS Partition 287 GB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D FACTORY_IMA NTFS Partition 12 GB Healthy
    =========================================================
    Partitions of Disk 5:
    ===============
    Disk ID: 00000000
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1906 MB 4032 KB
    =========================================================
    Disk: 5
    Partition 1
    Type : 0E
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J FAT Removable 1906 MB Healthy
    =========================================================
    Last Boot: 2013-01-18 16:13
    ==================== End Of Log ============================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Code:
    start
    HKLM\...\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [53352 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
    HKLM\...\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [970240 2009-04-09] (Spigot, Inc.)
    HKLM\...\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~1\COUPON~2\bar\1.bin\2pbrmon.exe [30096 2011-07-01] (VER_COMPANY_NAME)
    HKU\Troy Malsam\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32838 2009-05-03] (MyWebSearch.com)
    HKU\Troy Malsam\...\Run: [CrashDumps] rundll32.exe "C:\Users\Troy Malsam\AppData\Local\FalloutNV\CrashDumps\mbssgxg.dll",DllRegisterServerW [x]
    HKU\Troy Malsam\...\Run: [Qocauv] "C:\Users\Troy Malsam\AppData\Roaming\Zyvyo\syeb.exe" [x]
    HKU\Troy Malsam\...\CurrentVersion\Windows: [Load] C:\Users\TROYMA~1\LOCALS~1\Temp\mscqiyri.com
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
    C:\$Recycle.Bin\S-1-5-21-1282813114-2919542827-3659624599-1000\$54d36990d9acd958c48e9f5f76cd88d0
    C:\$Recycle.Bin\S-1-5-18\$54d36990d9acd958c48e9f5f76cd88d0
    end
    
    Now please enter System Recovery Options as you did to get the log.

    Run FRST64 or FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next,

    Reboot your PC try to get to Normal mode, if successful run the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085588

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice