As per the instructions I have saved and am now posting the logs that you said I should. Thank you very much in advance for the help.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/04/2011 at 02:05 PM
Application Version : 5.0.1136
Core Rules Database Version : 8012
Trace Rules Database Version: 5824
Scan type : Quick Scan
Total Scan Time : 00:07:50
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 738
Memory threats detected : 0
Registry items scanned : 39982
Registry threats detected : 0
File items scanned : 8564
File threats detected : 89
Adware.Tracking Cookie
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGKRTP05.txt [ Cookie:
[email protected]/ ]
.atdmt.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\PWUCR65V.txt [ Cookie:
[email protected]/ ]
.doubleclick.net [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\68JS0SQJ.txt [ Cookie:
[email protected]/ ]
.invitemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\45UJW4GW.txt [ Cookie:
[email protected]/ ]
statse.webtrendslive.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\LT50S1MK.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\UQSR3F6W.txt [ Cookie:
[email protected]/ ]
.doubleclick.net [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.megaclick.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\M6HITKYQ.txt [ Cookie:
[email protected]/ ]
.serving-sys.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\OC4FW7VG.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\NN4ANGM6.txt [ Cookie:
[email protected]/ ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\4CN9WIB8.txt [ Cookie:
[email protected]/ ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZD5S6CHO.txt [ Cookie:
[email protected]/hc/50553939 ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\4FO19M20.txt [ Cookie:
[email protected]/ ]
.histats.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\B53KACR5.txt [ Cookie:
[email protected]/ ]
.media6degrees.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\0HDB1ATP.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\7797FEO0.txt [ Cookie:
[email protected]/ ]
.statcounter.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\7BH0FK8J.txt [ Cookie:
[email protected]/ ]
.ad.doubleclick.net [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\YZYPK563.txt [ Cookie:
[email protected]/ ]
.serving-sys.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ZUQGGNU.txt [ Cookie:
[email protected]/hc/17490713 ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\GC8NXCQO.txt [ Cookie:
[email protected]/ ]
.media6degrees.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\IFILNV7F.txt [ Cookie:
[email protected]/ ]
.ru4.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\TPJHQ2NE.txt [ Cookie:
[email protected]/ ]
.ru4.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\39VDVTKQ.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\NEN0JC70.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B3HOAYY.txt [ Cookie:
[email protected]/ ]
.f.megaclick.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.f.megaclick.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.f.megaclick.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\OOZ2JWOR.txt [ Cookie:
[email protected]/ ]
.media6degrees.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\KO7RL5N9.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCY5WLWA.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\2EK5QJWJ.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCIRZ2IP.txt [ Cookie:
[email protected]/cgi-bin ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\GMN2WV8Z.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\8JZYWTWH.txt [ Cookie:
[email protected]/ ]
C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\3O939NJK.txt [ Cookie:
[email protected]/ ]
Trace.Known Threat Sources
C:\USERS\SHARON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUP9IX2S\favicon[4].ico [ cache:webfile ]
C:\USERS\SHARON\Local Settings\Temporary Internet Files\Content.IE5\AUP9IX2S\favicon[4].ico [ cache:webfile ]
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.orgDatabase version: 8271
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
04/12/2011 3:02:41 PM
mbam-log-2011-12-04 (15-02-41).txt
Scan type: Quick scan
Objects scanned: 167805
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by sharon at 15:29:54 on 2011-12-04
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\vVX1000.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
D:\Desktop\dds.scr
C:\Windows\system32\conime.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Page =
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0109&m=aspire_x1200
uSearch Bar =
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start
http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjA2NjM4MjYxLVQxLVU4NSsxLUJBKzEtS1YzKzctVUNBTE
wrMS1VQ0FMTDIrMi1GTCs4LVFJWDErNC1YMjAxM
CsyLUYxME0rNS1MSUMrNzctRkwxMCsxLVNQMS
sxLVNVRCsxLVMxSSsxLVNVMysxLUREVCs0NDczN
S1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRF
QrMS1UQk4rMS1VMTArMQ"&"prod=90"&"ver=10.0.1411
mRunOnce: [B Register c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll",DllRegisterServer
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10v_ActiveX.exe -update activex
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 206.126.95.252 192.168.1.1
TCP: Interfaces\{0E8D2240-728B-40DA-B5D8-141D156B18B8} : DhcpNameServer = 206.126.95.252 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sharon\appdata\roaming\mozilla\firefox\profiles\cyqptss0.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? pctNdis;PC Tools Firewall Intermediate Filter Service
R? vmwvusb;VMware View Generic USB Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? ETService;Empowering Technology Service
S? FontCache;Windows Font Cache Service
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNdisMP;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? RapportCerberus_29574;RapportCerberus_29574
S? RapportEI;RapportEI
S? RapportKELL;RapportKELL
S? RapportPG;RapportPG
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-12-04 20:12:06 848 ----a-w- c:\programdata\qembdaa.tmp
2011-12-04 20:08:07 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-12-04 19:34:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{706713c4-c07a-4c8a-8c6b-7510fdba70b0}\offreg.dll
2011-12-04 19:06:52 862 ----a-w- c:\programdata\whribaa.tmp
2011-12-04 19:06:25 833 ----a-w- c:\programdata\odjmaaa.tmp
2011-12-04 18:57:35 854 ----a-w- c:\programdata\wbslbaa.tmp
2011-12-04 18:57:20 797 ----a-w- c:\programdata\wlntaaa.tmp
2011-12-04 18:53:27 -------- d-----w- c:\users\sharon\appdata\roaming\PCToolsFirewallPlus
2011-12-04 18:52:55 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-04 18:52:55 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-04 18:52:51 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-04 18:52:51 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-04 18:51:27 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-12-04 18:51:27 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-12-04 18:51:26 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-12-04 18:51:26 -------- d-----w- c:\program files\common files\PC Tools
2011-12-04 18:51:23 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-12-04 18:51:20 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-12-04 18:26:26 855 ----a-w- c:\programdata\wzkjbaa.tmp
2011-12-04 18:25:26 906 ----a-w- c:\programdata\kfnuaaa.tmp
2011-12-04 18:25:11 824 ----a-w- c:\programdata\eibnaaa.tmp
2011-12-04 18:10:44 834 ----a-w- c:\programdata\eowtaaa.tmp
2011-12-04 18:10:20 821 ----a-w- c:\programdata\wnylaaa.tmp
2011-12-04 18:08:41 796 ----a-w- c:\programdata\eavnaaa.tmp
2011-12-04 17:52:17 784 ----a-w- c:\programdata\whzoaaa.tmp
2011-12-04 17:39:36 873 ----a-w- c:\programdata\gxhraaa.tmp
2011-12-04 16:33:49 833 ----a-w- c:\programdata\obytaaa.tmp
2011-12-04 12:03:45 888 ----a-w- c:\programdata\icbuaaa.tmp
2011-12-04 10:37:08 890 ----a-w- c:\programdata\khymaaa.tmp
2011-12-04 09:09:21 829 ----a-w- c:\programdata\gbamaaa.tmp
2011-12-04 09:07:49 790 ----a-w- c:\programdata\uynraaa.tmp
2011-12-04 09:06:11 814 ----a-w- c:\programdata\mqfuaaa.tmp
2011-12-04 08:46:40 865 ----a-w- c:\programdata\qicpaaa.tmp
2011-12-03 23:44:10 813 ----a-w- c:\programdata\qgvmaaa.tmp
2011-12-03 23:43:45 846 ----a-w- c:\programdata\iauraaa.tmp
2011-12-03 20:54:51 861 ----a-w- c:\programdata\egquaaa.tmp
2011-12-03 20:54:13 885 ----a-w- c:\programdata\uuzmaaa.tmp
2011-12-03 20:54:05 805 ----a-w- c:\programdata\ktsqaaa.tmp
2011-12-03 19:37:19 860 ----a-w- c:\programdata\ofqoaaa.tmp
2011-12-03 12:37:01 875 ----a-w- c:\programdata\euvqaaa.tmp
2011-12-03 11:12:54 848 ----a-w- c:\programdata\stuoaaa.tmp
2011-12-03 11:11:13 813 ----a-w- c:\programdata\yoztaaa.tmp
2011-12-03 08:13:11 822 ----a-w- c:\programdata\yglmgaa.tmp
2011-12-02 19:34:34 497664 ----a-w- c:\windows\system32\ac3filter.acm
2011-12-02 19:34:33 -------- d-----w- c:\program files\AC3Filter
2011-12-02 19:25:59 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-02 19:25:59 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-02 19:25:59 269272 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2011-12-02 19:25:58 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2011-12-02 19:25:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-02 19:25:57 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-02 19:25:57 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-12-02 19:25:57 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2011-12-02 18:39:19 867 ----a-w- c:\programdata\ovcnaaa.tmp
2011-12-02 17:16:39 845 ----a-w- c:\programdata\griuaaa.tmp
2011-12-02 07:40:41 843 ----a-w- c:\programdata\muxoaaa.tmp
2011-12-02 06:35:03 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{706713c4-c07a-4c8a-8c6b-7510fdba70b0}\mpengine.dll
2011-12-02 03:57:45 -------- d-----w- c:\users\sharon\appdata\roaming\ESET
2011-12-02 03:57:45 -------- d-----w- c:\users\sharon\appdata\local\ESET
2011-12-02 03:42:11 811 ----a-w- c:\programdata\yqkmaaa.tmp
2011-12-02 01:28:33 863 ----a-w- c:\programdata\gzotaaa.tmp
2011-12-02 00:20:48 -------- d-----w- c:\program files\ESET
2011-11-30 17:22:44 832 ----a-w- c:\programdata\spcuaaa.tmp
2011-11-30 16:25:13 782 ----a-w- c:\programdata\wrmqaaa.tmp
2011-11-30 09:48:26 801 ----a-w- c:\programdata\yemsaaa.tmp
2011-11-30 09:25:17 0 ----a-w- c:\programdata\kxcfbaa.tmp
2011-11-30 08:02:28 887 ----a-w- c:\programdata\otvkaaa.tmp
2011-11-30 03:29:47 809 ----a-w- c:\programdata\qszdcaa.tmp
2011-11-30 03:25:06 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-30 03:25:06 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-30 03:24:49 41184 ----a-w- c:\windows\avastSS.scr
2011-11-30 03:12:46 832 ----a-w- c:\programdata\ygjfeaa.tmp
2011-11-30 03:03:38 812 ----a-w- c:\programdata\srnmaaa.tmp
2011-11-30 02:40:51 801 ----a-w- c:\programdata\iglibaa.tmp
2011-11-30 02:31:04 806 ----a-w- c:\programdata\myltaaa.tmp
2011-11-30 02:30:06 856 ----a-w- c:\programdata\sbxxaaa.tmp
2011-11-30 01:46:02 818 ----a-w- c:\programdata\ucgmaaa.tmp
2011-11-29 21:01:27 797 ----a-w- c:\programdata\aastaaa.tmp
2011-11-29 20:53:05 791 ----a-w- c:\programdata\wfkgbaa.tmp
2011-11-29 19:32:00 844 ----a-w- c:\programdata\mweraaa.tmp
2011-11-29 19:26:04 897 ----a-w- c:\programdata\igtoaaa.tmp
2011-11-29 19:15:56 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-11-29 19:15:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 19:15:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-29 00:26:57 824 ----a-w- c:\programdata\iqgqaaa.tmp
2011-11-29 00:04:48 835 ----a-w- c:\programdata\kpemaaa.tmp
2011-11-28 21:49:34 845 ----a-w- c:\programdata\maxlaaa.tmp
2011-11-28 20:52:32 832 ----a-w- c:\programdata\knttaaa.tmp
2011-11-28 20:09:39 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-11-28 20:08:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-28 20:08:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-28 19:44:29 -------- d-----w- c:\program files\CCleaner
2011-11-28 19:36:33 859 ----a-w- c:\programdata\iemmaaa.tmp
2011-11-28 19:35:39 823 ----a-w- c:\programdata\ohxqaaa.tmp
2011-11-28 00:42:39 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-28 00:25:29 844 ----a-w- c:\programdata\uenoaaa.tmp
2011-11-28 00:02:02 857 ----a-w- c:\programdata\agrqaaa.tmp
2011-11-26 23:40:20 -------- d-----w- c:\programdata\ErrorEND
2011-11-26 23:10:12 833 ----a-w- c:\programdata\olplaaa.tmp
2011-11-26 07:59:14 894 ----a-w- c:\programdata\crjqaaa.tmp
2011-11-26 04:58:24 -------- d-----w- c:\users\sharon\appdata\local\DDMSettings
2011-11-26 04:46:17 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-11-26 04:46:04 -------- d-----w- c:\programdata\Tarma Installer
2011-11-26 04:46:01 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-11-26 03:41:22 817 ----a-w- c:\programdata\qqioaaa.tmp
2011-11-25 01:39:31 890 ----a-w- c:\programdata\melqaaa.tmp
2011-11-24 20:39:27 876 ----a-w- c:\programdata\krloaaa.tmp
2011-11-24 01:05:08 0 ---ha-w- c:\users\sharon\appdata\local\BITF881.tmp
2011-11-24 00:25:59 819 ----a-w- c:\programdata\eqhmaaa.tmp
2011-11-24 00:08:20 810 ----a-w- c:\programdata\yyqlaaa.tmp
2011-11-23 23:15:48 856 ----a-w- c:\programdata\qyonaaa.tmp
2011-11-23 02:49:46 853 ----a-w- c:\programdata\yuyqaaa.tmp
2011-11-23 02:28:18 837 ----a-w- c:\programdata\onsxaaa.tmp
2011-11-23 02:28:16 825 ----a-w- c:\programdata\uoaqaaa.tmp
2011-11-23 02:06:23 867 ----a-w- c:\programdata\krdibaa.tmp
2011-11-23 00:54:26 -------- d-----w- c:\programdata\AVAST Software
2011-11-23 00:54:26 -------- d-----w- c:\program files\AVAST Software
2011-11-22 23:29:17 819 ----a-w- c:\programdata\gnupaaa.tmp
2011-11-22 22:29:07 850 ----a-w- c:\programdata\aygbbaa.tmp
2011-11-22 15:11:23 883 ----a-w- c:\programdata\aqacbaa.tmp
2011-11-22 02:06:17 824 ----a-w- c:\programdata\eskyaaa.tmp
2011-11-22 01:36:26 829 ----a-w- c:\programdata\ohtabaa.tmp
2011-11-22 01:16:52 847 ----a-w- c:\programdata\yauxaaa.tmp
2011-11-21 20:52:35 834 ----a-w- c:\programdata\aoxpaaa.tmp
2011-11-21 20:35:38 -------- d-----w- c:\program files\Nero
2011-11-21 20:35:07 868 ----a-w- c:\programdata\crfabaa.tmp
2011-11-21 20:35:06 842 ----a-w- c:\programdata\gljxaaa.tmp
2011-11-21 20:32:41 823 ----a-w- c:\programdata\iymnfaa.tmp
2011-11-21 20:27:04 828 ----a-w- c:\programdata\ysroaaa.tmp
2011-11-21 19:25:15 -------- d-----w- c:\program files\Conduit
2011-11-21 19:25:09 -------- d-----w- c:\program files\Vuze_Remote
2011-11-21 18:57:51 -------- d-----w- c:\users\sharon\appdata\roaming\JAM Software
2011-11-21 18:57:42 -------- d-----w- c:\program files\JAM Software
2011-11-16 03:02:50 -------- d-----w- c:\users\sharon\appdata\local\VMware
2011-11-14 02:18:59 -------- d-----w- c:\users\sharon\appdata\local\VirtualStore
2011-11-13 23:55:18 -------- d-----w- c:\users\sharon\appdata\local\Temp
2011-11-12 21:27:45 -------- d--h--w- c:\users\sharon\appdata\local\MicrosoftNT
2011-11-09 05:07:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 05:07:14 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:07:09 707584 ----a-w- c:\program files\common files\system\wab32.dll
.
==================== Find3M ====================
.
2011-12-04 20:31:11 890 ----a-w- c:\programdata\wrekbaa.tmp
2011-12-04 20:31:02 822 ----a-w- c:\programdata\wdhuaaa.tmp
2011-12-04 20:30:34 807 ----a-w- c:\programdata\wfsmaaa.tmp
2011-12-01 22:50:25 46080 ----a-w- c:\windows\system32\svchost.exe
2011-12-01 22:50:09 338944 ----a-w- c:\windows\system32\winlogon.exe
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x883464D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8834c7d0]; MOV EAX, [0x8834c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x83E4D912] -> \Device\Harddisk0\DR0[0x87C703E0]
3 CLASSPNP[0x8B7AA8B3] -> ntkrnlpa!IofCallDriver[0x83E4D912] -> [0x871F95D8]
5 acpi[0x806086BC] -> ntkrnlpa!IofCallDriver[0x83E4D912] -> [0x871F1C90]
\Driver\nvstor32[0x8767B4E8] -> IRP_MJ_CREATE -> 0x883464D0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV DI, 0x5; XOR AX, AX; MOV DL, 0x80; INT 0x13; JAE 0x2d; DEC DI; }
detected disk devices:
\Device\00000067 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22L7A#4&184b1603&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:33:51.95 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.57
AC3Filter 1.63b
Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer Registration
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
ASUS Wireless Router RT-G32 Manuals
ASUS Wireless Router RT-G32 Utilities v1.0.12.0(EU)
avast! Free Antivirus
BufferChm
CCleaner
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
eSupportQFolder
F4200
F4200_Help
Garmin Communicator Plugin
Garmin USB Drivers
Google Toolbar for Internet Explorer
GPBaseService
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
ImagXpress
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
ParetoLogic PC Health Advisor
PC Tools Firewall Plus 7.0
PSSWCORE
Rapport
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Simply Accounting 2005 Pro Student Version
SmartWebPrinting
SolutionCenter
Status
SUPERAntiSpyware
Toolbox
TrayApp
TreeSize Free V2.6
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Vuze
Vuze Remote Toolbar
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
.