Author Topic: Unable to install anything (Read 14500 times)

dgreen · « **on:** October 18, 2010, 01:59:05 AM »

Hi,

I've been unable to run CCleaner or anything else as a prog called Security Tool is preventing me from doing anything.
It keeps popping up and telling me to buy the software etc.

I tried to do a system restore but this didn't work.

I noticed a few progs that have been installed which I am unable to uninstall :

Click Potato
Shopper Reports
Query Explorer
Xvid 1.2.1final uninstall

Any ideas?

Thanks

David

Allan · « **Reply #1 on:** October 18, 2010, 05:57:27 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

dgreen · « **Reply #2 on:** October 18, 2010, 07:02:23 AM »

Ive tried that already...
I couldnt install CCleaner it said " a program needs permission to continue"
I can't install anything .
I am running Vista Home.

SuperDave · « **Reply #3 on:** October 22, 2010, 12:18:40 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
******************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************
Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

dgreen · « **Reply #4 on:** October 25, 2010, 01:25:57 AM »

Hi Dave,

Thanks for getting back to me.
I've actually managed to solve this problem already using the RKill software but thanks anyway.
Is there a way I can save this thread in my outlook or somewhere, for future reference?

Cheers
David

SuperDave · « **Reply #5 on:** October 25, 2010, 01:06:13 PM »

I seriously doubt that Rkill has cured your problems. The only way to be sure is to run the scans and let me take a look at them. You can save this thread by bookmarking it.

dgreen · « **Reply #6 on:** October 25, 2010, 01:15:13 PM »

I ran super anti spyware and quarantined loads.
How can I save this thread?

SuperDave · « **Reply #7 on:** October 25, 2010, 01:29:17 PM »

Quote

How can I save this thread?

Just click on Favourites, click on Add to Favourites and add it in whatever folder you want.

dgreen · « **Reply #8 on:** October 25, 2010, 01:52:16 PM »

Thanks,

Should I post any logs for this issue?

harry 48 · « **Reply #9 on:** October 25, 2010, 02:55:55 PM »

Allan · « **Reply #10 on:** October 25, 2010, 02:58:47 PM »

Quote from: harry 48 on October 25, 2010, 02:55:55 PM

you should post the logs that the expert wants for him to check , after all he could have been spending his free time helping someone else

Once a malware specialist is in the thread, please do not interfere.

SuperDave · « **Reply #11 on:** October 25, 2010, 04:31:41 PM »

Quote

Should I post any logs for this issue?

Yes. Please run these scans and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************
Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

dgreen · « **Reply #12 on:** October 26, 2010, 10:45:10 AM »

Hi,
Here are the three scans you requested.

Super Anti Spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2010 at 04:07 PM

Application Version : 4.44.1000

Core Rules Database Version : 5754
Trace Rules Database Version: 3566

Scan type : Complete Scan
Total Scan Time : 00:58:03

Memory items scanned : 658
Memory threats detected : 0
Registry items scanned : 8037
Registry threats detected : 0
File items scanned : 110571
File threats detected : 3

Adware.Tracking Cookie
   C:\Users\David Maunders\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\David Maunders\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Trojan.Agent/Gen-FakeAlert
   C:\USERS\DAVID MAUNDERS\APPDATA\LOCAL\VIRTUALSTORE\WINDOWS\SYSTEM32\QVUO.SBO

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4953

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

26/10/2010 17:32:22
mbam-log-2010-10-26 (17-32-22).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 266317
Time elapsed: 53 minute(s), 35 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 2
Registry Keys Infected: 113
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 22
Files Infected: 45

Memory Processes Infected:
C:\ProgramData\QueryExplorer\queryexplorer117.exe (Adware.QueryExplorer) -> Unloaded process successfully.
C:\Program Files\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Unloaded process successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.
c:\program files\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f1a1892c-2a6c-4817-98b4-ff81443cba20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e25da6d6-c365-46cf-abaf-dc5893135d7a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167c-483d-a4ba-8b3122abb432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd76b7b-6423-4df0-9a07-84a6cad973a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7f6cfb6a-9227-4bb8-b941-f2b067e76f51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ab0ee208-df60-4fa7-a617-c4269760033e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e12aeab6-7d12-4c07-8e36-5892efb4dafb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2f2c137-a782-4fb5-81af-086156f5eb0a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f1d06c9f-51f0-4476-bede-5ddf91be304e} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a32df2-7413-4fb1-b575-1ac920a17b76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.asyncreporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02aed140-2b62-4b49-8b3b-179020cc39b9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17bf1e05-c0e8-413c-bd1f-a481eea3b8e9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83b2fe06-ba20-4f7d-96c6-6fc3a4e877d3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b32966a2-f7c2-4362-a6cf-399ec8b44110} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc7bd6f1-565c-47ce-a5bb-9c935e77b59d} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cfc16189-8a92-4a29-a940-60248385f426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.cntntdisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.hbguru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573f4abb-a1a2-44ed-9ba9-a8dad40aac46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71e02280-5212-45c3-b174-4d5a35da254f} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{396cfc12-932d-496b-a0a8-5d7201e105e1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60da826c-b1c6-4358-bdec-4837ced45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74c22317-5b90-471f-9ad2-fec049870a16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c1089f63-7afc-4538-b0eb-bea0f4225a57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.kopff.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillanvgtntrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5fe0ceae-cb69-40af-a323-40f94257dacb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65a16874-2ed0-460e-a547-5fe2ec3a13a7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721a8e5-bfdb-4562-9912-9e0531ca616c} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.mozillapsexecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reportdata.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggerimmidiateorrandomts.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shopperreports.triggeronceinday.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21ba420e-161c-413a-b21e-4e42ae1f4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{453db0c5-f41c-4d97-8dd6-cc72ecd5f699} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4afc07d0-59bb-46b8-b097-1a46e88eef71} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6511ce4c-4722-40d0-ad3d-4afa2f50978a} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9bec9b38-bf39-4899-806e-a1c5dfeb60a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86d82bf-d39f-439a-a07c-43eddc6f6ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da6305b9-0869-4235-8c1d-533a65e639e5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6961c59-cfce-4ccd-b794-bc78db98413a} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8b4ec8a-2407-4be0-aee2-0f430d65a90d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dee758b4-c3fb-4a5b-9939-848b9c77a2fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{acc62306-9a63-4864-bd2f-c8825d2d7ea6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89f88394-3828-4d03-a0cf-8203604c3da6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d4233f04-1789-483c-a137-731e8f113dd5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tveqesoxikayi (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fzufulatole (Trojan.Agent.U) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\shopperreports 3.0.497.0 (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790571b0765b5336a898 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Delete on reboot.
C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0 (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\QueryExplorer (Adware.QueryExplorer) -> Delete on reboot.
C:\Program Files\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.
C:\ProgramData\QueryExplorer\queryexplorer117.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\Pltfrm.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\CntntCntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\E4BE.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\ZAN375A.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\ZAN3EB9.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\7BB0.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\nsf35D1.tmp\Resource.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\Temp\nsf3D01.tmp\Resource.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Windows\Temp\QUE6B7E.tmp\upgrade.exe (Adware.Dropper.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files\QueryExplorer\uninstall.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\LaunchHelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Users\David Maunders\AppData\Local\ubevadebib.dll (Trojan.Agent.U) -> Delete on reboot.

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:40:38, on 26/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\aol\1267455950\ee\aolsoftware.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DVB-USB\DVB Terrestrial\EPU8201RC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 436288 bytes, MD5 3374C2A0344BE49368DC342329404B49)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (filesize 1623392 bytes, MD5 D3B868138DEDCEFABC5511458C7D716C)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (filesize 137600 bytes, MD5 F655CDD5506FBB4C40C08C9C6A66F7C8)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 408440 bytes, MD5 1A82C1B9BB43385695EFC3A84F6756A2)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (filesize 842296 bytes, MD5 085940DBB5DB03B0C60774D193A3B48D)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 3F59EDE1444C14CFBAA15C7EBBFE6196)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (filesize 1067352 bytes, MD5 4DC993F947CA0E46DAF3260D78BC9A60)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (filesize 1067352 bytes, MD5 4DC993F947CA0E46DAF3260D78BC9A60)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (filesize 436288 bytes, MD5 3374C2A0344BE49368DC342329404B49)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exeC:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeC:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeC:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeC:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" (filesize 248552 bytes, MD5 93DB1FF92B03D24738A71E6E4992DFD3)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exeC:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume (filesize 250192 bytes, MD5 33A8CC84A281B4C7F7FBAA6DC3CA26A4)
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (filesize 128232 bytes, MD5 BE4C00E9BF06C136A1F63856BB7AAC5E)
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 (filesize 405639 bytes, MD5 2E894F4B62CF32830FC70647A6857256)
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" (filesize 1584640 bytes, MD5 7012901FB0B5487426A9AF963A61D97B)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1267455950\ee\AOLSoftware.exeC:\Program Files\Common Files\AOL\1267455950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeC:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EPU8201RC] C:\Program Files\DVB-USB\DVB Terrestrial\EPU8201RC.exeC:\Program Files\DVB-USB\DVB Terrestrial\EPU8201RC.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (filesize 1090952 bytes, MD5 D594EA4AC1C0E4675EF2F0063950ABEF)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1233920 bytes, MD5 9E35FF7F943AE0FB89192BFE058B7FD4)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (filesize 3882312 bytes, MD5 4DC5EAFC0E9F08B6DF1DFDDAA4DC1937)
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 39408 bytes, MD5 5D61BE7DB55B026A5D61A3EED09D0EAD)
O4 - HKCU\..\Run: [Fzufulatole] rundll32.exe "C:\Users\David Maunders\AppData\Local\ubevadebib.dll",Startup
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm (filesize 2773 bytes, MD5 4C0E542CD640E957D91B32FFEA28BE12)
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (filesize 5601 bytes, MD5 583DF5A69BB42A21E3DB19575FA307FE)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (filesize 187224 bytes, MD5 19737BD6606A96AB311BBC87659626AC)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (filesize 187224 bytes, MD5 19737BD6606A96AB311BBC87659626AC)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (filesize 5601 bytes, MD5 583DF5A69BB42A21E3DB19575FA307FE)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (filesize 5601 bytes, MD5 583DF5A69BB42A21E3DB19575FA307FE)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (filesize 91488 bytes, MD5 3D9895B981AFAC3CE2ABE9C0A63D949A)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dllC:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll (filesize 1324032 bytes, MD5 4504819D18FAC09B6108D8728467E5B2)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exeC:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11512 bytes

Thanks

David

SuperDave · « **Reply #13 on:** October 26, 2010, 01:00:08 PM »

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (filesize 1090952 bytes, MD5 D594EA4AC1C0E4675EF2F0063950ABEF)
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Fzufulatole] rundll32.exe "C:\Users\David Maunders\AppData\Local\ubevadebib.dll",Startup
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*******************************************

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

dgreen · « **Reply #14 on:** November 01, 2010, 03:45:59 AM »

Security Check log:

Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Combo Log:

ComboFix 10-10-31.03 - David Maunders 01/11/2010 9:25.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2012.1015 [GMT 0:00]
Running from: c:\users\David Maunders\Desktop\Commyexe.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\David Maunders\AppData\Local\{90742008-5218-48AF-A7A2-D0DC4F38688C}
c:\users\David Maunders\AppData\Local\{90742008-5218-48AF-A7A2-D0DC4F38688C}\chrome.manifest
c:\users\David Maunders\AppData\Local\{90742008-5218-48AF-A7A2-D0DC4F38688C}\chrome\content\_cfg.js
c:\users\David Maunders\AppData\Local\{90742008-5218-48AF-A7A2-D0DC4F38688C}\chrome\content\overlay.xul
c:\users\David Maunders\AppData\Local\{90742008-5218-48AF-A7A2-D0DC4F38688C}\install.rdf
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1020.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1091.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12F4.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc13F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1624.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc16F1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1727.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1811.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B46.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BB1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F6B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2051.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc210.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2486.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2563.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25B7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc25C0.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc267F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc26E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc277D.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2785.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc29DB.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AB5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B6B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2CAD.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D66.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D75.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc304B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc314E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc31EE.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3589.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3863.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38EB.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3A08.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3CE3.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D6C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3EFA.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3FBD.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc41.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4168.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc428E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4336.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc43E8.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4517.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4582.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4837.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49C8.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BCF.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BDC.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BE1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4BF1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E74.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E98.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EE7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5063.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc539E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53F7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55C1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55D5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5670.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57A9.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57C5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc57CA.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58A7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B53.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B68.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc609C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc610A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc631F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6348.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc63B3.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc64B4.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65FF.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6678.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc67AC.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6903.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6BDF.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D93.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6DF5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F8A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc700A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc701A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc703.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc724C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc76AA.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7974.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A23.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7BD7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8144.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc816E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc81A6.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc823F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc827E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc82B0.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8322.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8434.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8486.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc881A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc889C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8AF0.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B6F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D5E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E2C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc904B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc91F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc951F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9727.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc993F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9964.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9B6C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9ED7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F17.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA1F2.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA219.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2AF.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3A1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA3D5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA86F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9F2.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAA3B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB75.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD5C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD60.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAF50.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5D7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB5E3.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB67C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB8CB.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA20.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA73.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB5D.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC15.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCFC.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD58.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF51.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC203.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC2B7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3E7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC5AE.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC672.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC686.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7BD.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC97F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA43.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB1D.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBB1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCBE5.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE88.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF1E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD093.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD09C.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD0C3.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD127.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3C0.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD51E.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA55.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEB8.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEFE.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE032.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE320.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE4A1.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE939.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF0A8.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF224.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3C7.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF520.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF749.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF83B.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8A8.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8B9.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF97A.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC8F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD13.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE8F.tmp
c:\users\David Maunders\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEBC.tmp
c:\users\David Maunders\AppData\Local\Temp\DD05.tmp
c:\users\DAVIDM~1\AppData\Local\Temp\DD05.tmp
c:\windows\system32\spool\prtprocs\w32x86\CNMPP82.DLL

.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 09:30 . 2010-11-01 09:33   --------   d-----w-   c:\users\David Maunders\AppData\Local\temp
2010-11-01 09:30 . 2010-11-01 09:30   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-10-27 07:32 . 2010-08-26 16:34   1696256   ----a-w-   c:\windows\system32\gameux.dll
2010-10-27 07:32 . 2010-08-26 16:33   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-10-27 07:32 . 2010-08-26 14:23   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 16:34 . 2010-10-26 16:34   388096   ----a-r-   c:\users\David Maunders\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-26 16:34 . 2010-10-26 16:34   --------   d-----w-   c:\program files\Trend Micro
2010-10-26 15:19 . 2010-10-26 15:19   --------   d-----w-   c:\users\David Maunders\AppData\Roaming\Malwarebytes
2010-10-26 15:18 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 15:18 . 2010-10-26 15:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-10-26 15:18 . 2010-10-26 15:18   --------   d-----w-   c:\programdata\Malwarebytes
2010-10-26 15:18 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-10-20 11:25 . 2010-10-20 11:25   --------   d-----w-   c:\users\David Maunders\AppData\Roaming\SUPERAntiSpyware.com
2010-10-20 11:25 . 2010-10-20 11:25   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-10-20 11:24 . 2010-10-20 11:25   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-10-16 06:42 . 2010-10-26 08:13   0   ----a-w-   c:\users\David Maunders\AppData\Local\Gxeki.bin
2010-10-15 07:05 . 2010-10-15 07:05   --------   d-----w-   c:\program files\Common Files\Java
2010-10-15 07:04 . 2010-10-29 13:17   --------   d-----w-   c:\users\David Maunders\AppData\Local\Google
2010-10-15 07:03 . 2010-10-15 07:04   --------   d-----w-   c:\program files\Google
2010-10-15 07:02 . 2010-09-15 03:50   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-14 16:50 . 2010-10-14 16:50   --------   d-----w-   c:\program files\Xvid
2010-10-14 16:50 . 2008-12-13 19:01   77824   ----a-w-   c:\windows\system32\xvid.ax
2010-10-14 16:50 . 2008-12-04 20:46   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-10-14 16:50 . 2008-12-04 20:42   815104   ----a-w-   c:\windows\system32\xvidcore.dll
2010-10-13 06:40 . 2010-09-13 13:56   168960   ----a-w-   c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 06:40 . 2010-09-13 13:56   8147456   ----a-w-   c:\windows\system32\wmploc.DLL
2010-10-13 06:40 . 2010-09-06 16:20   125952   ----a-w-   c:\windows\system32\srvsvc.dll
2010-10-13 06:40 . 2010-09-06 16:19   17920   ----a-w-   c:\windows\system32\netevent.dll
2010-10-13 06:40 . 2010-09-06 13:45   304128   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-10-13 06:40 . 2010-09-06 13:45   145408   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-10-13 06:40 . 2010-09-06 13:45   102400   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2010-10-07 13:18 . 2010-10-07 13:18   --------   d-----w-   c:\programdata\CyberLink
2010-10-07 13:18 . 2010-10-07 13:18   --------   d-----w-   c:\users\David Maunders\AppData\Roaming\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 16:33 . 2010-10-27 07:32   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 07:32   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 07:32   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 07:32   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 10:29   128000   ----a-w-   c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-15 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-11 3563520]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"HostManager"="c:\program files\Common Files\AOL\1267455950\ee\AOLSoftware.exe" [2006-11-14 50736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"EPU8201RC"="c:\program files\DVB-USB\DVB Terrestrial\EPU8201RC.exe" [2006-02-25 339968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-27 08:18   16680   ----a-w-   c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 135664]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe

R3 EPU8201;DVB Terrestrial Driver (Video/TS);c:\windows\system32\DRIVERS\EPU8201.sys [2006-02-10 112640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-01-14 38400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-18 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-18 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-27 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-02-12 45056]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-03-30 48640]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
HsfXAudioService   REG_MULTI_SZ     HsfXAudioService
bthsvcs   REG_MULTI_SZ     BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

2010-11-01 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 07:04]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-15 07:04]

2010-11-01 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-10-28 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-11-01 c:\windows\Tasks\User_Feed_Synchronization-{7744E0AD-2EBF-469C-BAE6-033F12E73F13}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bt.yahoo.com
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Fzufulatole - c:\users\David Maunders\AppData\Local\ubevadebib.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 09:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-01 09:35:28
ComboFix-quarantined-files.txt 2010-11-01 09:35

Pre-Run: 95,058,599,936 bytes free
Post-Run: 95,562,670,080 bytes free

- - End Of File - - 43B97486732CAE3CAC37F8FA5538D986

Computer Hope Forum

News:

Author Topic: Unable to install anything (Read 14500 times)

dgreen

Unable to install anything

Allan

Re: Unable to install anything

dgreen

Re: Unable to install anything

SuperDave

Re: Unable to install anything

dgreen

Re: Unable to install anything

SuperDave

Re: Unable to install anything

dgreen

Re: Unable to install anything

SuperDave

Re: Unable to install anything

dgreen

Re: Unable to install anything

harry 48

Re: Unable to install anything

Allan

Re: Unable to install anything

SuperDave

Re: Unable to install anything

dgreen

Re: Unable to install anything

SuperDave

Re: Unable to install anything

dgreen

Re: Unable to install anything