armorshield virus

February 17, 2010 at 13:16:30
Specs: Windows XP
I have a program called Armorshield attached to Windows Vista security center. Bogus securoty alerts and always go to a screen asking for credit card.


See More: armorshield virus

Report •


#1
February 17, 2010 at 18:21:35
You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
February 18, 2010 at 11:27:44
Ran RKILL - here'e the log:
process terminated by Rkill:
C:\Windows\System32\wtb3C64.exe
C:\Users\MISSAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\DllHost.exe

This got rid of the Armorshield, but it reappeared after re-boot. Later it was caught by Spydoctor and quarantined.

Ran Malwarebytes - here'e the log:
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/18/2010 9:51:04 AM
mbam-log-2010-02-18 (09-51-04).txt

Scan type: Quick Scan
Objects scanned: 100317
Time elapsed: 17 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\bk20856.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\010112010146114101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Users\Miss Annette\AppData\Local\Temp\zpskon_1266313181.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\Windows\fs1235.dat (KoobFace.Trace) -> Quarantined and deleted successfully.


However I ran DDS and it hung up at the end of processing and never terminated to produce a log.

In addition, I had to uninstall and inactive version of Norton 360 that apparently had a firewall activated that was blocking all internet access. this was somehow activated by this virus(s).

All in all - a very nasty virus that also spread across Facebook friends - my wife is very popular now (LOL) since this was done on her laptop - apparently came form an EMAIL.

THANKS FOR ALL THE HELP !!


Report •

#3
February 18, 2010 at 18:12:22
You will need to run Rkill before running DDS or the baddie may cause it to lock up. It you restared at a request from Malwarebytes then the the baddie had restarted and probably caused the problem.

If that is not the case the download the following scanner, run rkill, then run RSIT and post its log.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.


Report •

Related Solutions

#4
February 20, 2010 at 10:18:58
Logfile of random's system information tool 1.06 (written by random/random)
Run by Miss Annette at 2010-02-20 10:54:17
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 98 GB (68%) free of 143 GB
Total RAM: 1789 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:43 AM, on 2/20/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atashost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\sYSteM32\SvchOst.eXE
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\helppane.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\explorer.exe
C:\Users\Miss Annette\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Miss Annette.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.a...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.a...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\tbSwag.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArmorShield] "C:\Program Files\ArmorShield Software\ArmorShield\ArmorShield.exe" -min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [wtb3C64.exe] C:\Windows\system32\wtb3C64.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 10666 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{33BE7DD5-7C2F-4028-803C-CA8EDD8C66FF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
ALOT Toolbar BHO - C:\Program Files\alot\bin\alot.dll [2009-06-01 807208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
Swag Bucks Toolbar - C:\Program Files\Swag_Bucks\tbSwag.dll [2009-08-30 2259480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
XBTBPos00 Class - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-02-24 2443264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-02-24 2443264]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files\alot\bin\alot.dll [2009-06-01 807208]
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - Swag Bucks Toolbar - C:\Program Files\Swag_Bucks\tbSwag.dll [2009-08-30 2259480]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-14 6253088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-02 809480]
"eRecoveryService"= []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1049896]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2009-07-08 472112]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-07 34040]
"ArmorShield"=C:\Program Files\ArmorShield Software\ArmorShield\ArmorShield.exe -min []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"wtb3C64.exe"=C:\Windows\system32\wtb3C64.exe []
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Miss Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dea72e1-f0a2-11de-a708-001d72e47b74}]
shell\AutoRun\command - E:\PortableRoboForm.exe
shell\RoboForm2Go\command - E:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53663baa-2386-11de-99a8-001d72e47b74}]
shell\AutoRun\command - E:\PortableRoboForm.exe
shell\RoboForm2Go\command - E:\PortableRoboForm.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-20 10:54:20 ----D---- C:\Program Files\trend micro
2010-02-20 10:54:17 ----D---- C:\rsit
2010-02-20 10:20:53 ----D---- C:\AntiVirus Utilities
2010-02-18 10:43:56 ----A---- C:\Windows\system32\65z3add59re2736.dll
2010-02-18 09:31:32 ----D---- C:\Users\Miss Annette\AppData\Roaming\Malwarebytes
2010-02-18 09:31:11 ----D---- C:\ProgramData\Malwarebytes
2010-02-18 09:31:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 09:25:06 ----A---- C:\Windows\system32\42c9spyzare856.dll
2010-02-17 20:48:22 ----D---- C:\ProgramData\WindowsSearch
2010-02-17 15:35:27 ----A---- C:\Windows\153579py51z.dll
2010-02-17 11:37:51 ----A---- C:\Windows\rdr_1266424664.exe
2010-02-17 11:01:11 ----A---- C:\Windows\system32\5580worz199.dll
2010-02-17 11:01:11 ----A---- C:\Windows\5a9aaddwz5e725.dll
2010-02-16 17:18:48 ----A---- C:\Windows\rdr_1266358724.exe
2010-02-16 16:26:00 ----A---- C:\Windows\system32\3cdd9ddwa5ez01.dll
2010-02-16 15:19:37 ----A---- C:\Windows\rdr_1266351561.exe
2010-02-16 14:40:16 ----A---- C:\Windows\ntbtlog.txt
2010-02-16 12:59:43 ----A---- C:\Windows\BDTSupport.dll.old
2010-02-16 12:59:42 ----A---- C:\Windows\PCTBDCore.dll.old
2010-02-16 12:57:38 ----D---- C:\Users\Miss Annette\AppData\Roaming\PC Tools
2010-02-16 12:57:38 ----D---- C:\ProgramData\PC Tools
2010-02-16 12:57:38 ----D---- C:\Program Files\Spyware Doctor
2010-02-16 12:57:38 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-16 12:34:16 ----D---- C:\Users\Miss Annette\AppData\Roaming\AVG8
2010-02-16 12:27:08 ----A---- C:\Windows\rdr_1266341225.exe
2010-02-16 12:06:27 ----D---- C:\Program Files\ArmorShield Software
2010-02-16 12:06:23 ----A---- C:\Windows\system32\z4679virus59b.exe
2010-02-16 12:06:23 ----A---- C:\Windows\system32\z4520hackt95l12b.exe
2010-02-16 12:06:23 ----A---- C:\Windows\system32\z2c4dow9loader5879.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\9z675troj478.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\7bd2dow5loazer954.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\78z595wnloader1573.exe
2010-02-16 12:06:23 ----A---- C:\Windows\system32\5f3aste9l244z.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\5a79steal825z.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\50z299orm9b.dll
2010-02-16 12:06:23 ----A---- C:\Windows\system32\23539ziru9188.exe
2010-02-16 12:06:23 ----A---- C:\Windows\9z559virus107.exe
2010-02-16 12:06:23 ----A---- C:\Windows\90ff5ddware264z.exe
2010-02-16 12:06:23 ----A---- C:\Windows\5zathief9245.exe
2010-02-16 12:06:23 ----A---- C:\Windows\5fecaddwa9z31755.dll
2010-02-16 12:06:23 ----A---- C:\Windows\3455v9r90z.exe
2010-02-16 12:06:23 ----A---- C:\Windows\1de9download5z34.exe
2010-02-16 12:06:23 ----A---- C:\Windows\19265roj136z.dll
2010-02-16 12:06:23 ----A---- C:\Windows\110bz5y9are1018.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\z1bfst5al1965.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\99bspzrse957.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\95571ha5kzool535.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\9397viru97zc5.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\90z3vi5us1839.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\90531vi5usfdz.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\8392not-a-vzrusc5.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\645b9te5l238z.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\5bbfspyz9re585.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\5899steal2458z.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\4z8asp5ware2589.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\409fspywa5e2299z.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\3f70s9ywa5e94z.dll
2010-02-16 12:06:22 ----A---- C:\Windows\system32\352zbackd9or5503.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\2585sp9mzot3dc.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\24375iz1995.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\16584t9oz592.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\115159acktool26z.exe
2010-02-16 12:06:22 ----A---- C:\Windows\system32\11151hzcktool19e.dll
2010-02-16 12:06:22 ----A---- C:\Windows\9844vzr3125.dll
2010-02-16 12:06:22 ----A---- C:\Windows\75ebthrzat93599.exe
2010-02-16 12:06:22 ----A---- C:\Windows\69a7t5ief18z9.dll
2010-02-16 12:06:22 ----A---- C:\Windows\65b9ba5zdoor2079.dll
2010-02-16 12:06:22 ----A---- C:\Windows\32563zpam5o96aa.dll
2010-02-16 12:06:22 ----A---- C:\Windows\28596spz5865.exe
2010-02-16 12:06:22 ----A---- C:\Windows\25617tr9j18fz.dll
2010-02-16 12:06:22 ----A---- C:\Windows\115spz9bot5dc.dll
2010-02-16 12:06:21 ----A---- C:\Windows\system32\z5691spy335.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\98995pambot41z.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\5z760worm29e.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\5ezspa5s91471.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\59b695ief2028z.dll
2010-02-16 12:06:21 ----A---- C:\Windows\system32\58z9spars51941.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\4a549hief2701z.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\29965spy65z.dll
2010-02-16 12:06:21 ----A---- C:\Windows\system32\27908wormz45.dll
2010-02-16 12:06:21 ----A---- C:\Windows\system32\19389sp53dz.exe
2010-02-16 12:06:21 ----A---- C:\Windows\system32\15905s9ambotz94.exe
2010-02-16 12:06:21 ----A---- C:\Windows\99d4spar5ez575.dll
2010-02-16 12:06:21 ----A---- C:\Windows\963vizu53f5.exe
2010-02-16 12:06:21 ----A---- C:\Windows\7f285ownloadez1519.exe
2010-02-16 12:06:21 ----A---- C:\Windows\248za5dware1989.dll
2010-02-16 12:06:21 ----A---- C:\Windows\19b3back9oorz25.dll
2010-02-16 12:06:21 ----A---- C:\Windows\137265pam9ot4z7.exe
2010-02-16 12:06:21 ----A---- C:\Windows\10849ackd5orz150.dll
2010-02-16 12:01:55 ----A---- C:\Windows\rdr_1266339713.exe
2010-02-16 11:19:13 ----A---- C:\Windows\rdr_1266337145.exe
2010-02-15 22:33:05 ----A---- C:\Windows\rdr_1266291181.exe
2010-02-15 22:30:49 ----A---- C:\Windows\system32\oko6.dll
2010-02-10 11:12:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 11:12:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 11:12:01 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 11:12:00 ----A---- C:\Windows\system32\avicap32.dll
2010-01-22 10:54:55 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 10:54:54 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 10:54:53 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 10:54:53 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 10:54:53 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\occache.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 10:54:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 10:54:52 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 10:54:52 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-02-20 10:54:37 ----D---- C:\Windows\Temp
2010-02-20 10:54:20 ----RD---- C:\Program Files
2010-02-20 10:39:12 ----D---- C:\Windows\system32\drivers
2010-02-20 10:35:36 ----AD---- C:\ProgramData\TEMP
2010-02-20 10:22:21 ----SHD---- C:\Windows\Installer
2010-02-20 10:22:02 ----D---- C:\Windows\system32\zh-TW
2010-02-20 10:22:02 ----D---- C:\Windows\system32\zh-HK
2010-02-20 10:22:02 ----D---- C:\Windows\system32\tr-TR
2010-02-20 10:22:02 ----D---- C:\Windows\system32\sv-SE
2010-02-20 10:22:02 ----D---- C:\Windows\system32\pt-BR
2010-02-20 10:22:02 ----D---- C:\Windows\system32\nl-NL
2010-02-20 10:22:02 ----D---- C:\Windows\system32\nb-NO
2010-02-20 10:22:02 ----D---- C:\Windows\system32\ko-KR
2010-02-20 10:22:02 ----D---- C:\Windows\system32\it-IT
2010-02-20 10:22:02 ----D---- C:\Windows\system32\he-IL
2010-02-20 10:22:02 ----D---- C:\Windows\system32\fr-FR
2010-02-20 10:22:02 ----D---- C:\Windows\system32\fi-FI
2010-02-20 10:22:02 ----D---- C:\Windows\system32\es-ES
2010-02-20 10:22:02 ----D---- C:\Windows\system32\en-US
2010-02-20 10:22:02 ----D---- C:\Windows\system32\el-GR
2010-02-20 10:22:02 ----D---- C:\Windows\system32\de-DE
2010-02-20 10:22:02 ----D---- C:\Windows\system32\da-DK
2010-02-20 10:22:02 ----D---- C:\Windows\system32\ar-SA
2010-02-20 10:22:02 ----D---- C:\Windows\System32
2010-02-20 10:21:51 ----SHD---- C:\System Volume Information
2010-02-18 23:08:41 ----D---- C:\Windows\system32\catroot2
2010-02-18 18:28:54 ----D---- C:\Windows
2010-02-18 13:44:31 ----D---- C:\ProgramData\Symantec
2010-02-18 13:44:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-18 13:32:15 ----D---- C:\Windows\system32\catroot
2010-02-18 13:32:14 ----D---- C:\Windows\inf
2010-02-18 13:28:33 ----D---- C:\Program Files\Common Files
2010-02-18 10:54:35 ----SD---- C:\Users\Miss Annette\AppData\Roaming\Microsoft
2010-02-18 09:54:57 ----D---- C:\Windows\PCHEALTH
2010-02-18 09:44:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-18 09:31:11 ----HD---- C:\ProgramData
2010-02-17 21:08:04 ----D---- C:\Windows\system32\Msdtc
2010-02-17 21:08:00 ----D---- C:\Windows\system32\wbem
2010-02-17 21:07:16 ----D---- C:\Windows\system32\config
2010-02-17 21:06:33 ----D---- C:\Windows\Tasks
2010-02-17 21:06:32 ----D---- C:\Windows\system32\Tasks
2010-02-17 21:06:32 ----D---- C:\Windows\system32\spool
2010-02-17 21:06:29 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-17 21:05:31 ----D---- C:\Windows\registration
2010-02-17 20:32:31 ----D---- C:\Program Files\eMachines GameZone
2010-02-16 12:59:02 ----D---- C:\Windows\winsxs
2010-02-16 12:51:30 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-16 12:44:39 ----D---- C:\ProgramData\Electronic Arts
2010-02-12 17:07:43 ----A---- C:\Windows\BRWMARK.INI
2010-02-11 11:09:04 ----D---- C:\Program Files\Windows Mail
2010-02-02 19:57:37 ----SD---- C:\Windows\Downloaded Program Files
2010-02-01 14:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-28 10:31:29 ----D---- C:\Program Files\Internet Explorer
2010-01-23 09:55:23 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 oko6;oko6; \??\C:\Windows\system32\drivers\oko6.sys [2010-02-15 32768]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-06-11 15392]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2009-07-07 26672]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2009-07-07 27696]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-14 2155416]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-24 199472]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-05-20 303616]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-04-27 705024]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 WisINT15;WisINT15; \??\c:\Windows\System32\OEM\factory\WisINT15.SYS []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-03-06 20376]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-07-03 692224]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 ETService;Empowering Technology Service; C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 okosrv;okosrv; C:\Windows\sYSteM32\SvchOst.eXE [2008-01-20 21504]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


Report •

#5
February 20, 2010 at 10:20:22
Here's the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Miss Annette at 13:11:40.95 on Sat 02/20/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.869 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atashost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\sYSteM32\SvchOst.eXE -k okogrp
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Miss Annette\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.swagbucks.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1108&m=d620
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1108&m=d620
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\fast browser search\ie\tbhelper.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: ALOT Toolbar BHO: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Fast Browser Search: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [wtb3C64.exe] c:\windows\system32\wtb3C64.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [ArmorShield] "c:\program files\armorshield software\armorshield\ArmorShield.exe" -min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\missan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-16 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-17 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-17 59664]
R1 oko6;oko6;c:\windows\system32\drivers\oko6.sys [2010-2-15 32768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-16 233136]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-5-14 20376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2008-11-18 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 okosrv;okosrv;c:\windows\system32\SvchOst.eXE -k okogrp [2008-1-20 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-16 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-16 1141712]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-2-16 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-17 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2008-8-27 22072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-11-18 30192]

=============== Created Last 30 ================

2010-02-20 17:58:50 0 d-----w- c:\programdata\RoboForm
2010-02-20 15:54:20 0 d-----w- c:\program files\trend micro
2010-02-20 15:20:53 0 d-----w- C:\AntiVirus Utilities
2010-02-18 15:43:56 5017 ----a-w- c:\windows\system32\65z3add59re2736.dll
2010-02-18 14:31:32 0 d-----w- c:\users\missan~1\appdata\roaming\Malwarebytes
2010-02-18 14:31:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 14:31:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 14:31:11 0 d-----w- c:\programdata\Malwarebytes
2010-02-18 14:31:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 14:25:06 3335 ----a-w- c:\windows\system32\42c9spyzare856.dll
2010-02-18 14:25:06 10439 ----a-w- c:\windows\system32\308959pz4a0.ocx
2010-02-18 02:11:02 9727 ----a-w- c:\windows\system32\3d0ddo9nl5aderz505.cpl
2010-02-18 02:10:27 8791 ----a-w- c:\windows\system32\2526zpambo549f.bin
2010-02-18 02:10:27 4424 ----a-w- c:\windows\4259spyzare1273.ocx
2010-02-18 01:48:22 0 d-----w- c:\programdata\WindowsSearch
2010-02-17 20:35:28 17248 ----a-w- c:\windows\system32\1c67t5i9f1z96.ocx
2010-02-17 20:35:27 5891 ----a-w- c:\windows\153579py51z.dll
2010-02-17 18:54:31 59664 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-02-17 18:54:30 51984 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-02-17 18:54:30 33552 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-02-17 16:37:51 104960 ----a-w- c:\windows\rdr_1266424664.exe
2010-02-17 16:01:11 18143 ----a-w- c:\windows\system32\5580worz199.dll
2010-02-17 16:01:11 14199 ----a-w- c:\windows\5a9aaddwz5e725.dll
2010-02-16 22:18:48 195072 ----a-w- c:\windows\rdr_1266358724.exe
2010-02-16 21:27:10 0 d-----w- c:\users\miss annette\Option
2010-02-16 21:26:00 10728 ----a-w- c:\windows\system32\3cdd9ddwa5ez01.dll
2010-02-16 20:19:37 113770 ----a-w- c:\windows\rdr_1266351561.exe
2010-02-16 17:59:43 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-16 17:59:42 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-16 17:57:58 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-16 17:57:58 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-16 17:57:58 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-16 17:57:51 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-16 17:57:51 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-16 17:57:51 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-16 17:57:51 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-16 17:57:44 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-16 17:57:44 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-16 17:57:38 0 d-----w- c:\users\missan~1\appdata\roaming\PC Tools
2010-02-16 17:57:38 0 d-----w- c:\programdata\PC Tools
2010-02-16 17:57:38 0 d-----w- c:\program files\Spyware Doctor
2010-02-16 17:57:38 0 d-----w- c:\program files\common files\PC Tools
2010-02-16 17:34:16 0 d-----w- c:\users\missan~1\appdata\roaming\AVG8
2010-02-16 17:27:08 195072 ----a-w- c:\windows\rdr_1266341225.exe
2010-02-16 17:16:21 3917 ----a-w- c:\windows\system32\7675szywa9e528.cpl
2010-02-16 17:16:21 3690 ----a-w- c:\windows\system32\3ab0th5e931z4.ocx
2010-02-16 17:16:21 2994 ----a-w- c:\windows\system32\59c5viz3150.bin
2010-02-16 17:16:21 17639 ----a-w- c:\windows\system32\69149hiefz50.cpl
2010-02-16 17:06:27 0 d-----w- c:\program files\ArmorShield Software
2010-02-16 17:01:55 195072 ----a-w- c:\windows\rdr_1266339713.exe
2010-02-16 16:19:13 195072 ----a-w- c:\windows\rdr_1266337145.exe
2010-02-16 03:33:05 195584 ----a-w- c:\windows\rdr_1266291181.exe
2010-02-16 03:30:49 32768 ----a-w- c:\windows\system32\drivers\oko6.sys
2010-02-16 03:30:49 101888 ----a-w- c:\windows\system32\oko6.dll
2010-02-10 16:11:58 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:11:58 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

==================== Find3M ====================

2010-02-18 18:32:13 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-18 18:32:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-18 18:32:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-18 15:50:50 848 ----a-w- c:\users\missan~1\appdata\roaming\wklnhst.dat
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 10:43:45 8044 ----a-w- c:\windows\3fz5steal2693.exe
2009-12-27 13:17:30 12745 ----a-w- c:\windows\5cc0addw9re553z.exe
2009-12-25 10:06:25 6068 ----a-w- c:\windows\6z2evir30495.bin
2009-12-15 10:41:53 15044 ----a-w- c:\windows\system32\4z465ddware1439.bin
2009-12-14 12:27:50 15079 ----a-w- c:\windows\z6089tro958b.exe
2009-12-14 07:09:40 2854 ----a-w- c:\windows\system32\531589orm7z5.dll
2009-12-12 18:06:52 11227 ----a-w- c:\windows\system32\453595rm4dz.dll
2009-12-08 20:52:17 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-06 23:16:33 18243 ----a-w- c:\windows\system32\975asp5wzre2748.bin
2009-12-05 01:39:52 3345 ----a-w- c:\windows\32zb9ir5046.dll
2009-12-04 06:37:05 9066 ----a-w- c:\windows\system32\50z9thief15255.dll
2009-12-03 14:12:47 15070 ----a-w- c:\windows\system32\c58szeal28549.bin
2009-11-28 14:23:14 11956 ----a-w- c:\windows\system32\5z580tro958f.dll
2009-11-25 03:46:06 8874 ----a-w- c:\windows\32656vir9z1615.bin
2008-08-27 22:45:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:18:48.75 ===============


Report •

#6
February 20, 2010 at 17:29:06
Download Combofix from internet explorer if possible.

You will not need to disable Malwarebytes.

Remember..your AVG antivirus, Windows Defender, and Spyware Doctor must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
February 21, 2010 at 18:45:53
Posting ComboFix log in seperate posts:

ComboFix 10-02-21.02 - Miss Annette 02/21/2010 18:49:20.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.969 [GMT -5:00]
Running from: c:\users\Miss Annette\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10795z5y2009.ocx
c:\windows\10813hacktooz1915.dll
c:\windows\10849ackd5orz150.dll
c:\windows\1085h5cktooz998.exe
c:\windows\110bz5y9are1018.dll
c:\windows\11408h9ckto5z5f1.exe
c:\windows\114z9v5ru9541.dll
c:\windows\115spz9bot5dc.dll
c:\windows\1174thr9at58z67.dll
c:\windows\1245s5ywaze2798.dll
c:\windows\125379pz400.exe
c:\windows\125dthr9at1029z.bin
c:\windows\12z97troj556.cpl
c:\windows\13005wzrm5595.cpl
c:\windows\137265pam9ot4z7.exe
c:\windows\13925spzm5otd6.dll
c:\windows\14074noz-a-vi5u9d9.exe
c:\windows\14263szambot795.ocx
c:\windows\14955spazbot196.cpl
c:\windows\149z15roj249.ocx
c:\windows\15141spambzt497.bin
c:\windows\153579py51z.dll
c:\windows\15590spambo5288z.bin
c:\windows\15995spy14z.dll
c:\windows\15c5z9reat5241.exe
c:\windows\16157spamboz4d9.ocx
c:\windows\1647d9znloader925.cpl
c:\windows\16925noz-a-vir5s623.dll
c:\windows\16991spyz59.dll
c:\windows\17199not-a-virz539e.ocx
c:\windows\17280haczto5l906.cpl
c:\windows\17540zp9469.dll
c:\windows\1796vzr5180.exe
c:\windows\1839zhackt5ol1639.exe
c:\windows\18558tr9jz57.exe
c:\windows\1859threaz8842.cpl
c:\windows\18993spambz525a.cpl
c:\windows\190z9vir5s294.ocx
c:\windows\19265roj136z.dll
c:\windows\19629nzt-a-viru9755.exe
c:\windows\19695szambo5792.cpl
c:\windows\196z5spamb9t26b.exe
c:\windows\19866sp5mbot2a9z.exe
c:\windows\19896wozm359.exe
c:\windows\19b3back9oorz25.dll
c:\windows\19c0viz1575.dll
c:\windows\19z41worm599.bin
c:\windows\1ad9zddware26065.exe
c:\windows\1azbsteal5903.exe
c:\windows\1c20st5al47z9.cpl
c:\windows\1c6fba5kzo9r591.cpl
c:\windows\1d75backzoor369.cpl
c:\windows\1de9download5z34.exe
c:\windows\1e95backdooz13539.exe
c:\windows\1efbbaczd95r2826.cpl
c:\windows\1z584v9rus2f5.dll
c:\windows\1z605s9y2a3.ocx
c:\windows\2075zh5ef8989.exe
c:\windows\20798v5zus598.ocx
c:\windows\20eabz5kdo9r3246.exe
c:\windows\21264vi59s4z3.cpl
c:\windows\21368spa9bzt4e5.bin
c:\windows\213709pz5e3.bin
c:\windows\216fdown5oader1779z.bin
c:\windows\216z5not-a-vi9us75a.cpl
c:\windows\21d3thief15z59.dll
c:\windows\22035vi95z18a.dll
c:\windows\22180vzr5s249.bin
c:\windows\221z4n9t-a-v5rus5e1.ocx
c:\windows\22354not-a-vir5s93z.exe
c:\windows\22399s5zmbot28e.dll
c:\windows\22780zo5-a9virus3c7.bin
c:\windows\22805zcktool39.cpl
c:\windows\22z295rojbd.cpl
c:\windows\23075vi9usza9.ocx
c:\windows\2399sp5rse1z44.cpl
c:\windows\23z2v592778.exe
c:\windows\2485spzrse16589.ocx
c:\windows\248za5dware1989.dll
c:\windows\2521hacktoo944bz.ocx
c:\windows\25546sp99bz.cpl
c:\windows\25559troz192.ocx
c:\windows\25565vizus9b5.bin
c:\windows\25617tr9j18fz.dll
c:\windows\257spzrs92905.bin
c:\windows\25825hacztool39c.dll
c:\windows\25z28v9rus195.exe
c:\windows\25z3thief497.cpl
c:\windows\25zthief95455.exe
c:\windows\26355zack5ool59d.cpl
c:\windows\26415iru947bz.exe
c:\windows\2645not-95virzs499.bin
c:\windows\265579zy1da.ocx
c:\windows\26653spam9zt5bb.ocx
c:\windows\2678z9arse1551.ocx
c:\windows\26b9t5rezt6381.exe
c:\windows\26z855py5b9.bin
c:\windows\27217not95-virzs639.dll
c:\windows\275z69py237.ocx
c:\windows\27607troz9e5.dll
c:\windows\277zthreat950685.ocx
c:\windows\279fv5rz69.dll
c:\windows\27z97tr5j9a.bin
c:\windows\28596spz5865.exe
c:\windows\28669noz-95virus58c.cpl
c:\windows\286fs5yzare9225.cpl
c:\windows\28849wor9ze5.cpl
c:\windows\28cbspywa5z1593.exe
c:\windows\29265not-azviru514e.exe
c:\windows\29457wozm659.bin
c:\windows\29458wozm5e9.ocx
c:\windows\2963bazkdo5r932.cpl
c:\windows\29817hzckto5l3219.bin
c:\windows\29824hackto5l4zb.exe
c:\windows\2990v5rz482.exe
c:\windows\29c0a5d9zre3250.ocx
c:\windows\29ddown5oazer2914.ocx
c:\windows\29z22vir597e8.ocx
c:\windows\2a0zspyw9re485.cpl
c:\windows\2a5zdownloader9551.ocx
c:\windows\2b49backdoo5z861.dll
c:\windows\2e22thz9f2035.dll
c:\windows\2e2zthr9at8598.exe
c:\windows\2e3bsp59sz2077.exe
c:\windows\2z134hack5o9l572.cpl
c:\windows\2z995hacktool97c.cpl
c:\windows\30195ackdozr1512.cpl
c:\windows\30511spam5ot5zf9.exe
c:\windows\30dzt95ef1776.cpl
c:\windows\30ebth5zf2449.ocx
c:\windows\30z4ha59tool349.exe
c:\windows\30z5wo951fc.dll
c:\windows\311399az5tool3de.exe
c:\windows\315azdd9are956.exe
c:\windows\3167z9ackto5l6cd.cpl
c:\windows\31b29par5ez65.cpl
c:\windows\31b6backd95z445.cpl
c:\windows\31z51tr5j519.exe
c:\windows\32044v9ru55z4.bin
c:\windows\32489zorm4855.ocx
c:\windows\32563zpam5o96aa.dll
c:\windows\32656vir9z1615.bin
c:\windows\329szy9ar5123.ocx
c:\windows\32z83spy559.ocx
c:\windows\32zb9ir5046.dll
c:\windows\3386spz579.bin
c:\windows\3455v9r90z.exe
c:\windows\3520s5am9oz522.ocx
c:\windows\3556z9acktool40b.dll
c:\windows\3591zspy950.bin
c:\windows\35d9vzr545.exe
c:\windows\3611tzrea513916.ocx
c:\windows\36c9backdooz765.cpl
c:\windows\386eb59kdooz2216.ocx
c:\windows\38z7threat111549.cpl
c:\windows\39034tr5z54a.cpl
c:\windows\39765viruz590.exe
c:\windows\3985addwar91485z.cpl
c:\windows\3992troj1z5.ocx
c:\windows\39a3downl9zder655.cpl
c:\windows\39a5virz0059.cpl
c:\windows\3b08zpar5e1949.exe
c:\windows\3bz69hief5255.dll
c:\windows\3e1zdownlo5der2954.bin
c:\windows\3fz5steal2693.exe
c:\windows\3z149spa9bot85.dll
c:\windows\4259spyzare1273.ocx
c:\windows\44e1thre5t9090z.cpl
c:\windows\4559thi9z1099.ocx
c:\windows\45e5vi92293z.bin
c:\windows\45z49ir1925.bin
c:\windows\45z69i5us34b.exe
c:\windows\4709steaz13845.exe
c:\windows\4751s5a9sez362.exe
c:\windows\4769bac5door334z.cpl
c:\windows\477d5i9z439.bin
c:\windows\47875hreatz9831.bin
c:\windows\4921thre5t6541z.cpl
c:\windows\4995virzs9ff.ocx
c:\windows\49d55p9zse1640.bin
c:\windows\4a7cbackdzo51569.ocx
c:\windows\4c10b9ckdooz1675.bin
c:\windows\4cd8spa5sez799.ocx
c:\windows\4d07backd9oz552.ocx
c:\windows\4f4fbackdz9r5144.dll
c:\windows\4z0cth95f1534.ocx
c:\windows\50227not9z-virus265.exe
c:\windows\505z9worm259.ocx
c:\windows\507559roj58z.ocx
c:\windows\5094th9ez27985.cpl
c:\windows\50z4backdoor9320.exe
c:\windows\5111sp9m5oz2c1.cpl
c:\windows\5150thze9t3440.bin
c:\windows\5153sp59bzt13.dll
c:\windows\5199nzt5a-virusf5.exe
c:\windows\51a1thi9z2980.bin
c:\windows\5226vir3936z.ocx
c:\windows\5229not-a-vi9us10z.bin
c:\windows\5250b9ckdoorz940.dll
c:\windows\5299zddwar51144.cpl
c:\windows\529z95r464.bin
c:\windows\52z04t9ojd1.bin
c:\windows\5313zteal995.exe
c:\windows\53409spy2ez.bin
c:\windows\53889pzware5187.exe
c:\windows\538d9tealz752.exe
c:\windows\53a5zteal2829.dll
c:\windows\5435s5ywar9z93.bin
c:\windows\54398not-a-virzs7a9.exe
c:\windows\5445szy59a.dll
c:\windows\54712hackz9ol720.exe
c:\windows\549at5reat765z.dll
c:\windows\551not-azvir9s247.bin
c:\windows\5527thzef2999.ocx
c:\windows\553csp5rse998z.dll
c:\windows\5549spywarez060.exe
c:\windows\558z0sp92be.bin
c:\windows\558z9teal387.bin
c:\windows\55b15hr9at3z02.cpl
c:\windows\55e79h5ef1z60.ocx
c:\windows\55z4s9ywa5e2405.bin
c:\windows\55zbspyware16939.ocx
c:\windows\563z0t9oj653.exe
c:\windows\5720tz9ef1218.dll
c:\windows\5751stea9292z5.dll
c:\windows\5771sp5zare999.ocx
c:\windows\57d9spy5zre2473.cpl
c:\windows\585aadd9are860z.exe
c:\windows\5900zworm77.dll
c:\windows\59040hacktool4fz.exe
c:\windows\59167szy9a9.ocx
c:\windows\5917zir138.dll
c:\windows\5928b5ckdoor1z91.bin
c:\windows\59436not-a-viruszb9.ocx
c:\windows\597ztroj55e.ocx
c:\windows\59d1szeal3083.cpl
c:\windows\59z8sparse841.exe
c:\windows\5a35zir1359.dll
c:\windows\5a5bthzef1099.ocx
c:\windows\5a6athrezt9159.ocx
c:\windows\5a9aaddwz5e725.dll
c:\windows\5b72threat568z9.ocx
c:\windows\5ba1spywa9z297.exe
c:\windows\5bcfspzwa9e3058.cpl
c:\windows\5c2zvir9811.exe
c:\windows\5c85dow5l9adzr1954.dll
c:\windows\5cc0addw9re553z.exe
c:\windows\5d59downloader15z.ocx
c:\windows\5d73st95z2735.bin
c:\windows\5e3daddwz9e13755.bin
c:\windows\5e60zddwa591391.cpl
c:\windows\5e96thiez25539.ocx
c:\windows\5fecaddwa9z31755.dll
c:\windows\5z19bac95oor1152.exe
c:\windows\5z91thief548.ocx
c:\windows\5z9steal1713.dll
c:\windows\5za19ddware1327.bin
c:\windows\5zathief9245.exe
c:\windows\60acsp5w9re1077z.ocx
c:\windows\6157d9wnloader17z5.ocx
c:\windows\6159troz5799.ocx
c:\windows\61z5vir9165.ocx
c:\windows\6224ztea917995.ocx
c:\windows\6284troj49z5.dll
c:\windows\6304zp5r9e303.exe
c:\windows\63209ackto5l5z4.cpl
c:\windows\63abdzwnl9a5er24.exe
c:\windows\6499hackto5l7za.bin
c:\windows\654do9nloazer753.dll
c:\windows\65b9ba5zdoor2079.dll
c:\windows\65d1dow95oadez1570.exe
c:\windows\66z8t9oj596.ocx
c:\windows\693caddwz5e290.dll
c:\windows\6971add95re410z.exe
c:\windows\69a7t5ief18z9.dll
c:\windows\6d5a9hief5491z.exe
c:\windows\6e75ste9lz45.exe
c:\windows\6ff9v5r35z.bin
c:\windows\6z2evir30495.bin
c:\windows\7152troz7099.cpl
c:\windows\719zw5rm599.cpl
c:\windows\720a9hzeat1856.exe
c:\windows\7220not-a-9i5us7fz.bin
c:\windows\7223zroj955.dll
c:\windows\725zvir2359.ocx
c:\windows\726z5y9e.cpl
c:\windows\7292sp5mboz50f9.ocx
c:\windows\72fszyw5re9702.dll
c:\windows\73e3d9w5loader2z96.bin
c:\windows\747zad9w5re1239.dll
c:\windows\7569vizus217.ocx
c:\windows\75ebthrzat93599.exe
c:\windows\774z5dd9are704.ocx


Report •

#8
February 21, 2010 at 18:47:09
Part 2:

c:\windows\781z5pambot5569.dll
c:\windows\7862hacktoo5797z.ocx
c:\windows\7892azdw5re2656.bin
c:\windows\7905spyware60z.bin
c:\windows\7a1c5irz4299.cpl
c:\windows\7ab6st9al5146z.ocx
c:\windows\7b9zsteal1524.exe
c:\windows\7bc5pa9se16z0.ocx
c:\windows\7d49t5zef2282.ocx
c:\windows\7d87thre59346z.dll
c:\windows\7e9zback5oor2245.cpl
c:\windows\7f285ownloadez1519.exe
c:\windows\7fc3thr9zt20651.bin
c:\windows\7z5fthi9f596.dll
c:\windows\7z92sp5951.exe
c:\windows\8259not-9-vir5sz80.exe
c:\windows\8590virus566z.ocx
c:\windows\88z9spam5ot1e9.bin
c:\windows\8905hacktool7z4.dll
c:\windows\8939tro57fz.exe
c:\windows\8956sp9672z.ocx
c:\windows\9067virus15dz.cpl
c:\windows\90ff5ddware264z.exe
c:\windows\9146downlo5zer8.dll
c:\windows\920zvir2351.exe
c:\windows\9224wzrm3dd5.ocx
c:\windows\92545troj5d5z.ocx
c:\windows\92702not-a-vir5s54fz.dll
c:\windows\9291ha5kt9ol2z7.bin
c:\windows\930th5zf2157.ocx
c:\windows\932z3troj570.ocx
c:\windows\93915virus16ez.ocx
c:\windows\95c4zddware2635.dll
c:\windows\9629vir18z05.ocx
c:\windows\963vizu53f5.exe
c:\windows\9753addwzre1920.cpl
c:\windows\975zvi5542.exe
c:\windows\97905hacktoz5b9.ocx
c:\windows\9844vzr3125.dll
c:\windows\9896not-a-viruz95b.ocx
c:\windows\98ecbackdoor5z99.dll
c:\windows\9944spz32d5.ocx
c:\windows\99464not-a-viruz78c5.ocx
c:\windows\9959virus335z.cpl
c:\windows\9979s9z58.ocx
c:\windows\9982thiefz955.ocx
c:\windows\99azown5oader858.ocx
c:\windows\99d4spar5ez575.dll
c:\windows\9cfsparse5987z.cpl
c:\windows\9e685tealz169.dll
c:\windows\9f2fthrzat12951.exe
c:\windows\9z559virus107.exe
c:\windows\a59spyware2z76.bin
c:\windows\af5spars9240z.dll
c:\windows\c0adownlo5ze92175.dll
c:\windows\c6f9zar5e484.cpl
c:\windows\cees9arse2758z.cpl
c:\windows\dffa9dwaze2955.cpl
c:\windows\ezc5ddware9953.ocx
c:\windows\ffezownloa95r1323.ocx
c:\windows\rdr_1266291181.exe
c:\windows\rdr_1266337145.exe
c:\windows\rdr_1266339713.exe
c:\windows\rdr_1266341225.exe
c:\windows\rdr_1266351561.exe
c:\windows\rdr_1266358724.exe
c:\windows\rdr_1266424664.exe
c:\windows\system32\10097zpy55d5.ocx
c:\windows\system32\103z05acktool394.cpl
c:\windows\system32\106zste95795.cpl
c:\windows\system32\10914w5rm79z.dll
c:\windows\system32\10c1down9o5der16z.bin
c:\windows\system32\11041hac9to5l6afz.dll
c:\windows\system32\11151hzcktool19e.dll
c:\windows\system32\11409hack95zl189.ocx
c:\windows\system32\115159acktool26z.exe
c:\windows\system32\11562ziru9453.cpl
c:\windows\system32\11574spz7ae9.dll
c:\windows\system32\115925ozm2e79.cpl
c:\windows\system32\1179zs5ambot1ba.ocx
c:\windows\system32\1182zh5c9tool363.cpl
c:\windows\system32\1195addw9re219z.ocx
c:\windows\system32\11z4downl5ader2896.bin
c:\windows\system32\12402hz9kto5l15.bin
c:\windows\system32\12e1stea92751z.exe
c:\windows\system32\13400not-5-v9rus667z.ocx
c:\windows\system32\1388559zj518.ocx
c:\windows\system32\139589iruz5cd.exe
c:\windows\system32\139z5troj99.cpl
c:\windows\system32\13z9sp5ware901.dll
c:\windows\system32\14563z9oj51c.ocx
c:\windows\system32\14755not-z5virus15a9.cpl
c:\windows\system32\14cd5zckdoor694.bin
c:\windows\system32\15030spz99f.cpl
c:\windows\system32\155409r5jz9b.dll
c:\windows\system32\15569z9y709.ocx
c:\windows\system32\1568hazkt5o964.ocx
c:\windows\system32\15696vi9us5z.bin
c:\windows\system32\158z7worm1859.ocx
c:\windows\system32\15905s9ambotz94.exe
c:\windows\system32\1653zn5t9a-virus545.bin
c:\windows\system32\16584t9oz592.exe
c:\windows\system32\167475ot9a-vzrus68.dll
c:\windows\system32\167z5s59mbot392.ocx
c:\windows\system32\16947nzt9a-virus555.dll
c:\windows\system32\16989virzs78b5.cpl
c:\windows\system32\16z44spa5bot7cb9.dll
c:\windows\system32\17492spazb9t495.ocx
c:\windows\system32\17509t5oj7z9.dll
c:\windows\system32\184a9p5ware2743z.dll
c:\windows\system32\1856downloadzr9091.exe
c:\windows\system32\185f9hrzat7845.ocx
c:\windows\system32\185zthi9f1341.cpl
c:\windows\system32\18718hzc95ool522.dll
c:\windows\system32\18z63tr5j99.ocx
c:\windows\system32\19094zroj3d95.bin
c:\windows\system32\19246spy5z89.bin
c:\windows\system32\19389sp53dz.exe
c:\windows\system32\1957z5ot-a-virus195.cpl
c:\windows\system32\19654hazktool6345.cpl
c:\windows\system32\19917wozm45c.ocx
c:\windows\system32\19953trojz85.cpl
c:\windows\system32\19z48not-a5virus3c5.bin
c:\windows\system32\19z72spamb95e9.bin
c:\windows\system32\19zf9i592.exe
c:\windows\system32\1bc0zi92537.ocx
c:\windows\system32\1c67t5i9f1z96.ocx
c:\windows\system32\1cz1s5eal9984.dll
c:\windows\system32\1d37a9dzare2556.dll
c:\windows\system32\1d95ad5ware144z.exe
c:\windows\system32\1e73download9z5097.ocx
c:\windows\system32\1ef55i9z075.dll
c:\windows\system32\1f4stz9l30815.exe
c:\windows\system32\1z01sp56a29.bin
c:\windows\system32\1z027spa5bot927.ocx
c:\windows\system32\1z056worm394.cpl
c:\windows\system32\1z212worm2095.ocx
c:\windows\system32\1z943w5rm79b.bin
c:\windows\system32\200z5ha5kto9l438.dll
c:\windows\system32\20196tr5z291.cpl
c:\windows\system32\2085ba9kdoor8z5.cpl
c:\windows\system32\213z45p96e8.dll
c:\windows\system32\21424v5rus9z6.bin
c:\windows\system32\2145z9irus48d.dll
c:\windows\system32\214z9hi5f1374.exe
c:\windows\system32\215529roz522.ocx
c:\windows\system32\2187thrza955975.cpl
c:\windows\system32\227535py9cz.cpl
c:\windows\system32\22999viruz537.bin
c:\windows\system32\23322hzcktool795.exe
c:\windows\system32\23539ziru9188.exe
c:\windows\system32\2391spa9bot5z9.cpl
c:\windows\system32\24375iz1995.exe
c:\windows\system32\244445otza-virus99.dll
c:\windows\system32\2477thi59108z.exe
c:\windows\system32\24zth5eat23759.bin
c:\windows\system32\25001no9-a-viruz60d.bin
c:\windows\system32\250289ozm96.ocx
c:\windows\system32\25235vzr9s528.exe
c:\windows\system32\25256spambotz9c.cpl
c:\windows\system32\2526zpambo549f.bin
c:\windows\system32\253929ormz735.ocx
c:\windows\system32\254z6vi9us765.bin
c:\windows\system32\2569a5dware16z6.ocx
c:\windows\system32\25701vizus3f59.ocx
c:\windows\system32\25758vizu9738.cpl
c:\windows\system32\25789viru938z.exe
c:\windows\system32\2585sp9mzot3dc.exe
c:\windows\system32\259z1troj4e5.ocx
c:\windows\system32\25z39not-a-vir5s2239.exe
c:\windows\system32\26229noz-a-vi9us2d55.cpl
c:\windows\system32\264zaddw5re26189.dll
c:\windows\system32\26b5ba9kdoor2584z.exe
c:\windows\system32\26z82h9cktool2b5.exe
c:\windows\system32\27096z9am5ot59a.ocx
c:\windows\system32\27557h9cktool6abz.ocx
c:\windows\system32\27758not9a-vir5s8z.dll


Report •

#9
February 21, 2010 at 18:47:57
Part 3:

c:\windows\system32\27908wormz45.dll
c:\windows\system32\27943not-5-vizus7fd.cpl
c:\windows\system32\27e6sp59are115z.bin
c:\windows\system32\28152h9ck5ooz41f.ocx
c:\windows\system32\284z59ot-a-virusa5.cpl
c:\windows\system32\28716zro529.dll
c:\windows\system32\28965woz95c8.dll
c:\windows\system32\28azdownl9ader3345.bin
c:\windows\system32\29335hacktool5ez9.ocx
c:\windows\system32\29344not-z-virus56a5.bin
c:\windows\system32\29349spy5cz.cpl
c:\windows\system32\295zthief3215.cpl
c:\windows\system32\29850zor5295.exe
c:\windows\system32\29965spy65z.dll
c:\windows\system32\29abspzware10655.ocx
c:\windows\system32\29b9thzef3025.ocx
c:\windows\system32\29bfdo5nlozder2949.bin
c:\windows\system32\29z595acktool489.bin
c:\windows\system32\29z98wo9m759.ocx
c:\windows\system32\2cf9bazkdo5r1804.dll
c:\windows\system32\2decbaczdoo91725.exe
c:\windows\system32\2fa5hreatz0039.cpl
c:\windows\system32\2z169roj39b5.bin
c:\windows\system32\2z397wormda5.dll
c:\windows\system32\2z3dthief52949.bin
c:\windows\system32\2z93spywa5e628.cpl
c:\windows\system32\30184z5oj9dc.cpl
c:\windows\system32\3078a9dwa5e222z.cpl
c:\windows\system32\308959pz4a0.ocx
c:\windows\system32\30z5troj9ae.dll
c:\windows\system32\31497vir5z549.ocx
c:\windows\system32\3191znot-5-v9rus16c.bin
c:\windows\system32\31ffthre5t39z1.bin
c:\windows\system32\32353not-a-9z5us3f6.dll
c:\windows\system32\323asp5rse9z21.ocx
c:\windows\system32\32534troj295z.dll
c:\windows\system32\32587worm5z9.bin
c:\windows\system32\329adownz5ader1999.bin
c:\windows\system32\32eb5zckdoor1197.exe
c:\windows\system32\3515spz9bot5f.dll
c:\windows\system32\352zbackd9or5503.exe
c:\windows\system32\353cs9ea53131z.exe
c:\windows\system32\3553sp9rse510z.cpl
c:\windows\system32\355csp9rze2098.cpl
c:\windows\system32\357sp9535z.cpl
c:\windows\system32\359229zrm614.bin
c:\windows\system32\3593st5al9527z.bin
c:\windows\system32\35995zorm706.cpl
c:\windows\system32\35c9sp5rse192z9.bin
c:\windows\system32\35zdback9oor2478.dll
c:\windows\system32\362bdo9nloader1125z.ocx
c:\windows\system32\3675z9cktoo57b6.cpl
c:\windows\system32\3827downzoa9er2755.exe
c:\windows\system32\3865orm3z9.dll
c:\windows\system32\3879spzr5e521.ocx
c:\windows\system32\392fspyware5z42.dll
c:\windows\system32\39335roj7z5.cpl
c:\windows\system32\3965addwzre1584.dll
c:\windows\system32\39zbb5ckdoor2451.bin
c:\windows\system32\3a54spyw9ze2697.exe
c:\windows\system32\3a5cdow59oadzr1845.cpl
c:\windows\system32\3a9cspywzre195.dll
c:\windows\system32\3ab0th5e931z4.ocx
c:\windows\system32\3bde9ackdoor151z.bin
c:\windows\system32\3cdd9ddwa5ez01.dll
c:\windows\system32\3d0ddo9nl5aderz505.cpl
c:\windows\system32\3d9es95rsz1683.cpl
c:\windows\system32\3dz9do5nloader784.cpl
c:\windows\system32\3f70s9ywa5e94z.dll
c:\windows\system32\3f94v5rz162.exe
c:\windows\system32\3z0195o9m69c.cpl
c:\windows\system32\3z03ste9l2635.bin
c:\windows\system32\3z66vi51129.exe
c:\windows\system32\409fspywa5e2299z.exe
c:\windows\system32\4172add9zre2495.cpl
c:\windows\system32\417z9r5j504.cpl
c:\windows\system32\41c7dow9zoader1553.ocx
c:\windows\system32\41d9a5dwaz9517.cpl
c:\windows\system32\4236ste9l5z74.bin
c:\windows\system32\429zs9e5l3234.ocx
c:\windows\system32\42c9spyzare856.dll
c:\windows\system32\433dthreat50958z.ocx
c:\windows\system32\44f3addwzr92405.dll
c:\windows\system32\453595rm4dz.dll
c:\windows\system32\45369h5ef1712z.dll
c:\windows\system32\4578not-9-vizus258.bin
c:\windows\system32\4601t9reatz5407.cpl
c:\windows\system32\470spazbo5209.bin
c:\windows\system32\475wzrm1749.ocx
c:\windows\system32\477fthief53z99.dll
c:\windows\system32\492zv9rus6a5.bin
c:\windows\system32\4983threatz9657.dll
c:\windows\system32\49a5dzwnloader2502.bin
c:\windows\system32\49f3do9nloa5erz298.cpl
c:\windows\system32\4a08spzwa9e765.cpl
c:\windows\system32\4a549hief2701z.exe
c:\windows\system32\4d7zs9arse3250.cpl
c:\windows\system32\4dz3downloader58909.dll
c:\windows\system32\4z299ir23445.exe
c:\windows\system32\4z465ddware1439.bin
c:\windows\system32\4z529py51e.ocx
c:\windows\system32\4z8asp5ware2589.exe
c:\windows\system32\501fadd9zre1760.ocx
c:\windows\system32\50289zirus9af.cpl
c:\windows\system32\50863worm4z29.dll
c:\windows\system32\5090hackto5l6z7.exe
c:\windows\system32\50920w9zm5f0.bin
c:\windows\system32\5096thief2z919.exe
c:\windows\system32\50z299orm9b.dll
c:\windows\system32\50z9thief15255.dll
c:\windows\system32\5181hackt9ol5bez.dll
c:\windows\system32\51c75zywa9e210.cpl
c:\windows\system32\520aspyw9ze1659.cpl
c:\windows\system32\52bcza9kdoor1310.exe
c:\windows\system32\52z5vir955fb.ocx
c:\windows\system32\531589orm7z5.dll
c:\windows\system32\53949ackzool4b5.cpl
c:\windows\system32\5396bac5dooz9749.bin
c:\windows\system32\5499thi9f251z5.cpl
c:\windows\system32\5503tzo9d3.ocx
c:\windows\system32\5557v9rus7fz.exe
c:\windows\system32\5576zown9oader17385.dll
c:\windows\system32\5580worz199.dll
c:\windows\system32\5598backd9o5z419.cpl
c:\windows\system32\55c6ste9l286z.ocx
c:\windows\system32\55f5zackdoo92217.dll
c:\windows\system32\55zworm791.cpl
c:\windows\system32\5625z5ief9524.ocx
c:\windows\system32\5646adz9are54.dll
c:\windows\system32\564a5parze903.bin
c:\windows\system32\56529hzef2855.cpl
c:\windows\system32\5680haczto9l798.dll
c:\windows\system32\56zf9teal305.bin
c:\windows\system32\57901spyz8.ocx
c:\windows\system32\57z0hack5ool4119.dll
c:\windows\system32\5899steal2458z.exe
c:\windows\system32\58bzpywa9e8.bin
c:\windows\system32\58z85spy3cc9.cpl
c:\windows\system32\58z9spars51941.exe
c:\windows\system32\59012trzj594.bin
c:\windows\system32\590bsteal92z.ocx
c:\windows\system32\592f5pazse2972.cpl
c:\windows\system32\5932tr5z65a.ocx
c:\windows\system32\5932zroj59c.exe
c:\windows\system32\59369teal1z84.bin
c:\windows\system32\59563s9zmbot285.bin
c:\windows\system32\5956threzt20291.ocx
c:\windows\system32\5956worz56.cpl
c:\windows\system32\5961zvirus639.dll
c:\windows\system32\59694tzoj418.cpl
c:\windows\system32\597z5spy49.bin
c:\windows\system32\5980b5ckdoor66z.exe
c:\windows\system32\5989wormzb7.exe
c:\windows\system32\59a4thief300z.bin
c:\windows\system32\59b695ief2028z.dll
c:\windows\system32\59c5viz3150.bin
c:\windows\system32\59zfadd5ar91562.dll
c:\windows\system32\5a79steal825z.dll
c:\windows\system32\5a97b5ckdoor2618z.cpl
c:\windows\system32\5b06spa9sz877.exe
c:\windows\system32\5b1e5hiez29559.cpl
c:\windows\system32\5b9zthi5f34.bin
c:\windows\system32\5bbfspyz9re585.exe
c:\windows\system32\5cde9ddwaze1211.dll
c:\windows\system32\5d6bdown9oazer194.bin
c:\windows\system32\5dz6vi59709.ocx
c:\windows\system32\5ef5spzwa9e2775.cpl
c:\windows\system32\5ezspa5s91471.exe
c:\windows\system32\5f3aste9l244z.dll
c:\windows\system32\5f5azteal9539.exe
c:\windows\system32\5f5cthreat29490z.cpl
c:\windows\system32\5f63spywaze9155.cpl
c:\windows\system32\5f93zir2895.ocx
c:\windows\system32\5fd29oznloade51230.exe
c:\windows\system32\5z580tro958f.dll
c:\windows\system32\5z760worm29e.exe
c:\windows\system32\60cfdzwnlo9der5815.dll
c:\windows\system32\61bzst9al17675.ocx
c:\windows\system32\627bdow5lzad9r514.dll
c:\windows\system32\63bbth9eaz95235.ocx
c:\windows\system32\640995rz459.dll
c:\windows\system32\6428backd9zr18155.dll
c:\windows\system32\642baczdoor593.dll
c:\windows\system32\645b9te5l238z.dll
c:\windows\system32\64dasteal2z995.dll
c:\windows\system32\64e9backdzor1528.bin
c:\windows\system32\6568ba9kdoor167z.dll
c:\windows\system32\65z3add59re2736.dll
c:\windows\system32\66ez5ac9door349.dll
c:\windows\system32\68bdthizf52779.bin
c:\windows\system32\690zvir151.ocx
c:\windows\system32\69149hiefz50.cpl
c:\windows\system32\695est9az1451.dll
c:\windows\system32\69d3steal5z95.ocx
c:\windows\system32\6b5d9iz7275.ocx
c:\windows\system32\6c4espyw5rez309.ocx
c:\windows\system32\6c75spa9sz927.ocx
c:\windows\system32\6c9ethi5f9424z.bin
c:\windows\system32\6cc5thief4z9.ocx
c:\windows\system32\6dc3sp9ware55z.ocx
c:\windows\system32\6ef95ackdoor1018z.bin
c:\windows\system32\6fa69ac5dzor335.exe
c:\windows\system32\6za45ir297.ocx
c:\windows\system32\7033z5dware409.dll
c:\windows\system32\70z5downlo9de5300.cpl
c:\windows\system32\71czthie59539.exe
c:\windows\system32\7264noz-5-v9rus503.ocx
c:\windows\system32\728e5ownloz9er408.bin
c:\windows\system32\72d5downlo9der299z.dll
c:\windows\system32\7337spy5z95.exe
c:\windows\system32\745zwo59144.ocx
c:\windows\system32\74zdbackdoor21195.cpl
c:\windows\system32\7531addwaze17699.cpl
c:\windows\system32\757s9eal296z.dll
c:\windows\system32\7595steal95z.ocx
c:\windows\system32\7675szywa9e528.cpl
c:\windows\system32\76ccdownl5azer16389.bin
c:\windows\system32\7729sp5rse152z.ocx
c:\windows\system32\777f5zdware1299.bin
c:\windows\system32\779aspzr5e2472.ocx
c:\windows\system32\77a59hrea57z.cpl
c:\windows\system32\7864zdd5ar91034.ocx
c:\windows\system32\78z595wnloader1573.exe
c:\windows\system32\79205hief557z.ocx
c:\windows\system32\795zvir2196.bin
c:\windows\system32\797aste9z1585.ocx
c:\windows\system32\7a39zddware2056.ocx
c:\windows\system32\7a65vz92634.ocx
c:\windows\system32\7bd2dow5loazer954.dll
c:\windows\system32\7c3zbackdoor32569.dll
c:\windows\system32\7c97szywa5e2749.cpl
c:\windows\system32\7e23spywarez095.ocx
c:\windows\system32\7f67d5wnzoad9r785.ocx
c:\windows\system32\7f7fvzr9459.dll
c:\windows\system32\7f95stzal2294.bin
c:\windows\system32\7fc85pyw9ze1456.bin
c:\windows\system32\7fe5viz996.cpl
c:\windows\system32\7zf49hreat15815.exe
c:\windows\system32\8392not-a-vzrusc5.exe
c:\windows\system32\8541s5zmbot189.bin
c:\windows\system32\8549wzrm519.exe
c:\windows\system32\8805troj4zf9.bin
c:\windows\system32\88569py4zf.exe
c:\windows\system32\90245pz98e.dll
c:\windows\system32\90531vi5usfdz.dll
c:\windows\system32\90z3vi5us1839.dll
c:\windows\system32\90z9w9rm7915.bin
c:\windows\system32\91545spambot481z.exe
c:\windows\system32\9165thizf195.ocx
c:\windows\system32\92090not-a-zirus35d.dll
c:\windows\system32\9231s5yze0.cpl
c:\windows\system32\9273not-a-5irzs3a5.cpl
c:\windows\system32\93325zrus295.ocx
c:\windows\system32\9397viru97zc5.dll
c:\windows\system32\93z5spambot1a9.dll
c:\windows\system32\95571ha5kzool535.exe
c:\windows\system32\955dstezl2038.ocx
c:\windows\system32\95724hacktool52z.dll
c:\windows\system32\9572zspy585.bin
c:\windows\system32\9597down5oadzr260.bin
c:\windows\system32\95z77worm225.exe
c:\windows\system32\95z8ha5kt9ol159.bin
c:\windows\system32\961cs5ezl2796.bin
c:\windows\system32\9684hazkto5l15e9.dll
c:\windows\system32\9691threat8z15.bin
c:\windows\system32\96dbaczdoor2345.dll
c:\windows\system32\975asp5wzre2748.bin
c:\windows\system32\9786worz654.exe
c:\windows\system32\9787s5amzot32.dll
c:\windows\system32\98995pambot41z.exe
c:\windows\system32\98b5threat2z25.dll
c:\windows\system32\996z5hreat22544.ocx
c:\windows\system32\99856viruz69e.cpl
c:\windows\system32\99879trojz5.ocx
c:\windows\system32\99bspzrse957.exe
c:\windows\system32\9a6dzackdoo52457.ocx
c:\windows\system32\9z48v5r953.bin
c:\windows\system32\9z675troj478.dll
c:\windows\system32\a3z9a5kdoor1373.bin
c:\windows\system32\a4bac5dozr779.bin
c:\windows\system32\az5threat5009.bin
c:\windows\system32\b93spz5se73.exe
c:\windows\system32\bdbthief12z95.bin
c:\windows\system32\c58szeal28549.bin
c:\windows\system32\drivers\oko6.sys
c:\windows\system32\e42addza5e973.exe
c:\windows\system32\f2cd95nloaderz110.ocx
c:\windows\system32\facdzw5loader29459.cpl
c:\windows\system32\oem8.inf
c:\windows\system32\oko6.dll
c:\windows\system32\z0165par9e1926.bin
c:\windows\system32\z0439t5oj1b8.ocx
c:\windows\system32\z1275spy35a9.exe
c:\windows\system32\z19vir2275.cpl
c:\windows\system32\z1bfst5al1965.exe
c:\windows\system32\z275spywar93164.cpl
c:\windows\system32\z2c4dow9loader5879.dll
c:\windows\system32\z32005p94af.cpl
c:\windows\system32\z337spa9s5249.ocx
c:\windows\system32\z34ebackdo5r2595.cpl
c:\windows\system32\z4089s5ambot525.cpl
c:\windows\system32\z4520hackt95l12b.exe
c:\windows\system32\z45spy2c9.ocx
c:\windows\system32\z4679virus59b.exe
c:\windows\system32\z5189spy7235.cpl
c:\windows\system32\z5324s9ambot570.dll
c:\windows\system32\z53faddw9re3.exe
c:\windows\system32\z54downl5ad9r32.bin
c:\windows\system32\z564steal11579.exe
c:\windows\system32\z5691spy335.exe
c:\windows\system32\z69t95ef2320.ocx
c:\windows\system32\z7306virus7f95.dll
c:\windows\system32\z8974spambot5b5.bin
c:\windows\system32\z9859spy8b.bin
c:\windows\system32\z988spy9715.dll
c:\windows\system32\z9948worm5e7.cpl
c:\windows\system32\z99vir2585.ocx
c:\windows\system32\z9f2downl5ader1965.bin
c:\windows\system32\zaat5ief9425.cpl
c:\windows\system32\zbbfad9ware1415.dll
c:\windows\system32\zcb2ste5l1609.exe
c:\windows\system32\zd8cstea59407.ocx
c:\windows\system32\zf5threat39916.cpl
c:\windows\z0990spamb5t28d.ocx
c:\windows\z0994wo5m4e8.bin
c:\windows\z1950vir9s55c.dll
c:\windows\z2859ddwar587.exe
c:\windows\z2872viru94805.exe
c:\windows\z36305orm69.cpl
c:\windows\z45fthreat5797.exe
c:\windows\z5502t9oj156.dll
c:\windows\z5515hackto5l931.ocx
c:\windows\z559sparse550.ocx
c:\windows\z57ds9yware783.cpl
c:\windows\z5ee95ckdoor3260.ocx
c:\windows\z6089tro958b.exe
c:\windows\z760wor56e9.ocx
c:\windows\z767downloa5er29599.cpl
c:\windows\z795sp559.ocx
c:\windows\z7b2v5r9503.bin
c:\windows\z87threa524609.cpl
c:\windows\z95979orm5c4.cpl
c:\windows\z96559py45f.ocx
c:\windows\z9659no5-a-vir9s2da.bin
c:\windows\z9835pyware919.bin
c:\windows\za0fba9k5oor393.cpl
c:\windows\za4bspywa9e5825.exe
c:\windows\zd5a5t9al977.ocx
c:\windows\zd5bspar9e862.ocx
c:\windows\zde5downlo9d5r1565.dll


Report •

#10
February 21, 2010 at 18:48:37
Part 4:

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OKO6
-------\Service_oko6
-------\Service_okosrv


((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 01:44 . 2010-02-22 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-20 18:25 . 2010-02-20 18:25 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-20 17:58 . 2010-02-20 17:58 -------- d-----w- c:\programdata\RoboForm
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- c:\program files\trend micro
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- C:\rsit
2010-02-20 15:20 . 2010-02-20 18:21 -------- d-----w- C:\AntiVirus Utilities
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 14:31 . 2010-02-20 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 01:48 . 2010-02-18 01:48 -------- d-----w- c:\programdata\WindowsSearch
2010-02-17 18:54 . 2010-02-02 15:13 59664 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 51984 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 33552 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-02-16 21:27 . 2010-02-16 21:27 -------- d-----w- c:\users\Miss Annette\Option
2010-02-16 18:03 . 2010-02-16 18:03 -------- d-----w- c:\users\Miss Annette\AppData\Local\Threat Expert
2010-02-16 17:57 . 2010-02-05 14:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-16 17:57 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-16 17:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-16 17:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-16 17:57 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-16 17:57 . 2010-02-22 01:50 -------- d-----w- c:\program files\Spyware Doctor
2010-02-16 17:57 . 2010-02-17 18:54 -------- d-----w- c:\programdata\PC Tools
2010-02-16 17:57 . 2010-02-16 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-16 17:57 . 2010-02-16 17:57 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\PC Tools
2010-02-16 17:34 . 2010-02-16 17:34 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\AVG8
2010-02-16 17:06 . 2010-02-16 17:06 -------- d-----w- c:\program files\ArmorShield Software
2010-02-10 16:11 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:11 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 01:49 . 2009-04-04 19:55 12288 ----a-w- c:\users\Public\mtwb.dat
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\programdata\Symantec
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-18 15:50 . 2009-03-31 13:49 848 ----a-w- c:\users\Miss Annette\AppData\Roaming\wklnhst.dat
2010-02-18 01:32 . 2008-08-27 22:53 -------- d-----w- c:\program files\eMachines GameZone
2010-02-16 17:51 . 2008-08-27 22:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 17:44 . 2009-10-23 20:20 -------- d-----w- c:\programdata\Electronic Arts
2010-02-12 22:07 . 2009-05-14 20:20 34 ----a-w- c:\windows\system32\BD5240.DAT
2010-02-11 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-22 15:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 16:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 16:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 16:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 16:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 16:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 16:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 16:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 16:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 16:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 16:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-11 12:07 . 2010-02-10 16:12 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 16:12 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 16:12 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 16:12 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 16:12 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2009-08-30 13:28 2259480 ----a-w- c:\program files\Swag_Bucks\tbSwag.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}"= "c:\program files\alot\bin\alot.dll" [2009-06-01 807208]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-14 6253088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-02 809480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]

c:\users\Miss Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/16/2010 12:57 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [2/17/2010 1:54 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [2/17/2010 1:54 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2/16/2010 12:57 PM 233136]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [5/14/2009 3:13 PM 20376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 3:11 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [11/18/2008 7:29 PM 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 12:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 5:03 AM 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/16/2010 12:57 PM 365280]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2/16/2010 12:57 PM 70408]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [2/17/2010 1:54 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8/27/2008 5:52 PM 22072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2008 7:32 PM 30192]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
okogrp REG_MULTI_SZ okosrv
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{33BE7DD5-7C2F-4028-803C-CA8EDD8C66FF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swagbucks.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1108&m=d620
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-wtb3C64.exe - c:\windows\system32\wtb3C64.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-ArmorShield - c:\program files\ArmorShield Software\ArmorShield\ArmorShield.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 20:53
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-254020642-2601288645-1023384231-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,2b,60,57,76,b7,09,fe,10,38,bd,9b,1c,7f,ed,bf,2f,85,c5,9d,11,
bd,82,9c,aa,7b,e8,bd,17,a6,93,90,7f,d3,90,0a,82,0d,1a,9d,71,b3,04,cc,37,0d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(660)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'Explorer.exe'(4512)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\msi.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\system32\QUtil.dll
c:\windows\System32\QAgent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\windows\system32\Taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-02-21 21:20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 02:19

Pre-Run: 102,253,842,432 bytes free
Post-Run: 102,438,625,280 bytes free

- - End Of File - - 7BE3C2F4365C13032493F7D6D7389CB7


Report •

#11
February 21, 2010 at 19:31:44
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
Folder::
c:\program files\ArmorShield Software

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

Let me know how the computer is operating.


Report •

#12
February 22, 2010 at 16:56:02
ComboFix 10-02-21.02 - Miss Annette 02/22/2010 18:49:16.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.900 [GMT -5:00]
Running from: c:\users\Miss Annette\Downloads\Combo-Fix.exe
Command switches used :: c:\users\Miss Annette\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: TemplatesFile

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\alot\bin\ALOTSettings.exe
c:\program files\ArmorShield Software
c:\program files\ArmorShield Software\ArmorShield\Uninstall.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FastBrowserSearchProtection.exe
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProtectionUnInstall.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\options.html
c:\program files\Fast Browser Search\IE\searchbutton1.gif
c:\program files\Fast Browser Search\IE\searchbutton2.gif
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\Unreg.dll
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\users\Miss Annette\AppData\Roaming\alot

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 00:24 . 2010-02-23 00:27 -------- d-----w- c:\users\Miss Annette\AppData\Local\temp
2010-02-23 00:24 . 2010-02-23 00:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-23 00:24 . 2010-02-23 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-22 23:39 . 2010-02-22 23:41 -------- d-----w- C:\32788R22FWJFW
2010-02-22 03:02 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:42 . 2010-02-22 02:20 -------- d-----w- C:\Combo-Fix
2010-02-20 18:25 . 2010-02-20 18:25 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-20 17:58 . 2010-02-20 17:58 -------- d-----w- c:\programdata\RoboForm
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- c:\program files\trend micro
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- C:\rsit
2010-02-20 15:20 . 2010-02-22 02:21 -------- d-----w- C:\AntiVirus Utilities
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 14:31 . 2010-02-20 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 01:48 . 2010-02-18 01:48 -------- d-----w- c:\programdata\WindowsSearch
2010-02-17 18:54 . 2010-02-02 15:13 59664 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 51984 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 33552 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-02-16 21:27 . 2010-02-16 21:27 -------- d-----w- c:\users\Miss Annette\Option
2010-02-16 18:03 . 2010-02-16 18:03 -------- d-----w- c:\users\Miss Annette\AppData\Local\Threat Expert
2010-02-16 17:57 . 2010-02-05 14:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-16 17:57 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-16 17:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-16 17:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-16 17:57 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-16 17:57 . 2010-02-23 00:27 -------- d-----w- c:\program files\Spyware Doctor
2010-02-16 17:57 . 2010-02-17 18:54 -------- d-----w- c:\programdata\PC Tools
2010-02-16 17:57 . 2010-02-16 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-16 17:57 . 2010-02-16 17:57 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\PC Tools
2010-02-16 17:34 . 2010-02-16 17:34 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\AVG8
2010-02-10 16:11 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:11 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 23:32 . 2009-04-04 19:55 12288 ----a-w- c:\users\Public\mtwb.dat
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\programdata\Symantec
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-18 15:50 . 2009-03-31 13:49 848 ----a-w- c:\users\Miss Annette\AppData\Roaming\wklnhst.dat
2010-02-18 01:32 . 2008-08-27 22:53 -------- d-----w- c:\program files\eMachines GameZone
2010-02-16 17:51 . 2008-08-27 22:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 17:44 . 2009-10-23 20:20 -------- d-----w- c:\programdata\Electronic Arts
2010-02-12 22:07 . 2009-05-14 20:20 34 ----a-w- c:\windows\system32\BD5240.DAT
2010-02-11 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-22 15:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 16:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 16:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 16:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 16:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 16:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 16:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 16:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 16:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 16:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 16:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-11 12:07 . 2010-02-10 16:12 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 16:12 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 16:12 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 16:12 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 16:12 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2009-08-30 13:28 2259480 ----a-w- c:\program files\Swag_Bucks\tbSwag.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-14 6253088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-02 809480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]

c:\users\Miss Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/16/2010 12:57 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [2/17/2010 1:54 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [2/17/2010 1:54 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2/16/2010 12:57 PM 233136]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [5/14/2009 3:13 PM 20376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 3:11 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [11/18/2008 7:29 PM 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 12:42 AM 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 5:03 AM 131072]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/16/2010 12:57 PM 365280]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2/16/2010 12:57 PM 70408]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [2/17/2010 1:54 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8/27/2008 5:52 PM 22072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2008 7:32 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
okogrp REG_MULTI_SZ okosrv
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\User_Feed_Synchronization-{33BE7DD5-7C2F-4028-803C-CA8EDD8C66FF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swagbucks.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1108&m=d620
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 19:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-254020642-2601288645-1023384231-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,2b,60,57,76,b7,09,fe,10,38,bd,9b,1c,7f,ed,bf,2f,85,c5,9d,11,
bd,82,9c,aa,7b,e8,bd,17,a6,93,90,7f,d3,90,0a,82,0d,1a,9d,71,b3,04,cc,37,0d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(664)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'Explorer.exe'(4644)
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\system32\msi.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\users\MISSAN~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
.
**************************************************************************
.
Completion time: 2010-02-22 19:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 00:50
ComboFix2.txt 2010-02-22 02:20

Pre-Run: 102,932,303,872 bytes free
Post-Run: 102,928,994,304 bytes free

- - End Of File - - BA926DEFA2BF8ED5A0692FF58D990057


Report •

#13
February 22, 2010 at 19:16:47
Looking better.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
okogrp=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.


Report •

#14
February 23, 2010 at 17:18:39
ComboFix 10-02-23.03 - Miss Annette 02/23/2010 18:29:50.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1789.916 [GMT -5:00]
Running from: c:\users\Miss Annette\Downloads\Combo-Fix.exe
Command switches used :: c:\users\Miss Annette\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 00:30 . 2010-02-24 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-23 00:24 . 2010-02-24 00:36 -------- d-----w- c:\users\Miss Annette\AppData\Local\temp
2010-02-22 03:02 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 23:42 . 2010-02-22 02:20 -------- d-----w- C:\Combo-Fix
2010-02-20 18:25 . 2010-02-20 18:25 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-20 17:58 . 2010-02-20 17:58 -------- d-----w- c:\programdata\RoboForm
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- c:\program files\trend micro
2010-02-20 15:54 . 2010-02-20 15:54 -------- d-----w- C:\rsit
2010-02-20 15:20 . 2010-02-22 02:21 -------- d-----w- C:\AntiVirus Utilities
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 14:31 . 2010-02-20 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 14:31 . 2010-02-18 14:31 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 14:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 01:48 . 2010-02-18 01:48 -------- d-----w- c:\programdata\WindowsSearch
2010-02-17 18:54 . 2010-02-02 15:13 59664 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 51984 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-02-17 18:54 . 2010-02-02 15:13 33552 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-02-16 21:27 . 2010-02-16 21:27 -------- d-----w- c:\users\Miss Annette\Option
2010-02-16 18:03 . 2010-02-16 18:03 -------- d-----w- c:\users\Miss Annette\AppData\Local\Threat Expert
2010-02-16 17:57 . 2010-02-05 14:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-16 17:57 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-16 17:57 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-16 17:57 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-16 17:57 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-16 17:57 . 2010-02-23 23:15 -------- d-----w- c:\program files\Spyware Doctor
2010-02-16 17:57 . 2010-02-17 18:54 -------- d-----w- c:\programdata\PC Tools
2010-02-16 17:57 . 2010-02-16 18:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-16 17:57 . 2010-02-16 17:57 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\PC Tools
2010-02-16 17:34 . 2010-02-16 17:34 -------- d-----w- c:\users\Miss Annette\AppData\Roaming\AVG8
2010-02-10 16:11 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 16:11 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 16:46 . 2009-04-04 19:55 12288 ----a-w- c:\users\Public\mtwb.dat
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\programdata\Symantec
2010-02-18 18:44 . 2008-08-27 23:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-18 15:50 . 2009-03-31 13:49 848 ----a-w- c:\users\Miss Annette\AppData\Roaming\wklnhst.dat
2010-02-18 01:32 . 2008-08-27 22:53 -------- d-----w- c:\program files\eMachines GameZone
2010-02-16 17:51 . 2008-08-27 22:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 17:44 . 2009-10-23 20:20 -------- d-----w- c:\programdata\Electronic Arts
2010-02-12 22:07 . 2009-05-14 20:20 34 ----a-w- c:\windows\system32\BD5240.DAT
2010-02-11 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-22 15:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 16:12 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 16:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 16:12 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 16:12 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 16:12 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 16:12 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 16:12 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 16:12 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 16:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 16:12 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-11 12:07 . 2010-02-10 16:12 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 16:12 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 16:12 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 16:12 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 16:12 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
2009-12-02 16:20 . 2009-12-02 16:20 484976 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\gtb9B08.tmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2009-08-30 13:28 2259480 ----a-w- c:\program files\Swag_Bucks\tbSwag.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\tbSwag.dll" [2009-08-30 2259480]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-14 6253088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-02 809480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]

c:\users\Miss Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2/16/2010 12:57 PM 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [2/17/2010 1:54 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [2/17/2010 1:54 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2/16/2010 12:57 PM 233136]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [5/14/2009 3:13 PM 20376]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 3:11 PM 16384]
R2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [11/18/2008 7:29 PM 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 12:42 AM 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/16/2010 12:57 PM 365280]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2/16/2010 12:57 PM 70408]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [2/17/2010 1:54 PM 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8/27/2008 5:52 PM 22072]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 5:03 AM 131072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2008 7:32 PM 30192]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
okogrp REG_MULTI_SZ okosrv
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 c:\windows\Tasks\User_Feed_Synchronization-{33BE7DD5-7C2F-4028-803C-CA8EDD8C66FF}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swagbucks.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=2&o=vb32&d=1108&m=d620
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 19:35
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-254020642-2601288645-1023384231-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,2b,60,57,76,b7,09,fe,10,38,bd,9b,1c,7f,ed,bf,2f,85,c5,9d,11,
bd,82,9c,aa,7b,e8,bd,17,a6,93,90,7f,d3,90,0a,82,0d,1a,9d,71,b3,04,cc,37,0d,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'lsass.exe'(664)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll

- - - - - - - > 'Explorer.exe'(5116)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TfWah.dll
c:\windows\System32\NLSLexicons0009.dll
c:\windows\system32\ieframe.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\windows\system32\WINHTTP.dll
c:\windows\System32\SyncCenter.dll
c:\windows\System32\fwpuclnt.dll
c:\windows\System32\davclnt.dll
.
Completion time: 2010-02-23 20:12:08
ComboFix-quarantined-files.txt 2010-02-24 01:11
ComboFix2.txt 2010-02-23 00:50
ComboFix3.txt 2010-02-22 02:20

Pre-Run: 122,298,535,936 bytes free
Post-Run: 122,321,838,080 bytes free

- - End Of File - - C96D69FCC0B474F2DCED941036EB3296


Report •

#15
February 23, 2010 at 18:24:57

Tha registry entry is a little stubborn.


Please open Notepad
Click Start , then Run
Type notepad.exe in the Run Box and click ok.

2. Now copy/paste the entire content between the X"s below into the Notepad window With REGEDIT4 in the top left corner of the page:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
okogrp=-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Then post the Bitdefender log if you have ran it yet.


Report •

#16
February 23, 2010 at 18:48:47
BitDefender Online Scanner



Scan report generated at: Tue, Feb 23, 2010 - 21:43:56





Scan path: C:\;D:\;E:\;







Statistics

Time
01:15:34

Files
238419

Folders
18181

Boot Sectors
0

Archives
2247

Packed Files
13487




Results

Identified Viruses
4

Infected Files
6

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
5308174

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jan 06 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Qoobox\Quarantine\C\Program Files\ArmorShield Software\ArmorShield\Uninstall.exe.vir
Infected with: Gen:Trojan.Heur.TDss.3y1@iCTYhIfi

C:\Qoobox\Quarantine\C\Program Files\ArmorShield Software\ArmorShield\Uninstall.exe.vir
Disinfection failed

C:\Qoobox\Quarantine\C\Program Files\ArmorShield Software\ArmorShield\Uninstall.exe.vir
Deleted

C:\Qoobox\Quarantine\C\Windows\rdr_1266291181.exe.vir
Infected with: Trojan.Generic.IS.141495

C:\Qoobox\Quarantine\C\Windows\rdr_1266291181.exe.vir
Deleted

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19TC7MO5\setup[1].exe
Infected with: Trojan.Generic.3166666

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19TC7MO5\setup[1].exe
Deleted

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S7TO35R\console=yes[1].htm
Infected with: Trojan.Script.290606

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S7TO35R\console=yes[1].htm
Deleted

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S7TO35R\setup[1].exe
Infected with: Trojan.Generic.3166666

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2S7TO35R\setup[1].exe
Deleted

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HX80ZY6F\console=yes[1].htm
Infected with: Trojan.Script.290606

C:\Users\Miss Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HX80ZY6F\console=yes[1].htm
Deleted












Report •


Ask Question