Author Topic: [Resolved] computer slow to download and open web pages slow to start  (Read 2219 times)

0 Members and 1 Guest are viewing this topic.

Offline hammerhead31

  • Bronze Member
  • Posts: 8
hope I did this right
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:25 AM, on 3/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SpeedBit Video Downloader\Toolbar\grabber.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\bootskin.exe" /StartupJobs
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DreamRender] C:\Program Files\DreamRender\DreamRender.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - ?p=ZLfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedbit video accelerator\sblsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230387760515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230387748890
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.charter.net/files/charter/securitysuite/fscax.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) -  - (no file)
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: DvpApi (dvpapi) - Hagel Technologies Ltd. - (no file)
O23 - Service: Google Update Service (gupdate1c9b21fdf943654) (gupdate1c9b21fdf943654) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

--
End of file - 13576 bytes
« Last Edit: March 16, 2010, 02:25:24 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25387
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

We note you are using one or more products from IOBit. 
IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
Please see this for additional information on these allegations:  http://www.malwarebytes.org/forums/index.php?showtopic=29681

Additionally, both WOT and SiteAdvisor have flagged IOBit’s site.

A thread in the IOBit’s forum responded to the accusations from MalwareBytes.
It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. 
The bottom line from IOBit was:“No hard proof shows that IObit stole database of Malwarebytes.”

At least until the issues of possible database theft and spyware packaging is resolved, SpywareHammer recommends against the use of IOBit products.

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please Malwarebytes' Anti-Malware to check for malware.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.[/COLOR]
In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.[/COLOR]
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    Malwarebytes' Anti-Malware 1.44
    Database version: 3874
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    3/16/2010 2:41:50 PM
    mbam-log-2010-03-16 (14-41-50).txt

    Scan type: Quick Scan
    Objects scanned: 158877
    Time elapsed: 7 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 12
    Files Infected: 123

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\29-06-2007-23-12-45 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10001.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10002.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10004.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10005.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10006.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10007.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10008.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10009.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10009.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10010.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10010.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10011.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10011.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\06-07-2007-13-30-15\10012.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10002.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10004.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10005.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10006.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10007.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10008.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10008.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10009.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10009.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10010.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10011.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10012.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10013.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10014.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10015.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10016.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10017.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10017.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10018.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10018.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10019.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10019.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10020.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10021.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10022.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10022.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10023.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10024.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10024.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10025.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10025.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10026.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10027.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10027.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10028.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10029.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10029.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10030.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10031.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\14-07-2007-11-20-13\10031.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10031.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10032.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10033.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10034.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10035.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10035.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10036.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10036.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\17-07-2007-03-41-52\10037.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10001.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10002.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10004.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10005.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10006.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10007.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10008.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10009.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10009.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10010.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\18-07-2007-18-12-33\10010.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10002.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10003.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10003.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10004.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10004.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10005.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10006.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10007.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10008.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10009.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10010.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10011.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10011.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10012.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10013.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10013.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10014.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10015.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10015.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10016.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10016.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\20-06-2007-09-01-38\10017.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\29-06-2007-23-12-45\10000.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\29-06-2007-23-12-45\10000.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\29-06-2007-23-12-45\10001.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Quarantine\29-06-2007-23-12-45\10001.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Registry Backups\2007-07-24_16-42-59.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Registry Backups\2007-07-26_03-46-59.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Registry Backups\2007-07-29_09-43-56.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Application Data\RegistrySmart\Registry Backups\2007-07-30_03-44-59.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Baby\Start Menu\Programs\Outerinfo\Terms.rtf (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    How is the computer working now? Does the internet connection seem to be faster?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    Yes, a little , streaming is slow an I'm seeing more popups now thanks for your help so far 

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Download and scan with Spybot S&D 1.6.2
    http://www.safer-networking.org/en/download/index.html

               1. Install Spybot. Be sure to UNCHECK TeaTimer when presented with the option to install.
               2. Run Spybot, go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
               3. Click the button "Search for Updates".
               4. If any updates are found, install them by placing a checkmark next to each one and clicking "Download Updates".If you encounter any error messages while downloading the updates, manually download them from here.
               5. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
               6. Click the button "Check for Problems".
               7. When Spybot is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
               8. Make certain there is a check mark beside all of the RED entries ONLY.
               9. Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
              10. REBOOT to complete the scan and clear memory.

            Note: After Windows loads, Spybot may run again to clean some files that it could not clean during the prior session. Follow the same procedure.

    Also I would like you Ti disable Ad-Aware from starting with windows, and then reboot, and see how the browser works after that. Let me know how it goes.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    yes all seems to be well and cooking with gas thank you very much for your great help you are very kind to be doing this for people  :a  :ty  w1  ;)1  ;d  :t

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    now I get a lot of popups?

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Did you run the immunize feature in Spybot?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    Yes I did. I'm getting a lot of sites I try to get on and then sent some where else

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    here it is
    ComboFix 10-03-17.07 - My Baby 03/18/2010   2:55.1.2 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1519 [GMT -7:00]
    Running from: c:\documents and settings\My Baby.SMALL-A9737E6AD\Desktop\ComboFix.exe
    AV:  *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW:  *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: Kaspersky Anti-Hacker *enabled* {0BB8CA15-F396-46C7-9A59-108D852CFEC0}
    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-220523388-920026266-839522115-1004
    c:\recycler\S-1-5-21-220523388-920026266-839522115-500
    c:\windows\00cb6d32-b623-474b-8a9b-8a66a1f6458e.ocx
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx
    c:\windows\msvrc20.dll
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\daed01c0-f691-483f-9b84-ce073a1cbcb2.dll
    c:\windows\system32\smante~1
    c:\windows\ymbols~1

    Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Service_Boonty Games


    (((((((((((((((((((((((((   Files Created from 2010-02-18 to 2010-03-18  )))))))))))))))))))))))))))))))
    .

    2010-03-18 09:51 . 2006-07-31 14:22   42112   ----a-r-   c:\windows\system32\drivers\JRAID_2.sys
    2010-03-17 11:52 . 2010-03-17 11:52   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Hagel Technologies
    2010-03-17 05:23 . 2010-03-17 05:26   --------   d-----w-   c:\program files\Spybot - Search & Destroy
    2010-03-16 21:30 . 2010-03-16 21:30   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Malwarebytes
    2010-03-16 21:30 . 2010-01-07 23:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-16 21:30 . 2010-03-16 21:30   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2010-03-16 21:30 . 2010-03-16 21:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2010-03-16 21:30 . 2010-01-07 23:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2010-03-15 10:59 . 2010-03-15 11:00   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Local Settings\Application Data\ApplicationHistory
    2010-03-15 09:27 . 2010-03-15 09:27   --------   d-----w-   c:\program files\Trend Micro
    2010-03-15 06:38 . 2010-03-15 06:38   --------   d-----w-   c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Hagel Technologies
    2010-03-15 05:34 . 2010-03-15 05:35   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Speedbit
    2010-03-15 05:34 . 2010-03-18 09:25   --------   d-----w-   c:\program files\SpeedBit Video Accelerator
    2010-03-15 05:34 . 2010-03-17 11:55   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Toolbar4
    2010-03-15 05:03 . 2010-03-15 05:30   --------   d-----w-   c:\program files\PCPitstop
    2010-03-15 05:03 . 2010-03-15 05:04   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\PCPitstop
    2010-03-15 04:57 . 2010-03-15 04:57   152576   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-03-15 04:57 . 2010-03-15 04:57   79488   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-15 04:50 . 2009-10-11 11:17   411368   ----a-w-   c:\windows\system32\deploytk.dll
    2010-03-15 04:50 . 2010-03-15 04:50   152576   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
    2010-03-13 19:45 . 2009-12-16 22:42   872960   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-03-13 19:45 . 2009-12-16 22:42   43008   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-03-13 19:45 . 2009-12-16 22:42   340480   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-03-13 19:45 . 2009-12-16 22:41   346624   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-03-13 19:41 . 2010-03-13 19:46   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\HPAppData
    2010-03-13 18:44 . 2010-03-13 18:44   --------   d-----w-   c:\windows\system32\wbem\Repository
    2010-03-13 18:43 . 2010-03-13 18:43   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Local Settings\Application Data\PackageAware
    2010-03-13 18:43 . 2010-03-13 18:43   --------   d-----w-   c:\program files\Desktop Themes
    2010-03-13 18:43 . 2010-03-13 18:43   --------   d-----w-   c:\program files\Active Data Recovery Software
    2010-03-13 18:43 . 2010-03-13 18:43   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Auslogics
    2010-03-13 17:58 . 2010-03-13 18:43   --------   d-----w-   c:\program files\DriveSentry
    2010-03-13 17:58 . 2010-03-13 18:43   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\DriveSentry
    2010-03-13 17:58 . 2010-03-13 17:58   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
    2010-03-13 15:14 . 2010-03-13 18:44   --------   dc-h--w-   c:\documents and settings\All Users.WINDOWS\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
    2010-03-13 15:14 . 2009-12-03 20:01   2835416   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}\IconPackager.exe
    2010-03-13 11:16 . 2010-03-03 17:31   3144296   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\Impulse_setup.exe
    2010-03-13 11:16 . 2010-03-13 11:16   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Stardock
    2010-03-13 10:44 . 2010-03-13 10:44   7852   ----a-w-   c:\windows\system32\mcdmsg7.dll
    2010-03-13 10:09 . 2010-03-13 11:16   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Stardock
    2010-03-13 09:55 . 2010-03-13 09:55   --------   d-----w-   c:\program files\Plus!
    2010-03-13 09:26 . 2010-03-13 18:32   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Local Settings\Application Data\Stardock
    2010-03-11 08:17 . 2008-03-21 21:57   14640   ------w-   c:\windows\system32\spmsgXP_2k3.dll
    2010-03-11 07:54 . 2009-10-27 20:02   23936   ----a-w-   c:\windows\system32\drivers\motmodem.sys
    2010-03-11 07:54 . 2008-03-28 01:49   1112288   ----a-w-   c:\windows\system32\wdfcoinstaller01007.dll
    2010-03-11 07:45 . 2010-03-11 07:45   --------   d-----w-   c:\program files\Motorola
    2010-03-11 07:44 . 2010-03-11 07:44   --------   d-----w-   c:\program files\Common Files\Motorola Shared
    2010-03-09 15:24 . 2010-03-09 15:24   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2010-03-09 07:13 . 2010-03-09 07:14   --------   d-----w-   c:\program files\Safari
    2010-03-09 07:10 . 2010-03-09 07:10   79144   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2010-03-09 07:07 . 2010-03-09 07:07   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Apple
    2010-03-09 06:57 . 2010-03-09 06:57   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Local Settings\Application Data\Apple
    2010-03-09 06:56 . 2010-03-09 06:56   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2010-02-21 18:49 . 2010-01-22 01:08   52224   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
    2010-02-21 18:49 . 2010-01-22 01:08   101376   ----a-w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-18 09:27 . 2010-03-13 13:33   5632   --sha-w-   c:\program files\Thumbs.db
    2010-03-18 09:20 . 2008-01-11 15:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2010-03-17 11:40 . 2008-01-12 18:08   --------   d-----w-   c:\program files\Lavasoft
    2010-03-17 05:48 . 2009-09-18 19:50   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\wsInspector
    2010-03-16 21:19 . 2008-01-08 20:58   --------   d-----w-   c:\program files\AIDA32 - Enterprise System Information
    2010-03-16 16:03 . 2008-03-13 02:56   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
    2010-03-15 04:58 . 2008-01-08 04:12   --------   d-----w-   c:\program files\Java
    2010-03-14 02:27 . 2008-01-08 05:53   230   ----a-w-   c:\windows\popcinfo.dat
    2010-03-13 18:44 . 2010-03-13 11:15   --------   dc-h--w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}
    2010-03-13 18:43 . 2007-07-08 22:59   --------   d-----w-   c:\program files\Common Files\Stardock
    2010-03-13 18:43 . 2009-09-18 19:33   --------   d-----w-   c:\program files\Safer Networking
    2010-03-13 17:15 . 2008-01-08 06:28   --------   d-----w-   c:\program files\Google
    2010-03-13 14:29 . 2004-08-04 12:00   3252224   ----a-w-   c:\windows\system32\logonuix.exe
    2010-03-13 14:16 . 2008-01-09 02:05   163712   ----a-w-   c:\windows\system32\drivers\vidstub.sys
    2010-03-13 13:30 . 2008-05-24 09:07   --------   d-----w-   c:\program files\WinFlip
    2010-03-13 13:30 . 2008-01-10 01:53   --------   d-----w-   c:\program files\Windows Media Connect 2
    2010-03-13 13:30 . 2009-06-26 04:26   --------   d-----w-   c:\program files\Steam
    2010-03-13 13:30 . 2008-01-23 00:21   --------   d-----w-   c:\program files\Winamp Remote
    2010-03-13 13:30 . 2008-01-13 00:17   --------   d-----w-   c:\program files\Sierra On-Line
    2010-03-13 13:30 . 2009-02-14 19:43   --------   d-----w-   c:\program files\PhotoScape
    2010-03-13 13:30 . 2009-11-15 02:47   --------   d-----w-   c:\program files\iWin Games
    2010-03-13 13:30 . 2009-06-04 17:12   --------   d-----w-   c:\program files\GameSpy Arcade
    2010-03-13 13:30 . 2008-01-09 02:10   --------   d-----w-   c:\program files\DivX
    2010-03-13 13:30 . 2009-06-02 09:29   --------   d-----w-   c:\program files\AGEIA Technologies
    2010-03-13 06:42 . 2008-01-08 03:44   --------   d-----w-   c:\program files\Programs
    2010-03-13 06:25 . 2007-07-25 02:14   --------   d-----w-   c:\program files\IrfanView
    2010-03-12 02:38 . 2007-06-14 15:54   --------   d--h--w-   c:\program files\InstallShield Installation Information
    2010-03-12 02:10 . 2009-01-23 00:56   --------   d-----w-   c:\program files\Common Files\ArcSoft
    2010-03-12 02:07 . 2008-01-25 17:21   --------   d-----w-   c:\program files\Common Files\Apple
    2010-03-12 02:03 . 2009-01-23 01:05   720   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-03-11 08:17 . 2010-03-11 08:17   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
    2010-03-11 08:17 . 2010-03-11 08:17   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2010-03-09 14:06 . 2008-09-25 09:45   63512   ---ha-w-   c:\windows\system32\mlfcache.dat
    2010-03-09 14:06 . 2008-01-25 17:24   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Apple Computer
    2010-03-09 07:09 . 2008-09-21 16:20   --------   d-----w-   c:\program files\Bonjour
    2010-03-09 07:08 . 2008-11-23 04:48   --------   d-----w-   c:\program files\QuickTime
    2010-03-09 05:37 . 2008-01-23 00:18   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Winamp
    2010-03-07 17:52 . 2008-01-09 02:32   --------   d-----w-   c:\program files\Microsoft Silverlight
    2010-03-06 12:20 . 2007-08-08 03:28   --------   d-----w-   c:\program files\Common Files\Adobe
    2010-03-03 17:27 . 2010-03-13 11:15   1119536   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\12FD35EB\impulse.dll
    2010-03-03 17:27 . 2010-03-13 11:15   30000   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\757C30BC\SDSecurity.dll
    2010-03-03 17:27 . 2010-03-13 11:15   468272   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\757C30BC\ImpulseNow.exe
    2010-03-03 17:26 . 2010-03-13 11:15   491312   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.Shell.dll
    2010-03-03 17:26 . 2010-03-13 11:15   87344   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\597810BF\Microsoft.WindowsAPICodePack.dll
    2010-03-01 00:19 . 2008-12-16 07:26   57   ----a-w-   c:\windows\popcinfot.dat
    2010-02-26 03:22 . 2008-07-23 22:35   --------   d-----w-   c:\program files\CCleaner
    2010-02-17 22:46 . 2010-03-13 11:15   38192   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\597810BF\Interop.ShockwaveFlashObjects.dll
    2010-02-17 22:45 . 2010-03-13 11:15   34096   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{CD13F3E2-988B-412B-83A0-D1E1435B73E3}\OFFLINE\86D01CB6\597810BF\AxInterop.ShockwaveFlashObjects.dll
    2010-02-15 01:43 . 2008-01-13 00:12   --------   d-----w-   c:\program files\iWin.com
    2010-02-15 01:39 . 2008-01-13 00:10   --------   d-----w-   c:\program files\PopCap Games
    2010-02-14 05:03 . 2010-02-14 05:03   --------   d-----w-   c:\program files\GoFish
    2010-02-14 05:03 . 2010-02-14 05:03   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\GoFish
    2010-02-11 00:07 . 2009-02-14 23:02   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\quicraw
    2010-02-09 03:24 . 2010-02-09 03:24   --------   d-----w-   c:\program files\Infogrames Interactive
    2010-02-08 00:21 . 2009-08-07 14:48   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
    2010-02-08 00:18 . 2008-03-15 07:16   --------   d-----w-   c:\program files\Common Files\Ahead
    2010-02-07 22:31 . 2010-02-07 22:28   --------   d-----w-   c:\program files\Free Window Registry Repair
    2010-02-07 22:14 . 2010-02-07 22:02   --------   d-----w-   c:\program files\TweakNow PowerPack 2009
    2010-02-07 22:02 . 2010-02-07 22:02   --------   d-----w-   c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\TweakNow PowerPack 2009
    2010-02-05 01:24 . 2008-01-11 04:22   --------   d-----w-   c:\program files\Common Files\Real
    2010-02-05 01:24 . 2010-02-05 01:24   --------   d-----w-   c:\program files\Common Files\xing shared
    2010-02-05 01:23 . 2007-03-12 05:24   499712   ----a-w-   c:\windows\system32\msvcp71.dll
    2010-02-05 01:23 . 2003-02-21 07:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
    2010-01-28 18:08 . 2009-08-02 04:43   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2010-01-28 18:01 . 2008-01-19 04:06   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2010-01-19 19:49 . 2009-05-15 06:24   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
    2010-01-19 19:48 . 2009-09-17 07:14   --------   d-----w-   c:\program files\Common Files\Adobe AIR
    2010-01-19 19:48 . 2009-09-17 07:14   38784   ----a-w-   c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-06-01 15:06 . 2009-06-01 11:08   177359356   ----a-w-   c:\program files\cod2demo.exe
    2008-05-01 01:08 . 2008-02-15 12:07   262144   ----a-w-   c:\program files\Uninstall Ask Toolbar.dll
    2008-03-14 02:48 . 2008-03-14 02:48   14248960   ----a-w-   c:\program files\veoh.msi
    2008-03-14 02:48 . 2008-03-14 02:48   128625   ----a-w-   c:\program files\setup.isn
    2008-03-14 02:48 . 2008-03-14 02:48   6129   ----a-w-   c:\program files\0x0409.ini
    2008-03-14 02:48 . 2008-03-14 02:48   2059   ----a-w-   c:\program files\Setup.INI
    2005-10-01 20:57 . 2008-05-31 17:01   881   ----a-w-   c:\program files\readme.txt
    2005-10-01 20:54 . 2008-05-31 17:01   443   ----a-w-   c:\program files\license.txt
    2005-10-01 19:42 . 2008-05-31 17:01   198   ----a-w-   c:\program files\icon.gif
    2005-10-01 19:38 . 2008-05-31 17:01   2960   ----a-w-   c:\program files\screenshot.gif
    2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
    2008-01-12 18:35 . 2008-01-12 18:35   80   --sh--r-   c:\windows\system32\881E85C002.dll
    2008-03-26 10:59 . 2008-03-26 10:59   8   --sh--r-   c:\windows\system32\D588D68AF5.dll
    .

    ------- Sigcheck -------

    [7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
    [7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
    [-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\mshtml.dll
    [-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\mshtml.dll
    [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\system32\mshtml.dll
    [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\system32\dllcache\mshtml.dll
    [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
    [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\65cb51275f131ad95a646f305f973e3a\mshtml.dll
    [7] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll

    [7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
    [7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
    [-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\wininet.dll
    [-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\wininet.dll
    [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\system32\wininet.dll
    [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\system32\dllcache\wininet.dll
    [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
    [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\65cb51275f131ad95a646f305f973e3a\wininet.dll
    [7] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-09-02 18:58   1107200   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
    "PC Booster"="c:\documents and settings\My Baby.SMALL-A9737E6AD\Desktop\PCBooster.exe" [2006-07-12 7131136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideShutdownScripts"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 99 (0x63)
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonuix.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-27 11:36   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    2005-01-31 23:13   49152   ----a-w-   c:\progra~1\COMMON~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    2010-02-03 23:33   214320   ----a-w-   c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wbsys.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute   REG_MULTI_SZ      lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
    @="Service"
    path=
    backup=

    [HKLM\~\startupfolder\C:^Documents and Settings^My Baby.SMALL-A9737E6AD^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    {‘|»‘|4 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
    {‘|»‘|4 [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-11-20 21:20   290088   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iWin Games\\iWinGames.exe"=
    "c:\\Program Files\\iWin Games\\WebUpdater.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\CCleaner\\CCleaner.exe"=
    "c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\Program Files\\Outlook Express\\msimn.exe"=
    "c:\\Program Files\\Uniblue\\RegistryBooster 2009\\Launcher.exe"=
    "c:\\2nd Story Software\\TaxACT 2009\\TaxACT09.exe"=
    "c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
    "c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
    "c:\\Program Files\\Steam\\steamapps\\boogyman911\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\boogyman911\\diprip warm up\\hl2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\boogyman911\\dedicated server\\hlds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\luxor 3\\Luxor3.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus demo\\Exoddus.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [1/11/2008 5:28 PM 10548]
    R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2/1/2008 8:16 PM 14592]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/27/2009 4:36 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/27/2009 4:36 AM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/27/2009 4:35 AM 297752]
    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [3/4/2009 2:47 PM 15896]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]
    S2 gupdate1c9b21fdf943654;Google Update Service (gupdate1c9b21fdf943654);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2009 9:43 AM 133104]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/4/2009 2:42 PM 99352]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/26/2009 3:46 PM 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/4/2009 2:42 PM 555032]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/4/2009 2:42 PM 100888]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/4/2009 2:42 PM 566296]
    S3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/21/2010 12:12 PM 78104]
    S3 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [1/6/2010 12:45 AM 6656]
    S3 sysid;sysid;c:\windows\system32\drivers\sysid.sys [1/8/2008 1:57 PM 6336]
    S4 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [1/11/2008 5:28 PM 225280]
    S4 ioloFileInfoList;iolo FileInfoList Service;

    S4 ioloSystemService;iolo System Service;


    --- Other Services/Drivers In Memory ---

    *Deregistered* - HYCtl
    *Deregistered* - Winflash

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-03-18 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-08 19:20]

    2010-03-18 c:\windows\Tasks\Google Software Updater_1.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-08 19:20]

    2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 16:43]

    2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 16:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    FF - ProfilePath - c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - about:neterror?e=query&u=
    FF - component: c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\My Baby.SMALL-A9737E6AD\Application Data\Mozilla\Firefox\Profiles\bf0iy4sj.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np32dsw.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npagent.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPFxViewer.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NPOFF12.DLL
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprjplug.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\Windows Media Player\npdsplay(2).dll

    ---- FIREFOX POLICIES ----
     
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-18 03:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ... 

    scanning hidden autostart entries ...

    scanning hidden files ... 

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet006\Services\AODService]
    "ImagePath"="c:\program files\AMD\OverDrive\AODAssist"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1060284298-688789844-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)

    [HKEY_USERS\S-1-5-21-1060284298-688789844-682003330-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:79,3d,8e,ec,1a,e6,81,de,35,6a,b7,44,90,da,58,ca,9c,d9,4b,fd,8e,f2,34,
       15,91,11,15,a7,48,67,41,d4,ba,73,6b,41,0a,43,ef,83,bf,67,a7,c9,03,86,84,df,\
    "??"=hex:3d,fc,bb,b4,98,32,86,52,fe,7a,79,57,9b,e5,b5,6c

    [HKEY_USERS\S-1-5-21-1060284298-688789844-682003330-1005\Software\SecuROM\License information*]
    "datasecu"=hex:03,bd,0a,4f,d2,c6,8f,00,84,ee,5c,eb,de,7f,50,ad,20,ac,29,75,e0,
       28,42,c8,f3,54,3b,2e,af,e0,62,68,9c,0d,34,86,23,64,cf,28,02,03,0f,1a,c4,aa,\
    "rkeysecu"=hex:0c,df,04,6b,a6,d6,10,ae,e1,55,3f,62,4c,c4,25,50

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5dd5a0f0-dfb4-4d0e-92ba-836a8fd0e515}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000028
    "Therad"=dword:00000022
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
       38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):6c,bf,02,1a,5b,86,dd,a3,36,0d,b2,01,4d,c1,93,52,9d,cc,3f,18,c2,
       d1,ee,a3,88,3b,d9,3f,76,fd,e4,94,50,95,3b,79,1b,dc,a8,9e,00,00,00,00,00,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(748)
    c:\windows\system32\Ati2evxx.dll
    c:\progra~1\COMMON~1\Stardock\mcpstub.dll
    c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

    - - - - - - - > 'explorer.exe'(3008)
    c:\progra~1\COMMON~1\Stardock\mcpcore.dll
    c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Stardock\Object Desktop\EnhancedDialog\enhdlginit.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Windows SteadyState\SCTSvc.exe
    c:\program files\TGTSoft\StyleXP\StyleXPService.exe
    c:\program files\Creative\Shared Files\CTAudSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\progra~1\COMMON~1\Stardock\SDMCP.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-03-18  03:10:33 - machine was rebooted
    ComboFix-quarantined-files.txt  2010-03-18 10:10

    Pre-Run: 229,199,171,584 bytes free
    Post-Run: 229,248,184,320 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - CAF6D7CE9776C53E872148E89AAC90D0

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    How is the browser running now?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline hammerhead31

    • Bronze Member
    • Posts: 8
    all seems good the best I've seen it Thank you so much for your time and knowledge shared   

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25387
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Now  there are a few thing's you need to do to fully clean your system and keep it secure.


    Uninstall Combofix
    The following will implement some cleanup procedures as well as reset System Restore points:
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall

    Run OTC
    Download OTC to your desktop and run it
    Click Yes to beginning the Cleanup process and remove these components, including this application.
    You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

    Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

    Disable and Enable System Restore.
    I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
    For Vista use these instructions, Windows Vista Restore Guide
    For XP use these instructions, Windows XP System Restore Guide
    Reboot
    Re-enable system restore with instructions from tutorial above
    Create a System Restore Point
    Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

    Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

    Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
    Firefox.
    It is also worth trying Thunderbird for controlling spam in your e-mail.

    Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may Ave you more than anything else.

    Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

    Always use a firewall.
    Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
     
    Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


    Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


     MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

    Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

    Before using any malware detection / removal software Check with Rogue/Suspect Spyware List and Rogue Applications List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

    We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
    PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

    Let us know if you have any more problems, either new or old.
    Have a good time surfing the net, but stay safe.
    If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!