« previous next »
Pages: [1]   Go Down

Author Topic: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore  (Read 1439 times)

0 Members and 1 Guest are viewing this topic.

Offline Glaycyer

  • Bronze Member
  • Posts: 9
[In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« on: August 09, 2009, 05:12:46 PM »
My father asked me to fix his computer yesterday, and I don't know how to fix this. First of all the file associations were mucked up - any .ink or .exe's, as well as most other files (with the exception of images and MS Word documents), were not displaying properly or working. I managed to fix those, however when I try to use System Restore I cannot get it to run. It works alright until I get to the last page and I need to click 'next', which now does nothing. I then installed Malwarebytes' Anti-Malware and Spybot Search & Destroy (his AVG Free and Ad-Aware showed nothing in their scans), but they would not run at all when I clicked the shortcut. Spybot SD Resident appears in the System Tray. I then installed HijackThis (which works), and here is the log. I'm not a guru at virus removal or other such things, so I would appreciate any help given.

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:05 AM, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\GIGABYTE\GEST\GEST.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailytelegraph.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PerfectOptimizer] C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Pestend\LOCALS~1\Temp\BE.tmp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm796YYAU
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE3129B1-5C75-4AE1-876F-FE4BB2DF6267}: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00AB042 - C:\WINDOWS\system32\__c00AB042.dat (file missing)
O21 - SSODL: InternetConnection - {0CCFF1BB-4A60-4342-A8CC-FB9B13BDED9C} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\oiqedylmfm.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11109 bytes
« Last Edit: August 11, 2009, 06:59:25 AM by PCBruiser »
Logged


Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #1 on: August 11, 2009, 04:51:24 AM »
No one? I can't figure out how to fix it on my own ...
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #2 on: August 11, 2009, 07:09:42 AM »
    Hi,

    My name is PCBruiser (or PCB for short), and I will be helping you to remove any malware on your system.  Please do
not run any anti-malware, anti-virus or so-called "registry cleaners" unless I specifically tell you to do so.  Running the wrong thing at the wrong time can seriously damage your system.  The system has been hijacked by a lovely gang of Ukranian criminals.

Please copy and print out these instructions using Notepad so they will be readily available to you. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, please ask your question(s) before doing anything further.

1.  Run HijackThis again, but this time choose Do a system scan only, that is the second option from the top in the HijackThis What would you like to do choices.  After HijackThis completes the system scan, check the box immediately to the left of the following item(s):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (file missing)
O4 - HKLM\..\Run: [PerfectOptimizer] C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Pestend\LOCALS~1\Temp\BE.tmp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm796YYAU
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE3129B1-5C75-4AE1-876F-FE4BB2DF6267}: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.211,85.255.112.149
O20 - Winlogon Notify: __c00AB042 - C:\WINDOWS\system32\__c00AB042.dat (file missing)
O21 - SSODL: InternetConnection - {0CCFF1BB-4A60-4342-A8CC-FB9B13BDED9C} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\oiqedylmfm.dll (file missing)

Please be very careful, do NOT check any other boxes.

Next, click on Fix checked on the bottom left side of the HijackThis screen.

Next, reboot.

2.  Try running MBAM from the shortcut.  If it runs, update the definitions.  If it doesn't run, navigate to C:\Program Files\Malwarebytes' Anti-Malware and rename the file mbam.exe to something random like zyx987.exe and then double click on the renamed file.  The desktop shortcut won't work anymore due to renaming that file. 

On the MBAM Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.  Please also post a fresh HJT log.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.  Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Logged
Don't Read?  Can't learn!

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #3 on: August 11, 2009, 10:45:49 PM »
Thanks for your reply :)

This is the MBAM log:
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

12/08/2009 12:07:47 AM
mbam-log-2009-08-12 (00-07-47).txt

Scan type: Quick Scan
Objects scanned: 143987
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 26
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 44
Files Infected: 307

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Update (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup\20090211162914.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Alert.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad_24x24.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Bad_32x32.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Check.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Data.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Disk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\DotLine.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Error.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Frame.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Good_24x24.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Good_32x32.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Info.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Progrss.bmp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Safe.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Sys.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Thumbs.db (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Uncheck.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\green.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\orange.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\Red.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\Thumbs.db (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Home\yellow.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\block_activeX.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\evidence_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\junk_file_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\registry_clean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\startup_optimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\system_optimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Icon\Thumbs.db (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_EC_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FSR_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FSS_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_FST_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_Home_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_MO_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSO_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSO_Image_Info.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSR_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RSS_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_RST_Image_BG.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\SEM_Top.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Jpg\Thumbs.db (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Backup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Clean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_DriveBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_EvidenceClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_FavoritesBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Home_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_IERepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_JunkFileClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_MomeryOptimizer_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_OneClick_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Optimize_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Options_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegistryClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_RegsitryBackup_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Repair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Results_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_Small_BackGround.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SpyClean_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_StartupManager_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemOptimizer_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_SystemRestore_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_UninstallManager_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Down.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Normal.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\SEM_Button_WindowsRepair_Over.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Res\Menu\Thumbs.db (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp\__clean_disk.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp\__repair_components.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp\__repair_errors.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp\__start_schedule.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.

--- continues in next post ---
Logged

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #4 on: August 11, 2009, 10:48:18 PM »
--- continued from last post ---

C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-010245.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-010741.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-010849.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-022736.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-075635.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-080053.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-081214.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-141320.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-143423.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-143902.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-150820.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-155540.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-161718.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-182602.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-201751.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-222005.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-222324.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-222612.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-232007.076.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-093131.654.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-123741.248.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-124254.279.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-130828.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-190433.326.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-194106.857.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-202650.482.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-211357.654.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-211439.060.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-062310.310.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-063054.717.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-072442.764.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-072847.326.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-074520.389.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-080105.232.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-091309.139.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-092002.201.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-120925.404.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-123506.889.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-143932.185.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-183822.592.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-192243.232.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-220255.795.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-091654.701.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-122123.857.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-161634.592.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-165741.998.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-173544.420.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-092236.248.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-143455.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-160211.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-161317.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-172757.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-180046.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-210535.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-211132.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-091754.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-095146.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-100547.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-100718.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-102749.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-112651.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-122556.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-132945.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-133042.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-142025.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-142147.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-155004.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-202720.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-074019.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-074448.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-075703.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-103842.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-111035.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-114623.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-130858.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-131319.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-131923.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-144542.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-145444.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-152429.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-170124.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-200814.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-202817.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-205506.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-232653.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-043412.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-070825.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-072359.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-081000.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-182852.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-193025.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-221237.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-000318.741.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-001910.100.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-081945.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-120557.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-142832.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-143657.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-163843.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-164608.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-170911.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-190114.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-195645.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-232553.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-025207.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-025250.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-010245.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-010245.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\PerfectOptimzier_OneClick.job (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winSystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Logged

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #5 on: August 11, 2009, 10:49:38 PM »
And this is a fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:56 PM, on 12/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\GIGABYTE\GEST\GEST.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Malwarebytes' Anti-Malware\somerandomname.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailytelegraph.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WiniShield] C:\Program Files\WiniShield Software\WiniShield\WiniShield.exe -min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9806 bytes
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #6 on: August 12, 2009, 08:33:17 AM »
Hi,

That killed a lot of malware.  MBAM is a good product.

1.  Download Combofix from any of the links below, and save it to your desktop.  For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

a. Close any open browsers.

b. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:  Do not click combofix's window with your mouse while it's running. That may cause it to stall.

Please post the following:

a. combofix.txt
b. a fresh HJT log
Logged
Don't Read?  Can't learn!

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #7 on: August 13, 2009, 01:18:19 AM »
ComboFix 09-08-10.06 - Pestend 13/08/2009 17:01.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1593 [GMT 10:00]
Running from: c:\documents and settings\Pestend\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Internet Explorer\DLLs\c.cgm
c:\windows\10439spz659.bin
c:\windows\11513wo5m2z19.bin
c:\windows\11757hac5tooz907.exe
c:\windows\119579py7cz.bin
c:\windows\122179z5421.exe
c:\windows\128dvir1529z.exe
c:\windows\12f3addw95ez321.cpl
c:\windows\1366szambot95.ocx
c:\windows\13z01w9r51b0.cpl
c:\windows\13z679py175.ocx
c:\windows\1409zvi9u5655.dll
c:\windows\14397zpamb5t4d59.dll
c:\windows\14999hzcktool5b8.bin
c:\windows\14z6b9ckdoor59.cpl
c:\windows\15351hacktoo934z.dll
c:\windows\15429z9rm22d5.dll
c:\windows\15521vi9us1z8.dll
c:\windows\15603h9cktozl212.bin
c:\windows\159edownloader58z.ocx
c:\windows\159z1hack5ool3e8.bin
c:\windows\15z749ormbc.ocx
c:\windows\16095noz-a59irusb0.cpl
c:\windows\16235szambot493.cpl
c:\windows\16685wzr91d1.bin
c:\windows\169399aczt5ol210.dll
c:\windows\16daszar952295.dll
c:\windows\16z1sp5rse9143.dll
c:\windows\17569tr5j7c0z.exe
c:\windows\175z89p5mbot7a5.ocx
c:\windows\17834spa5bzt9a7.dll
c:\windows\17fzsparse12905.bin
c:\windows\18125s5ambz9593.cpl
c:\windows\1818zack9o5l20.cpl
c:\windows\190bzh5eat2687.exe
c:\windows\19151virus40z9.cpl
c:\windows\19157z59j522.exe
c:\windows\192zt9r5at9657.cpl
c:\windows\19435spy2a9z.bin
c:\windows\19504spam5zt75b.bin
c:\windows\19591vir9s55z.exe
c:\windows\19716spz975.bin
c:\windows\19z235acktool5d1.ocx
c:\windows\19z9spyware1225.dll
c:\windows\1a09backdoorz753.bin
c:\windows\1a35d5wnlzader1493.cpl
c:\windows\1af99ddza5e1922.exe
c:\windows\1b05spyzare1769.dll
c:\windows\1cc0spywzre25299.ocx
c:\windows\1e1ab9ckdoor142z5.ocx
c:\windows\1e439i51z44.bin
c:\windows\1eatzr5at31999.cpl
c:\windows\1f54threat12z949.bin
c:\windows\1f639pywzre1585.cpl
c:\windows\1fa9v5z3039.dll
c:\windows\1z21s9eal32745.cpl
c:\windows\1z534spambo57649.ocx
c:\windows\201zhack5ool495.cpl
c:\windows\2046zacktool9fc5.cpl
c:\windows\20847s5azbot79.dll
c:\windows\21126n5t-9-viruzd8.cpl
c:\windows\22475hack95ol6ez.cpl
c:\windows\22552spamboz1d9.ocx
c:\windows\22699vi59z2dd.exe
c:\windows\228795acktooz9ce.bin
c:\windows\22c7th5eaz96082.ocx
c:\windows\22z345roj92.cpl
c:\windows\23012h5zk9ool478.bin
c:\windows\23051s9ambot77cz.bin
c:\windows\23555ownz9ader2112.dll
c:\windows\236zir9s5d5.cpl
c:\windows\238049ot-a-virzs45a.cpl
c:\windows\23a5st9az16285.exe
c:\windows\241285ir9s57z.bin
c:\windows\24942virus55z.ocx
c:\windows\25094hacktoo9ze7.ocx
c:\windows\25319hacztool578.cpl
c:\windows\25457ha5ztool95d.ocx
c:\windows\25758sp9m5ot1za.dll
c:\windows\259669py75z.cpl
c:\windows\261849zt5a-virus44.dll
c:\windows\26187spzm5ot96b.cpl
c:\windows\2626ste5l59z.exe
c:\windows\2659zh5eat716.dll
c:\windows\269btzie95811.cpl
c:\windows\26z69s5ya0.ocx
c:\windows\2714s59rse29z2.ocx
c:\windows\2739hazkt9ol55f.ocx
c:\windows\2745sze9l252.dll
c:\windows\27589virus7z5.dll
c:\windows\27757hacktool497z.dll
c:\windows\27788notza9v5rus309.bin
c:\windows\27919zackt9ol567.ocx
c:\windows\27962wozm5c5.dll
c:\windows\27a6spy59rz2845.dll
c:\windows\2834s9ar5e305z.ocx
c:\windows\2851zworm149.cpl
c:\windows\28525troj9z5.cpl
c:\windows\285h9cktooz147.dll
c:\windows\29270zroj4d75.bin
c:\windows\29521worm5c2z.cpl
c:\windows\29554t9zj67a.bin
c:\windows\295z5hacktool4b5.dll
c:\windows\296995ot-a-virus3zb.ocx
c:\windows\29725roz751.exe
c:\windows\29727n5tza-vir9s245.bin
c:\windows\2985z5ckdoor1937.dll
c:\windows\298zhacktool95.cpl
c:\windows\29z21vi5uscc.ocx
c:\windows\29z54spy61.dll
c:\windows\2bcfsp9z5re2914.exe
c:\windows\2d05baczdo9r910.ocx
c:\windows\2d0bdownloaze92250.exe
c:\windows\2d5asp9zare1853.exe
c:\windows\2f2cbac9door2568z.exe
c:\windows\2z04a5dwar9525.dll
c:\windows\2z351n5t-a-virus99.exe
c:\windows\2z942vir9555.bin
c:\windows\30449spambzt55.bin
c:\windows\3048addwa9e825z.bin
c:\windows\30534zirus79d.bin
c:\windows\30656hac9tool43z5.ocx
c:\windows\30c3b9ckd5or1z20.ocx
c:\windows\31155wormz979.bin
c:\windows\313abz9kdo5r2496.ocx
c:\windows\31879vi5uz4eb.cpl
c:\windows\3209back5oorz012.cpl
c:\windows\3225w9rm3z7.dll
c:\windows\3245spzrse31099.ocx
c:\windows\3257hacktoz95f7.exe
c:\windows\327ethz9at4556.exe
c:\windows\3280zownl95der2931.ocx
c:\windows\3459zhre9t54830.ocx
c:\windows\34c7tzr5at94956.cpl
c:\windows\35177n9t-azvirus713.cpl
c:\windows\35c9spazse1130.cpl
c:\windows\35cfthzeat99532.bin
c:\windows\3919zir95665.exe
c:\windows\395cthiefz9.cpl
c:\windows\3980stealz15.ocx
c:\windows\39905hzef2077.exe
c:\windows\3a11t5rea93z677.cpl
c:\windows\3a69sz5al543.dll
c:\windows\3a899zyware2150.exe
c:\windows\3af2spy5a9z466.cpl
c:\windows\3b91baczdoor1458.exe
c:\windows\3bd8adzw5re1493.cpl
c:\windows\3bz29hief5951.bin
c:\windows\3c039ddzare21055.dll
c:\windows\3c79do5nzoad9r2076.bin
c:\windows\3c99bzck5oor2489.ocx
c:\windows\3d59thief6z.dll
c:\windows\3de7ste5z16339.bin
c:\windows\3e31vi525z59.cpl
c:\windows\3e95szeal601.exe
c:\windows\4229not-z-v5rus19a.bin
c:\windows\4240a5zware2289.exe
c:\windows\42ffzt9al5513.dll
c:\windows\432zworm955.exe
c:\windows\4550tzi9f2299.cpl
c:\windows\455not59-vizus6ab.dll
c:\windows\458ds9azse171.cpl
c:\windows\45dfbazkdoo93108.dll
c:\windows\469d5hrezt15775.bin
c:\windows\472av95190z.exe
c:\windows\4799spyw5ze903.exe
c:\windows\479bsp5zse3165.bin
c:\windows\47zadown5oa9er1038.bin
c:\windows\48c9thief5z17.cpl
c:\windows\48e5threzt20449.dll
c:\windows\491z5hief421.exe
c:\windows\493zv5r1796.bin
c:\windows\4965szy1e95.cpl
c:\windows\497dzhreat57039.exe
c:\windows\4992spazse1095.exe
c:\windows\49zbaddwar5549.bin
c:\windows\4af4a9dwar51234z.exe
c:\windows\4c3zvi59199.dll
c:\windows\4czf9ackdoor35.ocx
c:\windows\4dazhief17559.bin
c:\windows\4z549irus35f.dll
c:\windows\5038ad9wa5e2399z.exe
c:\windows\5039backd9o52567z.ocx
c:\windows\5047virzs499.dll
c:\windows\5055threa95289z.cpl
c:\windows\5147th9ef1855z.bin
c:\windows\51758spambot6za9.cpl
c:\windows\51893not-a-vzru975b.bin
c:\windows\53019py7bz.ocx
c:\windows\53459own5oazer1185.cpl
c:\windows\53d4thizf829.ocx
c:\windows\54277hacztool392.exe
c:\windows\542s9arse529z.ocx
c:\windows\5488sz5wa9e2093.ocx
c:\windows\5492zpy7f.dll
c:\windows\549959zy88.exe
c:\windows\5504spyware19z9.dll
c:\windows\5517trojz93.cpl
c:\windows\5555tz9j1a2.ocx
c:\windows\55a95tzal14939.cpl
c:\windows\55z25troj12b9.ocx
c:\windows\55z7backdoo9805.exe
c:\windows\56404sp9zbot559.ocx
c:\windows\56e3s9ezl1155.dll
c:\windows\56z2wo955f3.exe
c:\windows\5805backd9orz6.bin
c:\windows\58499hacztool297.dll
c:\windows\584cste9l4z5.ocx
c:\windows\585et9zea58827.dll
c:\windows\587az9i5f3064.ocx
c:\windows\58zspyware28999.ocx
c:\windows\590vir9s519z.ocx
c:\windows\5923adzware9596.bin
c:\windows\5925steal9z15.cpl
c:\windows\59356worm4dz.ocx
c:\windows\5965t5rzat31997.exe
c:\windows\59687spamzotc9.cpl
c:\windows\5972spamb5t9zd.ocx
c:\windows\59739not-a-vizu9464.ocx
c:\windows\5976back9ooz625.bin
c:\windows\59909z520a.ocx
c:\windows\59dspywzre1551.exe
c:\windows\59z25py3bb.cpl
c:\windows\5aa5thr5zt90449.cpl
c:\windows\5ab3v9r25z9.cpl
c:\windows\5b089parse61z5.exe
c:\windows\5ba1downloa9er1500z.exe
c:\windows\5c2t5reat95z76.exe
c:\windows\5cf0do9zloader2343.cpl
c:\windows\5e2dzown5oader796.ocx
c:\windows\5ed3s5ezl9063.dll
c:\windows\5f91backdoz51637.dll
c:\windows\5z108sp9684.cpl
c:\windows\6052vizus9175.exe
c:\windows\614zt9oj5445.ocx
c:\windows\6350spy98z.dll
c:\windows\638dvir598z.cpl
c:\windows\6453thizf962.bin
c:\windows\6588w5rm5b9z.exe
c:\windows\65c8szeal6039.dll
c:\windows\65ebvir1z519.bin
c:\windows\6695bazkdoor2193.bin
c:\windows\6716vi5usz9f.exe
c:\windows\6790zownlo59er1154.bin
c:\windows\68baspazse159.exe
c:\windows\68dfz5dware996.cpl
c:\windows\69205hiez1910.exe
c:\windows\6922notz5-virus384.cpl
c:\windows\6942th5ef1484z.dll
c:\windows\6958sparsz5038.cpl
c:\windows\695ethreatz6379.exe
c:\windows\6997s5y165z.dll
c:\windows\69aathief5z32.ocx
c:\windows\6dz35p9ware2020.dll
c:\windows\6e9aspzw5re541.exe
c:\windows\6z0baddwar51994.exe
c:\windows\6z65t9i5f1503.dll
c:\windows\70705ackdoor9z32.bin
c:\windows\7173downl9z5er2583.dll
c:\windows\73e5back9oor3z05.cpl
c:\windows\741zvir25819.exe
c:\windows\743dsteaz2995.exe
c:\windows\7529not-a-5iruz529.ocx
c:\windows\756aspzr9e2963.exe
c:\windows\757doz9loader3104.exe
c:\windows\75fc9py5are1755z.bin
c:\windows\763bbzckdo9r26455.bin
c:\windows\7729downloa95rz88.exe
c:\windows\780ztroj9c5.dll
c:\windows\78159tealz795.cpl
c:\windows\79159ddwarz2066.bin
c:\windows\7920add5are855z.cpl
c:\windows\795z9irus21f5.cpl
c:\windows\79ecspars530z5.bin
c:\windows\7c9ebac5door2z9.ocx
c:\windows\7fc19parse59z6.dll
c:\windows\7z2eth5ef439.bin
c:\windows\7z9059ckdoor644.dll
c:\windows\8086v9z5s465.cpl
c:\windows\833z5py7429.ocx
c:\windows\84355iru93z8.bin
c:\windows\8898wzrm3d95.dll
c:\windows\910295roj7z.exe
c:\windows\9115virz865.ocx
c:\windows\91bfzpyware1950.exe
c:\windows\920z0hacktool1e5.dll
c:\windows\92225spy37z.bin
c:\windows\92dbthie51241z.exe
c:\windows\92f5vir27z6.exe
c:\windows\92z9no5-a-virus49e.exe
c:\windows\950zthief3061.ocx
c:\windows\9646trzj459.exe
c:\windows\96559acktooz732.cpl
c:\windows\9685zhie5279.cpl
c:\windows\96edvir5z5.dll
c:\windows\9835worz579.bin
c:\windows\9864threzt25974.dll
c:\windows\99021not-a-5izus602.exe
c:\windows\99762hazkto5l165.exe
c:\windows\9a63addw5rz2149.bin
c:\windows\9be4threaz35617.exe
c:\windows\9ccthreatz825.bin
c:\windows\9d97thrza529959.exe
c:\windows\9z239sp5776.ocx
c:\windows\9z41st5al333.dll
c:\windows\a9bspzwa5e751.ocx
c:\windows\d89th5ef96z.cpl
c:\windows\e03down5oaz9r1571.cpl
c:\windows\e1495izf823.dll
c:\windows\e33stealz965.ocx
c:\windows\ecb9hie5z895.dll
c:\windows\fe4vzr1975.dll
c:\windows\system32\1039zo9m475.exe
c:\windows\system32\10425wo9m6dcz.bin
c:\windows\system32\10515hac5zool79f.exe
c:\windows\system32\10523zackt9ol5cf.cpl
c:\windows\system32\1052ztroj394.cpl
c:\windows\system32\10599troj2zf5.bin
c:\windows\system32\105zsteal359.ocx
c:\windows\system32\108199i5us7z1.dll
c:\windows\system32\10z48sp57839.cpl
c:\windows\system32\10z54spam9ot1c6.ocx
c:\windows\system32\11138nzt-5-viru91ba.dll
c:\windows\system32\111709r5j6az.dll
c:\windows\system32\113bb9c5dozr2957.bin
c:\windows\system32\11535v9ruz310.dll
c:\windows\system32\11623vi59z38e.ocx
c:\windows\system32\11962vi5z967d.dll
c:\windows\system32\11bfzownloade995.cpl
c:\windows\system32\12250woz549c.dll
c:\windows\system32\12629spyz495.cpl
c:\windows\system32\126835pambot1f9z.bin
c:\windows\system32\12957sp5z98.cpl
c:\windows\system32\13129not-a-viru5z0d.dll
c:\windows\system32\1313195yz2e.cpl
c:\windows\system32\13695trojz695.dll
c:\windows\system32\13783haczt9ol655.exe
c:\windows\system32\1397zworm2a5.dll
c:\windows\system32\13992wzr9e5.exe
c:\windows\system32\13a35t9al3z9.dll
c:\windows\system32\1437tr9jz53.cpl
c:\windows\system32\14905troz3d8.dll
c:\windows\system32\15025vir9s6z6.exe
c:\windows\system32\1502zw9rm414.ocx
c:\windows\system32\15146spamboz4a89.cpl
c:\windows\system32\1527virus3z9.bin
c:\windows\system32\152add9a5e278z.bin
c:\windows\system32\15592s9amboz706.dll
c:\windows\system32\15876worm9z.bin
c:\windows\system32\158zthie59594.cpl
c:\windows\system32\15z5download9r2673.ocx
c:\windows\system32\16299s9z60a5.bin
c:\windows\system32\16961spambot5z9.cpl
c:\windows\system32\16c9thzef205.exe
c:\windows\system32\17391not-5-zirus49b9.cpl
c:\windows\system32\173bth5zat305479.dll
c:\windows\system32\17569hackt95z592.bin
c:\windows\system32\1759a9dware94z.dll
c:\windows\system32\17818s951z4.ocx
c:\windows\system32\17856viru94b5z.exe
c:\windows\system32\17994worm5z8.ocx
c:\windows\system32\18257hzcktoo54769.cpl
c:\windows\system32\18594s9y704z.exe
c:\windows\system32\18663s5ambotzb89.bin
c:\windows\system32\19319sp5mbzt589.bin
c:\windows\system32\19375vizus290.dll
c:\windows\system32\19408sp549z.cpl
c:\windows\system32\1952st9al68z.ocx
c:\windows\system32\195709zy213.ocx
c:\windows\system32\19577wo5m10cz.cpl
c:\windows\system32\1958virz08.ocx
c:\windows\system32\196199py15z.bin
c:\windows\system32\1972vi95z511.exe
c:\windows\system32\19734w5rm9z2.dll
c:\windows\system32\19735troj1z1.bin
c:\windows\system32\197z5pywar92549.dll
c:\windows\system32\19z5t5reat21907.cpl
c:\windows\system32\19z8d9wnl5ader1895.cpl
c:\windows\system32\1a62do5nloader1395z.ocx
c:\windows\system32\1b1fth95f3z9.cpl
c:\windows\system32\1b85bz9kdoor148.dll
c:\windows\system32\1c94addwa9e2z995.ocx
c:\windows\system32\1e25v9z584.bin
c:\windows\system32\1f84th5ez917488.ocx
c:\windows\system32\1f9fstz5l1965.bin
c:\windows\system32\1faad9w5loadzr2728.cpl
c:\windows\system32\1z079parse2599.bin
c:\windows\system32\1z215t5o9621.cpl
c:\windows\system32\1z368sp9m5ot638.exe
c:\windows\system32\20319tr5zc19.cpl
c:\windows\system32\20529troj9bz.dll
c:\windows\system32\2059zorm739.cpl
c:\windows\system32\20729not-a5zi9usbc.bin
c:\windows\system32\2088z9orm3a45.dll
c:\windows\system32\210729zrus5bf.exe
c:\windows\system32\21652z9oj2b2.dll
c:\windows\system32\2172a5zware9373.bin
c:\windows\system32\2252th9ef250z.ocx
c:\windows\system32\226b95czdoor792.bin
c:\windows\system32\22998sp5mbot2c9z.ocx
c:\windows\system32\234185zy592.bin
c:\windows\system32\23448hacktozl596.bin
c:\windows\system32\23552not-a-v9ruz515.dll
c:\windows\system32\23744vizuse95.bin
c:\windows\system32\237hz9k5ool1d4.bin
c:\windows\system32\23815not-a-9izus5e8.dll
c:\windows\system32\23926vzrus59d.cpl
c:\windows\system32\2395zvirus506.cpl
c:\windows\system32\23z91virus9a5.bin
c:\windows\system32\24497zr9j753.bin
c:\windows\system32\246bspywarz5943.exe
c:\windows\system32\24z93t9oj358.dll
c:\windows\system32\2504not-a-z9rus4e2.dll
c:\windows\system32\25079tro977z.dll
c:\windows\system32\2520dowzl9ader853.bin
c:\windows\system32\25340v9zus559.ocx
c:\windows\system32\25453zot-a-virus6e69.ocx
c:\windows\system32\25564woz91135.exe
c:\windows\system32\255729roz342.exe
c:\windows\system32\25703tzo5439.bin
c:\windows\system32\259athiefz901.dll
c:\windows\system32\25z86hackt9ol4af.cpl
c:\windows\system32\261309izus154.exe
c:\windows\system32\2634vzr55439.exe
c:\windows\system32\26486s9y2z5.bin
c:\windows\system32\2668st5z92006.exe
c:\windows\system32\2785zor94a5.bin
c:\windows\system32\28529spambotz1.bin
c:\windows\system32\28593h95ktozla9.ocx
c:\windows\system32\28c1z5r1296.dll
c:\windows\system32\2917baczd5or2349.cpl
c:\windows\system32\2954zacktool23f.exe
c:\windows\system32\296575i9usz8a.cpl
c:\windows\system32\29c5vzr1094.exe
c:\windows\system32\29z54wor926b.exe
c:\windows\system32\29z6s9yware25695.dll
c:\windows\system32\29zadownload5r1859.exe
c:\windows\system32\2b56addwa9e9z2.ocx
c:\windows\system32\2d559parse2272z.bin
c:\windows\system32\2d72b9cz5oor2075.dll
c:\windows\system32\2ecftz95at19040.ocx
c:\windows\system32\2fe2t5reat94z89.bin
c:\windows\system32\2ffft5reat91z31.ocx
c:\windows\system32\2z161troj593.bin
c:\windows\system32\2z89h5cktoole49.bin
c:\windows\system32\2zd5th9ea5741.cpl
c:\windows\system32\3049zhack5ool6a9.cpl
c:\windows\system32\3163995oj364z.exe
c:\windows\system32\318z5spa5bo969b.bin
c:\windows\system32\31911h9cktoolz5.exe
c:\windows\system32\3290z5irus7c9.bin
c:\windows\system32\3299ztroj2e5.exe
c:\windows\system32\32b0th9eat235z6.bin
c:\windows\system32\32f1zow9load5r3111.ocx
c:\windows\system32\32z55vir9s1f25.dll
c:\windows\system32\3495hacktzol22e.bin
c:\windows\system32\34z9thief32465.cpl
c:\windows\system32\35078zr9j2b1.ocx
c:\windows\system32\35396n9t-a-virzs57d.bin
c:\windows\system32\35z79worm519.ocx
c:\windows\system32\3807hacz5ool3a9.dll
c:\windows\system32\3874vir5z598.ocx
c:\windows\system32\3905downlzader917.ocx
c:\windows\system32\39506s5ambzt295.exe
c:\windows\system32\3976threat315z9.ocx
c:\windows\system32\397csp5rs92267z.dll
c:\windows\system32\3999v5rus46z.exe
c:\windows\system32\39ca5hizf384.exe
c:\windows\system32\3a45dzwnlo9der1051.cpl
c:\windows\system32\3a7sparze594.exe
c:\windows\system32\3d24thief359z.cpl
c:\windows\system32\3d9azpyw5re9452.bin
c:\windows\system32\3dc7viz91985.exe
c:\windows\system32\3ec69tea5716z.dll
c:\windows\system32\3f70sp5rse1599z.exe
c:\windows\system32\3z119v5rus247.bin
c:\windows\system32\3z503spy53f9.exe
c:\windows\system32\3ze3backdo592058.exe
c:\windows\system32\401zv9r565.exe
c:\windows\system32\4065ba9kdoorz345.exe
c:\windows\system32\409bzpywar52317.exe
c:\windows\system32\40eeaddw9rz5390.ocx
c:\windows\system32\411av5r942z.exe
c:\windows\system32\42za9hief2575.exe
c:\windows\system32\4549tzief2909.cpl
c:\windows\system32\4581hac9tool83z.bin
c:\windows\system32\4593spy5z39.cpl
c:\windows\system32\459abackdoorz35.exe
c:\windows\system32\467h5ckt9olzf7.cpl
c:\windows\system32\46e3s5ywaze1973.ocx
c:\windows\system32\47d3v5rz92.exe
c:\windows\system32\4805thrz9t3462.exe
c:\windows\system32\4819zh9ef650.exe
c:\windows\system32\4852spy6z19.exe
c:\windows\system32\49025hreat25z4.cpl
c:\windows\system32\4954b5ckd9zr469.cpl
c:\windows\system32\4a2fszars930025.bin
c:\windows\system32\4b7ba5d9are1039z.dll
c:\windows\system32\4e58zddware31949.bin
c:\windows\system32\4e85th9efz045.exe
c:\windows\system32\4z55tr9j568.dll
c:\windows\system32\4z9evi51267.bin
c:\windows\system32\5035addware98z2.cpl
c:\windows\system32\506zthreat91617.exe
c:\windows\system32\508059zrm324.cpl
c:\windows\system32\5093sparse2095z.exe
c:\windows\system32\5104s59rse1409z.ocx
c:\windows\system32\51059ir6z6.cpl
c:\windows\system32\5147vir9s3a1z.exe
c:\windows\system32\52589vizus3f3.bin
c:\windows\system32\5259haczt9ol5b5.bin
c:\windows\system32\5260trojz92.bin
c:\windows\system32\528z9r527.bin
c:\windows\system32\52e9vir160z5.ocx
c:\windows\system32\52easp9wa5e18z0.cpl
c:\windows\system32\53392t9oj120z.ocx
c:\windows\system32\5359thi5f2z47.dll
c:\windows\system32\54200szambot196.bin
c:\windows\system32\5424vir9148z.ocx
c:\windows\system32\544z6not-a-virus2e9.ocx
c:\windows\system32\5545steal16z79.cpl
c:\windows\system32\5599backdoorz790.bin
c:\windows\system32\55afsp9rsz154.ocx
c:\windows\system32\55cz5par9e2633.bin
c:\windows\system32\56063worz9c1.cpl
c:\windows\system32\5645spa59ot566z.exe
c:\windows\system32\56559pamzot15b.cpl
c:\windows\system32\5675s9z5l661.cpl
c:\windows\system32\569fsteal1z145.dll
c:\windows\system32\56d89zyware5580.bin
c:\windows\system32\56fa9parse1837z.cpl
c:\windows\system32\5752spzrse18349.exe
c:\windows\system32\580z1troj9bf.exe
c:\windows\system32\5866ziru591.exe
c:\windows\system32\58z31hac9tool276.ocx
c:\windows\system32\5919vi5z984.bin
c:\windows\system32\5929sz5ware9110.dll
c:\windows\system32\5935hacktozl30f.cpl
c:\windows\system32\5937wo9m1z0.ocx
c:\windows\system32\5955thrzat552.exe
c:\windows\system32\59742troz468.exe
c:\windows\system32\598z2virus2f5.bin
c:\windows\system32\59d2threaz20542.bin
c:\windows\system32\59dzsteal860.ocx
c:\windows\system32\59ezspyw9re13205.dll
c:\windows\system32\5ad5thr95tz7047.dll
c:\windows\system32\5b8adowz9o5der1250.exe
c:\windows\system32\5be359izf2911.cpl
c:\windows\system32\5c90spy5are1057z.ocx
c:\windows\system32\5cf5szyw9re1349.cpl
c:\windows\system32\5d4fs5azse21339.exe
c:\windows\system32\5d58th9ezt13994.exe
c:\windows\system32\5e35downloader399z.dll
c:\windows\system32\5ed9ir6z5.exe
c:\windows\system32\5faczir1918.bin
c:\windows\system32\5z2dspars91856.exe
c:\windows\system32\5z49thief386.exe
c:\windows\system32\5z51wor5398.ocx
c:\windows\system32\60a7zpar9e7485.ocx
c:\windows\system32\61389ot-z-5irus39b.bin
c:\windows\system32\614bspa5ze15129.ocx
c:\windows\system32\622zdownlo5der1909.ocx
c:\windows\system32\6251h9czt5ol1c5.ocx
c:\windows\system32\62f0addwarz2759.cpl
c:\windows\system32\62z2v9r3259.cpl
c:\windows\system32\62z9threa59604.dll
c:\windows\system32\638bt5rezt184369.exe
c:\windows\system32\64c0bzckdoo92395.dll
c:\windows\system32\656ct5izf549.dll
c:\windows\system32\6590ste9l1712z.cpl
c:\windows\system32\65b3tzief296.exe
c:\windows\system32\6659spy129z.exe
c:\windows\system32\6714noz-a-viru549b.dll
c:\windows\system32\6814add59re97z.ocx
c:\windows\system32\689zspa5bot1c.cpl
c:\windows\system32\690aspyzar59862.ocx
c:\windows\system32\6935threz56248.dll
c:\windows\system32\699zb5ck9oor819.exe
c:\windows\system32\69e9spyw5rez073.cpl
c:\windows\system32\6a99spars523z9.exe
c:\windows\system32\6ad7addw9ze205.bin
c:\windows\system32\6d9zs5yware1459.cpl
c:\windows\system32\6ec7baczdo59231.cpl
c:\windows\system32\6edfzte59455.dll
c:\windows\system32\6ee7s9eal5z55.exe
c:\windows\system32\6ezfthie93256.cpl
c:\windows\system32\6fczvir5609.exe
c:\windows\system32\6z29not9a-viru5575.exe
c:\windows\system32\70f5ba9kd5or16z0.dll
c:\windows\system32\7161h9cztool457.exe
c:\windows\system32\72e1addw9rez965.dll
c:\windows\system32\72f5zhr95t29859.bin
c:\windows\system32\7453downlzader1591.ocx
c:\windows\system32\746zvir5s79d.ocx
c:\windows\system32\7495tzreat15368.exe
c:\windows\system32\749fspywa5z2523.cpl
c:\windows\system32\7509t5izf442.cpl
c:\windows\system32\75c4s9arsez39.dll
c:\windows\system32\766zd9wnl5ader2338.exe
c:\windows\system32\76z9b9ckdoor2053.cpl
c:\windows\system32\7792adzware1865.cpl
c:\windows\system32\7855zackdoo9279.ocx
c:\windows\system32\7859thiez2568.exe
c:\windows\system32\789z95r2591.ocx
c:\windows\system32\78cbthrea98795z.exe
c:\windows\system32\7933backdoor509z.bin
c:\windows\system32\7944spazb9t537.ocx
c:\windows\system32\799thze5t7926.bin
c:\windows\system32\79e7thrzat63865.bin
c:\windows\system32\79f5thief3571z.dll
c:\windows\system32\7aa2zp9w5re135.dll
c:\windows\system32\7cd3a5dwa9ez540.dll
c:\windows\system32\7cz9ir5633.bin
c:\windows\system32\7d7fdzwn5oad9r202.exe
c:\windows\system32\7db9stea935z9.dll
c:\windows\system32\7dcb9ack5ozr68.dll
c:\windows\system32\7decb9ckdoo5z831.ocx
c:\windows\system32\7f56dow9loadez3158.exe
c:\windows\system32\7z0edownlo9d5r2974.exe
c:\windows\system32\7z355pambot64c9.ocx
c:\windows\system32\7z53h9cktool4ce.bin
c:\windows\system32\8045viru965z.ocx
c:\windows\system32\85z6sp9694.exe
c:\windows\system32\8755v9rzs5cd.dll
c:\windows\system32\8902vzru55fa.ocx
c:\windows\system32\895worz189.cpl
c:\windows\system32\8975no5-z-9irus1ce.exe
c:\windows\system32\9033not-a-5irzs411.bin
c:\windows\system32\92799hac5tooz7dc.exe
c:\windows\system32\92869ackzo5l6c0.exe
c:\windows\system32\92889s5amboz494.exe
c:\windows\system32\9288wozm7359.exe
c:\windows\system32\93535spy5bz.ocx
c:\windows\system32\944585py64az.bin
c:\windows\system32\948zvir5s962.ocx
c:\windows\system32\950zspy15a.bin
c:\windows\system32\9512not-azvi9us7b4.bin
c:\windows\system32\9535szyw5re1313.bin
c:\windows\system32\9542stealz2.cpl
c:\windows\system32\95430szambot7d85.ocx
c:\windows\system32\9544sza9bot706.exe
c:\windows\system32\95a4addware194z.exe
c:\windows\system32\95e6vzr867.cpl
c:\windows\system32\95efvir29z8.exe
c:\windows\system32\9609sparse569z.dll
c:\windows\system32\9670addzare24615.cpl
c:\windows\system32\977azpa5se944.ocx
c:\windows\system32\97819tr5j662z.exe
c:\windows\system32\9814ztroj525.ocx
c:\windows\system32\9845spywarz535.cpl
c:\windows\system32\98464zo5m282.bin
c:\windows\system32\9931backdo5r2623z.ocx
c:\windows\system32\9939spyzare1965.cpl
c:\windows\system32\995znot-a9virus14c.exe
c:\windows\system32\99z49pambot775.exe
c:\windows\system32\9a0spyw5rez98.exe
c:\windows\system32\9c3d9wnloazer815.exe
c:\windows\system32\9cc0thief25z3.dll
c:\windows\system32\9cccs5arse28z2.cpl
c:\windows\system32\9cez5pyware927.exe
c:\windows\system32\9d55zparse560.exe
c:\windows\system32\9e43steal1z205.bin
c:\windows\system32\9e4zspars51842.exe
c:\windows\system32\9ee4szyw5re2297.bin
c:\windows\system32\9fzbthreat32585.ocx
c:\windows\system32\a3vz5392.dll
c:\windows\system32\a985pyw9re553z.bin
c:\windows\system32\b78s5za92687.exe
c:\windows\system32\bbddo5nl9ader2460z.dll
c:\windows\system32\bz0ba9kdo5r822.bin
c:\windows\system32\drivers\ESQULesnpkawwrwwpeyxrklchkqmtuclxqyep.sys
c:\windows\system32\e25spar9e2569z.bin
c:\windows\system32\e95thief5006z.cpl
c:\windows\system32\ESQULgpvsjvcsfhaiwcknltmkxoblmfwtuvxy.dll
c:\windows\system32\ESQULlkaduvbljotqpfctavaljshwlattfeyo.dll
c:\windows\system32\f9czhief2586.cpl
c:\windows\system32\temp#01.exe
c:\windows\system32\z0695ckdoor1674.exe
c:\windows\system32\z0982not-a-v5rus94.exe
c:\windows\system32\z1389hreat16385.bin
c:\windows\system32\z285threa923965.ocx
c:\windows\system32\z315spy59.bin
c:\windows\system32\z355virus1e9.ocx
c:\windows\system32\z3739spamb5t996.cpl
c:\windows\system32\z3859arse1976.ocx
c:\windows\system32\z3891sp59bot7c1.dll
c:\windows\system32\z3d29hief5699.ocx
c:\windows\system32\z4715s5a9bot33c.cpl
c:\windows\system32\z521spyware1927.bin
c:\windows\system32\z593steal584.bin
c:\windows\system32\z6579hreat25784.ocx
c:\windows\system32\z695addware348.dll
c:\windows\system32\z775h9cktool257.bin
c:\windows\system32\z7999worm158.ocx
c:\windows\system32\z799sp5rs91088.ocx
c:\windows\system32\z9053not-a-vir5s7749.ocx
c:\windows\system32\z9155spy64c.bin
c:\windows\system32\z956s9arse1816.bin
c:\windows\system32\z9ac9pyware9535.bin
c:\windows\system32\za12sp9rse2756.exe
c:\windows\system32\zdfd5par9e1261.dll
c:\windows\system32\zf259ir591.ocx
c:\windows\system32\zf6cs5arse936.dll
c:\windows\z1755hreat1519.ocx
c:\windows\z192worm195.ocx
c:\windows\z225ot-a9virus39e.exe
c:\windows\z2420vir5s491.bin
c:\windows\z3341virus259.dll
c:\windows\z355vir198.cpl
c:\windows\z4175s5y695.dll
c:\windows\z495troj23.bin
c:\windows\z52wo9m5c6.exe
c:\windows\z53825acktool90d.cpl
c:\windows\z558spamb9t142.ocx
c:\windows\z559worm536.ocx
c:\windows\z5a55teal1898.cpl
c:\windows\z6359spy5c29.bin
c:\windows\z70s9ywar53044.dll
c:\windows\z74at9r5at14647.ocx
c:\windows\z8977wo5m97c.cpl
c:\windows\z952spa95e862.cpl
c:\windows\za849d5ware41.bin
c:\windows\za84addware59539.dll
c:\windows\zee059ief2504.bin
c:\windows\zf3ca5dwar92938.dll
c:\windows\zf52vir1499.cpl
C:\xcrashdump.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Legacy_ESQULserv.sys
-------\Service_ESQULserv.sys


(((((((((((((((((((((((((   Files Created from 2009-07-13 to 2009-08-13  )))))))))))))))))))))))))))))))
.

2009-11-24 20:05 . 2009-11-24 20:05   6629   ----a-w-   c:\windows\36675ack9zor.bin
2009-08-13 06:07 . 2009-08-13 06:07   --------   d-----w-   c:\windows\system32\URTTEMP
2009-08-13 01:32 . 2009-08-13 06:06   --------   d-----w-   c:\documents and settings\Pestend\Application Data\Reg Tool
2009-08-13 01:32 . 2009-08-13 01:42   --------   d-----w-   C:\reg tool
2009-08-13 01:31 . 2009-08-13 01:31   --------   d-----w-   c:\program files\Downloaded Installers
2009-08-11 13:57 . 2009-08-11 13:57   --------   d-----w-   c:\documents and settings\Pestend\Application Data\Malwarebytes
2009-08-09 22:30 . 2009-08-09 22:30   --------   d-----w-   c:\program files\Trend Micro
2009-08-09 06:01 . 2009-08-12 05:00   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-08-09 05:25 . 2009-08-03 03:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 05:25 . 2009-08-11 13:57   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-08-09 05:25 . 2009-08-09 05:25   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-09 05:25 . 2009-08-03 03:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-08-09 05:19 . 2009-08-09 05:19   152576   ----a-w-   c:\documents and settings\Pestend\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-04 07:47 . 2009-08-04 07:47   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-08-04 05:08 . 2009-08-04 05:08   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\ALM
2009-08-04 04:51 . 2008-04-06 19:38   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
2009-08-04 04:51 . 2008-04-06 19:38   45392   ----a-r-   c:\windows\system32\AdobePDF.dll
2009-08-04 04:42 . 2009-08-04 04:42   --------   d-----w-   c:\program files\Adobe Media Player
2009-08-04 04:35 . 2009-08-04 04:35   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2009-07-21 05:21 . 2004-08-30 04:25   438272   ----a-w-   c:\windows\system32\vp6vfw.dll
2009-07-21 05:21 . 2005-01-21 02:20   118832   ----a-w-   c:\windows\system32\SHW32.DLL
2009-07-21 05:03 . 2009-07-21 05:03   --------   d-----w-   c:\program files\EA SPORTS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 07:15 . 2008-09-16 06:49   16608   ----a-w-   c:\windows\gdrv.sys
2009-08-12 04:37 . 2008-11-09 02:26   34   ----a-w-   c:\windows\system32\BD2140.DAT
2009-08-11 10:46 . 2008-09-16 07:37   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-08-11 10:36 . 2008-09-16 07:37   --------   d-----w-   c:\program files\NOS
2009-08-09 12:56 . 2008-09-16 07:42   --------   d-----w-   c:\program files\Common Files\Adobe
2009-08-09 10:13 . 2008-09-16 07:31   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-09 05:20 . 2008-12-04 05:31   --------   d-----w-   c:\program files\Java
2009-08-08 23:14 . 2008-09-16 07:40   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-04 07:48 . 2008-09-16 06:22   120528   ----a-w-   c:\documents and settings\Pestend\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-24 19:23 . 2008-12-04 05:31   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-07-21 05:21 . 2008-09-16 05:52   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-07-18 14:40 . 2008-11-12 02:46   --------   d-----w-   c:\documents and settings\Pestend\Application Data\U3
2009-07-12 03:23 . 2009-07-12 03:13   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-12 03:13 . 2008-09-15 12:43   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-07-12 03:13 . 2009-07-12 03:13   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\NortonInstaller
2009-07-07 23:47 . 2008-11-12 05:24   335752   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-07-07 08:48 . 2009-03-09 04:22   --------   d-----w-   c:\program files\Kodak
2009-07-07 08:44 . 2008-11-20 09:43   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Apple Computer
2009-07-06 09:34 . 2008-09-21 13:07   --------   d-----w-   c:\documents and settings\Pestend\Application Data\dvdcss
2009-06-29 16:12 . 2007-07-27 12:00   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-07-27 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2007-07-27 12:00   17408   ----a-w-   c:\windows\system32\corpol.dll
2009-06-25 23:44 . 2008-11-12 05:24   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-06-25 23:44 . 2008-11-12 05:24   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-06-22 00:58 . 2009-03-09 04:20   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Kodak
2009-06-16 14:36 . 2007-07-27 12:00   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-07-27 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-12 22:48 . 2008-12-04 05:33   34   ----a-w-   c:\documents and settings\Pestend\jagex_runescape_preferences.dat
2009-06-11 21:42 . 2009-06-11 21:42   390664   ----a-w-   c:\documents and settings\Pestend\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-03 19:09 . 2007-07-27 12:00   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-06-01 12:46 . 2009-02-02 12:12   15688   ----a-w-   c:\windows\system32\lsdelete.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Reg Tool"="c:\reg tool\Reg Tool.exe" [2009-08-10 37614856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2008-10-19 236040]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-07 864256]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 23:44   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/02/2009 9:32 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/11/2008 3:24 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/11/2008 3:24 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/11/2008 3:24 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/11/2008 3:24 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 7:34 AM 1029456]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [16/09/2008 4:50 PM 55816]
S3 pohci13F;pohci13F;\??\c:\docume~1\ARRONE~1\LOCALS~1\Temp\pohci13F.sys --> c:\docume~1\ARRONE~1\LOCALS~1\Temp\pohci13F.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 17:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-220523388-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:c9,6e,45,f5,4e,15,09,c6,4e,73,67,4a,65,52,c5,7c,ff,c3,a5,20,0d,
   c0,45,b3,fb,b8,9e,75,19,87,c8,6d,15,e4,be,bc,e1,da,0c,8d,94,13,0e,c1,0c,61,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
.
**************************************************************************
.
Completion time: 2009-08-13 17:16 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-13 07:16

Pre-Run: 127,885,320,192 bytes free
Post-Run: 129,269,108,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

943   --- E O F ---   2009-07-29 17:01
Logged

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #8 on: August 13, 2009, 01:20:52 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:18 PM, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\reg tool\Reg Tool.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Reg Tool] C:\reg tool\Reg Tool.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7588 bytes
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #9 on: August 13, 2009, 09:31:37 AM »
Hi,

Please upload the following file:

c:\reg tool\Reg Tool.exe

to the following two sites for testing:

http://virusscan.jotti.org/
http://www.virustotal.com/en/indexx.html

Report back the results.  If they are completely negative, just report that to me.
Logged
Don't Read?  Can't learn!

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #10 on: August 13, 2009, 08:18:40 PM »
The file is too big for both of those scanners - I think Dad mentioned that he bought some scanner thing for his computer :|
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #11 on: August 15, 2009, 12:38:24 PM »
How big is that file?
Logged
Don't Read?  Can't learn!

Offline Glaycyer

  • Bronze Member
  • Posts: 9
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #12 on: August 15, 2009, 06:18:20 PM »
35.8MB ... the limit for both of those tools is 15MB
Logged

Offline PCBruiser

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 7300
Re: [In Progress]File Associations Gone Awry, Cannot Click 'Next' on System Restore
« Reply #13 on: August 15, 2009, 09:19:29 PM »
Hi,

Big file.  Right click on that file, and then scan it with both MBAM and AVG.  I suspect it is a packed installer, but let's see what they say.  Let me know what they think.  Personally, I am very suspicious of that program, and will kill it at startup for the moment.  I can reverse it later if I am wrong.

Next, we still have more clean up to do with ComboFix.

1.  Open notepad, go to the format menu, uncheck Word Wrap, and then copy/paste the text in the code box below into it:

Code: [Select]

KILLALL::

File::
c:\windows\36675ack9zor.bin
c:\docume~1\ARRONE~1\LOCALS~1\Temp\pohci13F.sys
C:\WINDOWS\system32\msxml71.dll
C:\DOCUME~1\Pestend\LOCALS~1\Temp\BE.tmp.exe
C:\WINDOWS\system32\__c00AB042.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\oiqedylmfm.dll

Folder::
C:\Program Files\Internet Saving Optimizer
C:\Program Files\System Search Dispatcher
C:\Program Files\Perfect Optimizer
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs
C:\Program Files\Media Access Startup
C:\Documents and Settings\Pestend\Local Settings\Temporary Internet Files
C:\Documents and Settings\Pestend\Local Settings\Application Data\DoubleD
C:\Documents and Settings\Pestend\Local Settings\Application Data\Media Access Startup
C:\Documents and Settings\Pestend\Local Settings\Application Data\Internet Saving Optimizer
C:\Program Files\WiniShield Software
c:\Program Files\DoubleD

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reg Tool"=-

Driver::
pohci13F

DirLook::
c:\windows\system32\URTTEMP
C:\reg tool
c:\program files\Downloaded Installers


Save this to your Desktop as CFScript.txt.

2.  Close all open browsers.




3.  Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.

4.  The system does not have a software firewall installed.  This exposes it to many malware exploits you really don't want to have on any system.  Please download and install Online Armor Free from here:

http://www.tallemu.com/

The link to the free version is on the left hand side of that page.

If you would prefer to use a different firewall, you can try a different one, but check it with me first to make sure it is legitimate firewall software.

5.  Please post the following:

a. combofix.txt
b. a fresh HJT log
Logged
Don't Read?  Can't learn!
Pages: [1]   Go Up
« previous next »