msivxcount - can't remove it

Hi all,
I can't get my spyware removal tool search and destroy to work or download other ones to scan the system. The virus scanner doe snot find any infections. I also can not download all updates for windows. I finally was able to download and run Malawarebytes which pulled off a lot of spyware except for msivxcount.
I updated Java, Adobe and windows as much as the pc let's me.
I downloaded hijack this and I will post the log next.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:44 PM, on 7/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\IOI\ButtonMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Users\Susanne\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Susanne\AppData\Local\Temp\bbne62cr.tmp\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5670
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ironmaiden.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5670
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5670
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ButtonMonitor] C:\Program Files\IOI\ButtonMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtection.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\winlogon (2).exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Susanne\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [setup2.exe] C:\Users\Susanne\AppData\Local\Temp\setup2.exe
O4 - HKCU\..\Run: [WiniFighter] C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe -min
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c996bd85a554c0) (gupdate1c996bd85a554c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 15328 bytes

I also can't use Internet explorer. Firefox works ok, but the best so far is safari.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

The virus seems to be gone. It is not popping up anymore in scans. I can also use ms explorer and search and destroy again.
THe only thing left is that I can't install service pack 2 for vista.
Other than that everything seems to be ok now.
Thank you very much.
I'll be back with new threads for my other pc.

ComboFix 09-07-28.01 - Susanne 07/28/2009 16:34.1.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3070.2332 [GMT -4:00]
Running from: c:\users\Susanne\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4256181935-640867506-358008855-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FastBrowserSearchProtection.exe
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\FbsSearchProtectionUnInstall.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\options.html
c:\program files\Fast Browser Search\IE\searchbutton1.gif
c:\program files\Fast Browser Search\IE\searchbutton2.gif
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\Unreg.dll
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk

c:\windows\10237zirus2985.ocx
c:\windows\10640not-a5viruz5a9.exe
c:\windows\10797sp9z54.bin
c:\windows\1099vi5us393z.ocx
c:\windows\10z709pambot3bf5.cpl
c:\windows\10z789py185.cpl
c:\windows\11055haz9to5l4cb.ocx
c:\windows\112965orm5zc.dll
c:\windows\1141spam9ot5z7.ocx
c:\windows\11445rzj1479.ocx
c:\windows\11559tr5j3az.exe
c:\windows\115989acktool43fz.exe
c:\windows\11935spyb4z.bin
c:\windows\11ca5ir1z69.ocx
c:\windows\12532tr5z996.dll
c:\windows\12658szambot7a9.exe
c:\windows\129415pa9bot4z3.dll
c:\windows\12c5spyzare5079.exe
c:\windows\12z649r5j592.cpl
c:\windows\13152vir9s50z.cpl
c:\windows\136ez5ckd9or525.bin
c:\windows\13759wozmd8.cpl
c:\windows\1394w9zm5fb.bin
c:\windows\14259szy669.cpl
c:\windows\14709hackt9zl2b5.bin
c:\windows\14715zirus96.bin
c:\windows\149135irus3z1.bin
c:\windows\14989pambot5bz.ocx
c:\windows\1512z95ambot7fb.cpl
c:\windows\15210virzs692.exe
c:\windows\152bdownloa9zr608.exe
c:\windows\1592tr5z2ad.ocx
c:\windows\159z3wo9m347.bin
c:\windows\15a89hreat2z539.bin
c:\windows\15d89pars51z03.cpl
c:\windows\16359w9rz75c.bin
c:\windows\16985vi9uz54c.cpl
c:\windows\1723395ambot5z3.bin
c:\windows\172dzt5a9885.dll
c:\windows\1749hazktool9d75.bin
c:\windows\175fth9ezt24577.ocx
c:\windows\17637h9cktoz5718.bin
c:\windows\17820no5-a-zirus98f.exe
c:\windows\17e9thze51739.exe
c:\windows\17z82vir5s790.ocx
c:\windows\19156z9y580.bin
c:\windows\19191hazktool60e5.ocx
c:\windows\1923zwo595b1.exe
c:\windows\193zs5eal1686.bin
c:\windows\19485nzt-a-virus6a95.bin
c:\windows\19495wzrm615.exe
c:\windows\195as9azse2291.ocx
c:\windows\196985acktooz2b5.exe
c:\windows\19853notza-v5rus100.bin
c:\windows\1b89azdware1925.cpl
c:\windows\1d9a9hzeat22570.cpl
c:\windows\1ddzspyw9r52156.cpl
c:\windows\1dzfad9war52994.ocx
c:\windows\1e1eadd5zr9292.dll
c:\windows\1e90spars51660z.ocx
c:\windows\1f67downloa95r151z.exe
c:\windows\1z15troj1955.dll
c:\windows\1z301troj3985.dll
c:\windows\1z471ha9ktool5c1.cpl
c:\windows\1z4955orm6ab.dll
c:\windows\1z5959roj656.cpl
c:\windows\1z82thr5at92193.bin
c:\windows\1z97thre9t16405.dll
c:\windows\1zcc9pyware5794.cpl
c:\windows\20069vi5zs7bc9.exe
c:\windows\20168hack9ool57bz.ocx
c:\windows\20555z9eat8942.exe
c:\windows\2056spywarz629.dll
c:\windows\20924hackzo9l445.exe
c:\windows\20c0spa5se395z.ocx
c:\windows\20z19viru5ef.bin
c:\windows\21168spz95f.ocx
c:\windows\21215zorm159.exe
c:\windows\21307not-a-9irzs59.ocx
c:\windows\219z9not-5-virusfe.cpl
c:\windows\21a1zparse28559.ocx
c:\windows\2216zv5rus1759.cpl
c:\windows\22591hacktoolzb59.dll
c:\windows\2259s9yware667z.cpl
c:\windows\229zba5kdoor169.cpl
c:\windows\2331downlo5der9311z.cpl
c:\windows\23537hac9tool5cz.cpl
c:\windows\23736za5ktoo971f.ocx
c:\windows\237es9zr5e298.ocx
c:\windows\23za95tool8c.dll
c:\windows\246329ro57z0.cpl
c:\windows\24650not-a-v5rusz9.ocx
c:\windows\25236spy9z0.ocx
c:\windows\25566z5rus970.ocx
c:\windows\25574zpy964.dll
c:\windows\25579spy197z.cpl
c:\windows\25595spyz96.dll
c:\windows\25711zorm9855.dll
c:\windows\25745zr5j9a5.ocx
c:\windows\2589t9rzat7115.bin
c:\windows\2597zwor523b.ocx
c:\windows\26049not-a-5irzs76f.ocx
c:\windows\271185ot9a-virus71z.exe
c:\windows\27189virz93d05.cpl
c:\windows\27385w9rm2a5z.cpl
c:\windows\27547trzj9fe.dll
c:\windows\275579rz5b1.dll
c:\windows\276z0not-9-5irus46c.bin
c:\windows\27950nzt-a-virus543.bin
c:\windows\2822zteal9555.bin
c:\windows\2835downloader95z.ocx
c:\windows\28519szy79a.dll
c:\windows\28853zorm629.cpl
c:\windows\29124troz5f5.exe
c:\windows\293z1troj10c5.bin
c:\windows\29473spaz5ot289.cpl
c:\windows\29574not-a-9irus34z.bin
c:\windows\2965ztroj7bf.dll
c:\windows\29873troz35d.dll
c:\windows\29ze5ir859.cpl
c:\windows\2a53backdoo5967z.ocx
c:\windows\2b04steal5z569.exe
c:\windows\2c41s9arsz2195.cpl
c:\windows\2d559hiefz488.bin
c:\windows\2d5cdowzlo5der1159.dll
c:\windows\2ddz5ddwar9312.exe
c:\windows\2e87addzar59828.cpl
c:\windows\2f23threaz59398.bin
c:\windows\2fz39teal31525.bin
c:\windows\2z059roj2a.dll
c:\windows\2z59995y780.exe
c:\windows\2z7st95l1989.dll
c:\windows\2z919sp9e5.cpl
c:\windows\2z9sparse1455.dll
c:\windows\30000v5ruszf19.ocx
c:\windows\3025ztr5j229.dll
c:\windows\30904ha5ktoolze9.ocx
c:\windows\30d19dzware2658.bin
c:\windows\31170spzmb9550b.ocx
c:\windows\31454zacktoo5493.dll
c:\windows\31be9pyware503z.ocx
c:\windows\32375zp96b2.dll
c:\windows\32393not-z-viru5539.exe
c:\windows\323zthreat531239.cpl
c:\windows\3265ste9z1972.ocx
c:\windows\32z7downlo5der893.cpl
c:\windows\3455ddwaz93059.bin
c:\windows\3533b9czdoo51104.dll
c:\windows\35585wzr9593.bin
c:\windows\3599thre59z6442.exe
c:\windows\35aav952063z.exe
c:\windows\3654wz9m2a8.exe
c:\windows\368w59z568.ocx
c:\windows\3713zh9e52264.ocx
c:\windows\3731ad9za5e1582.dll
c:\windows\3776spyw9re50z.bin
c:\windows\38fct5rzat29533.dll
c:\windows\3914z5oj9b0.exe
c:\windows\395asparsez87.dll
c:\windows\395bthiez28689.dll
c:\windows\39c5b5czdoor9748.exe
c:\windows\39f4a5dwarz1195.exe
c:\windows\39f5addwarz158.cpl
c:\windows\3acbaddzare759.bin
c:\windows\3d39spyware3059z.bin
c:\windows\3fa9addzar91355.bin
c:\windows\3fbdzhief5759.cpl
c:\windows\3z32sp9mbot62e5.cpl
c:\windows\4092spamz5t556.cpl
c:\windows\40d59zreat26450.bin
c:\windows\40fzthr9a514096.cpl
c:\windows\41dcstezl9325.cpl
c:\windows\4294th5ezt11787.dll
c:\windows\431e5hrezt132849.ocx
c:\windows\4528s5eaz9881.ocx
c:\windows\4529s9yzare5585.dll
c:\windows\455cv9r1499z.ocx
c:\windows\4563trojzd9.bin
c:\windows\4594spa5se22z3.bin
c:\windows\459fzhief755.cpl
c:\windows\4655addwa9e2167z.ocx
c:\windows\4690thi9fz59.bin
c:\windows\479zthief75.exe
c:\windows\4816downloadzr5995.cpl
c:\windows\4826sp9w5re94z.dll
c:\windows\489ad5waze68.cpl
c:\windows\489zsparse9095.ocx
c:\windows\490daddw9re2z35.ocx
c:\windows\491z9ro5598.dll
c:\windows\4b4zspars52951.dll
c:\windows\4b99addwarz2345.bin
c:\windows\4c1dthr9at5748z.exe
c:\windows\4e05spywa5e3z69.exe
c:\windows\4e45spy9aze2102.bin
c:\windows\4z8cs9yware2851.cpl
c:\windows\4zc9addwa5e1336.dll
c:\windows\50055zar9e1195.exe
c:\windows\50332not-a9vzrus28e.dll
c:\windows\50399pambo5d7z.exe
c:\windows\5059zirus65d.dll
c:\windows\50802zirus9dd.cpl
c:\windows\50b4dow9loader3z76.exe
c:\windows\50f79pa5sz2062.cpl
c:\windows\50zda9dwa5e2132.dll
c:\windows\51488spazbot729.ocx
c:\windows\517bszeal3059.ocx
c:\windows\520zthief3269.dll
c:\windows\526b5pywz9e34.dll
c:\windows\52fspywarez039.cpl
c:\windows\53137not-a-viruszd9.bin
c:\windows\532zvir30609.exe
c:\windows\5398zir25995.ocx
c:\windows\539zspambot199.ocx
c:\windows\53a5downloadez52839.ocx
c:\windows\53bfbaczdo5r1049.dll
c:\windows\53z5spywar521209.bin
c:\windows\54209i5usaz.cpl
c:\windows\5424steal649z.ocx
c:\windows\545z9rm11b.exe
c:\windows\549atzi9f59.bin
c:\windows\55109ddwaze1934.dll
c:\windows\551t9o5cz.bin
c:\windows\5554spar9z2840.dll
c:\windows\5562spyware2209z.cpl
c:\windows\558zthreat93830.exe
c:\windows\55905irus6z0.exe
c:\windows\5596addware5571z.bin
c:\windows\55bz9ir1530.cpl
c:\windows\5694zack5oor439.cpl
c:\windows\5699s5arsz355.bin
c:\windows\5748spam9ot55z.bin
c:\windows\57886h9cktool1zf.cpl
c:\windows\57ce9d5warez147.ocx
c:\windows\5817zir9s5af.ocx
c:\windows\584z9acktool557.dll
c:\windows\5890wor51cbz.exe
c:\windows\5899h9cktooldaz.exe
c:\windows\58a9downloazer2256.exe
c:\windows\5929baz5d9or1557.dll
c:\windows\595zdownloader9623.ocx
c:\windows\59689worz99b.exe
c:\windows\5995vzr75.ocx
c:\windows\59cbspar5e2z32.ocx
c:\windows\59czspywa5e2182.bin
c:\windows\59d0zpyware1516.exe
c:\windows\5bbdst9al51z8.dll
c:\windows\5c5dvzr3089.dll
c:\windows\5d12spy9zre135.bin
c:\windows\5f5bs9ea5913z.bin
c:\windows\5f94th5eat28825z.bin
c:\windows\5f96tzreat249095.bin
c:\windows\5fadth9ez2100.bin
c:\windows\5z18sp9rse12665.dll
c:\windows\5z31backdo5r2981.dll
c:\windows\5z50thief9907.bin
c:\windows\5z7a9ddware1402.dll
c:\windows\6052addware3159z.bin
c:\windows\605abackdoor9961z.dll
c:\windows\619fstezl735.cpl
c:\windows\627dspy5aze976.dll
c:\windows\6297vz95s2de.cpl
c:\windows\633e95r31z9.exe
c:\windows\645bthie92z3.cpl
c:\windows\6469sparsz553.exe
c:\windows\6485zpar9e5335.ocx
c:\windows\6533h5ckzool2b9.cpl
c:\windows\659viz520.bin
c:\windows\675cspy9zre21215.cpl
c:\windows\679dsza5se889.ocx
c:\windows\67f9v5rz838.exe
c:\windows\68165hief9z13.ocx
c:\windows\6973spyware55z.dll
c:\windows\69az9hreat25951.dll
c:\windows\69zs5eal3194.cpl
c:\windows\6a5zvi9130.ocx
c:\windows\6c99spaz952303.cpl
c:\windows\6d4aazd5are16929.dll
c:\windows\6d55thiez99265.bin
c:\windows\6dze9te5l3203.bin
c:\windows\6e39ackdooz5283.ocx
c:\windows\6e3bszywar99015.cpl
c:\windows\6e7d5iz1899.bin
c:\windows\6ez3spar951494.dll
c:\windows\6f9bbaczdo5r1517.ocx
c:\windows\6z495hief769.cpl
c:\windows\6z9daddwa953175.exe
c:\windows\7281not9azvirus532.cpl
c:\windows\7341zpa5bot6399.exe
c:\windows\73fbthreaz9543.cpl
c:\windows\74ccs5arz9184.cpl
c:\windows\7553spyware9679z.ocx
c:\windows\769baddware405z.dll
c:\windows\7785downloa5ez1989.exe
c:\windows\786ad9w5re1335z.bin
c:\windows\786zh9cktoo5209.exe
c:\windows\7898szyware5575.ocx
c:\windows\7964vi51z13.exe
c:\windows\7984addwaz51279.bin
c:\windows\7a59steal2z99.cpl
c:\windows\7aad5h9ef216z.dll
c:\windows\7ba9spazse1555.cpl
c:\windows\7bczddw5re2998.exe
c:\windows\7d72ad5z9re2882.cpl
c:\windows\7e17szars95879.ocx
c:\windows\7efebazkdoor519.dll
c:\windows\7efzsparse2759.dll
c:\windows\7z52troj599.cpl
c:\windows\7zb5spy5are2749.bin
c:\windows\8129tro9358z.ocx
c:\windows\815backdoor3z9.ocx
c:\windows\89485irus2z39.cpl
c:\windows\8982spamz5t5089.dll
c:\windows\90204wormz58.dll
c:\windows\912z7worm275.ocx
c:\windows\9151backdzor2834.dll
c:\windows\9153virus127z.cpl
c:\windows\91559wormz0b.bin
c:\windows\9174threatz40735.cpl
c:\windows\91eab5ckdooz1953.ocx
c:\windows\91z5v9rus65.exe
c:\windows\94959oj4dz.dll
c:\windows\9532threat53996z.exe
c:\windows\9534hacktool4z5.bin
c:\windows\958z7troj7785.ocx
c:\windows\97605hacktool25z5.dll
c:\windows\99328zorm945.exe
c:\windows\99430szy29b5.exe
c:\windows\99661spyz3a5.dll
c:\windows\9b5zsteal3057.exe
c:\windows\9bdfsparse1695z.exe
c:\windows\9bec5ddware824z.bin
c:\windows\9c9bthiefz55.exe
c:\windows\9df8bazkdoor15105.bin
c:\windows\9ea1viz2157.dll
c:\windows\9f0atzief5457.ocx
c:\windows\9z21th5eat13541.cpl
c:\windows\9z685ir953.ocx
c:\windows\a159r18z1.exe
c:\windows\ac5bac9zoor2653.ocx
c:\windows\b1zspyware1593.bin
c:\windows\b85a9dwa5e236z.dll
c:\windows\c53vir96z.cpl
c:\windows\d9zv5r1541.ocx
c:\windows\ff9z9ar5e1196.exe

c:\windows\system32\10593szy55b9.cpl
c:\windows\system32\11355n9t-a-vizus18c.ocx
c:\windows\system32\11561wo9z4d5.cpl
c:\windows\system32\115zspam9ot281.bin
c:\windows\system32\11776n9t-a-virzs74d5.ocx
c:\windows\system32\11949zackt5ol649.dll
c:\windows\system32\11973virus48z5.cpl
c:\windows\system32\12195z9y1795.bin
c:\windows\system32\12206s9zmbot25.exe
c:\windows\system32\128765zrm539.ocx
c:\windows\system32\12995viru5z0a9.dll
c:\windows\system32\1339s5z149.ocx
c:\windows\system32\13598zro9243.cpl
c:\windows\system32\13709zpa5bot213.exe
c:\windows\system32\13896spy59z.cpl
c:\windows\system32\1415zwo9m321.bin
c:\windows\system32\145319pz3c6.cpl
c:\windows\system32\14549zorm23b.ocx
c:\windows\system32\145z1h5cktool9bb.dll
c:\windows\system32\14755zpambot9c9.bin
c:\windows\system32\1497thi951z83.bin
c:\windows\system32\15094spz199.cpl
c:\windows\system32\151899ir5sz63.ocx
c:\windows\system32\15247z59j647.exe
c:\windows\system32\1524vir26z99.ocx
c:\windows\system32\15533spam9ot3fz.dll
c:\windows\system32\15565wozm9875.exe
c:\windows\system32\15697spy59z.dll
c:\windows\system32\15806v5zus390.exe
c:\windows\system32\1593backdoorz6559.ocx
c:\windows\system32\167839ir5s34z.cpl
c:\windows\system32\16d79p5warez632.exe
c:\windows\system32\172bstz9l26275.cpl
c:\windows\system32\17781hackzo5l945.exe
c:\windows\system32\17887hack9ool58z.bin
c:\windows\system32\18264z592d4.ocx
c:\windows\system32\18289no9-a-v5rus1c3z.bin
c:\windows\system32\18358s95mzot574.ocx
c:\windows\system32\190fzpywa9e1570.ocx
c:\windows\system32\1922zhief2522.ocx
c:\windows\system32\1926bac9doorz995.exe
c:\windows\system32\19334wzrm4905.exe
c:\windows\system32\193ezteal1605.exe
c:\windows\system32\1946z5irus1a9.bin
c:\windows\system32\19558szamb9t178.exe
c:\windows\system32\195dvir70z.exe
c:\windows\system32\1977thrza598546.ocx
c:\windows\system32\197z05py699.exe
c:\windows\system32\19937v5zusc1.dll
c:\windows\system32\19962trojz25.exe
c:\windows\system32\19c7t5zef25049.exe
c:\windows\system32\1a55s9eaz1882.ocx
c:\windows\system32\1aazpyware5759.dll
c:\windows\system32\1azspa5s93115.bin
c:\windows\system32\1c77vi9318z5.bin
c:\windows\system32\1cz5ad9ware1265.cpl
c:\windows\system32\1d52baczdoor19899.exe
c:\windows\system32\1db5th9ef296z.exe
c:\windows\system32\1e98ztea51136.bin
c:\windows\system32\1eccz59rse301.bin
c:\windows\system32\1ef9dow5zoader106.ocx
c:\windows\system32\1fzedo5nl9ader1014.exe
c:\windows\system32\1z121s5ambot69f.exe
c:\windows\system32\1z516n5t-a-9irus28a.bin
c:\windows\system32\1z526t9o5d3.ocx
c:\windows\system32\1z966tr594e4.ocx
c:\windows\system32\20559orz759.ocx
c:\windows\system32\21400zot5a-virus9f5.ocx
c:\windows\system32\21559ddwaze2812.dll
c:\windows\system32\2172spzmbo9315.cpl
c:\windows\system32\21952z5ambo91db.ocx
c:\windows\system32\223345ac9tzol742.exe
c:\windows\system32\223zbackd5or14189.bin
c:\windows\system32\226ath9zat22504.exe
c:\windows\system32\2282downl5az9r2964.dll
c:\windows\system32\22990t5oj5zc.cpl
c:\windows\system32\2305backdoor22z9.ocx
c:\windows\system32\232z9n5t9a-virus192.exe
c:\windows\system32\23455zo9m69a.dll
c:\windows\system32\23853not-a-virusz9b.bin
c:\windows\system32\24181no5-a-vz9us6b8.dll
c:\windows\system32\245979roj69z.ocx
c:\windows\system32\24905vizus419.dll
c:\windows\system32\24z48hacktoo9675.bin
c:\windows\system32\252245pamboz3f99.bin
c:\windows\system32\252cdow5loader19z9.ocx
c:\windows\system32\252z09py2b5.dll
c:\windows\system32\25307vzrus159.bin
c:\windows\system32\25413zi9us143.cpl
c:\windows\system32\25494zr5j5bc.ocx
c:\windows\system32\25526zroj5459.ocx
c:\windows\system32\256879irus5e0z.bin
c:\windows\system32\2589spywaze549.cpl
c:\windows\system32\2590szy4e5.dll
c:\windows\system32\25956not-a9virus1bz.ocx
c:\windows\system32\25c4do9nloadez2548.ocx
c:\windows\system32\25z56s9a5bot450.dll
c:\windows\system32\262659py4z5.cpl
c:\windows\system32\26545trojz99.cpl
c:\windows\system32\26d29tezl2750.ocx
c:\windows\system32\27523zorm59c.cpl
c:\windows\system32\276715zcktool31b9.dll
c:\windows\system32\279369ormz505.dll
c:\windows\system32\27995not-a-ziru5695.bin
c:\windows\system32\28004not-95viruz74d.ocx
c:\windows\system32\28546not-a-9irus325z.ocx
c:\windows\system32\2904thi5920z4.bin
c:\windows\system32\2923do5zloader3159.dll
c:\windows\system32\293505pamb9t324z.ocx
c:\windows\system32\293z0wo5m4e.dll
c:\windows\system32\29405zpy590.ocx
c:\windows\system32\29541spambot35bz.exe
c:\windows\system32\29777not-a5vizus37c.exe
c:\windows\system32\29a0zd9war5465.dll
c:\windows\system32\29f5spyzare2929.ocx
c:\windows\system32\29z2wo5m793.dll
c:\windows\system32\29z43w5rm2.exe
c:\windows\system32\2a6zth95f2789.dll
c:\windows\system32\2b05thie9575z.bin
c:\windows\system32\2d0d9ddzare15975.cpl
c:\windows\system32\2d705tz9l1175.cpl
c:\windows\system32\2e3t59ez829.dll
c:\windows\system32\2fa5zi5599.cpl
c:\windows\system32\2z015worm690.ocx
c:\windows\system32\2z095orm185.bin
c:\windows\system32\2z245irusc49.cpl
c:\windows\system32\2z76b5ckdoor9093.bin
c:\windows\system32\2z789vir5s900.exe
c:\windows\system32\3029tz9520a.bin
c:\windows\system32\30583worz549.cpl
c:\windows\system32\3065559rzs5bc.cpl
c:\windows\system32\31166vizu51d9.dll
c:\windows\system32\31474not9a-vi5us6c9z.exe
c:\windows\system32\31595vi9us15z.exe
c:\windows\system32\31692v5rus795z.ocx
c:\windows\system32\31z71not-a-virus3259.dll
c:\windows\system32\3203vzr5793.cpl
c:\windows\system32\3207zsp599f.cpl
c:\windows\system32\32294trzj5a9.ocx
c:\windows\system32\32635spamzot1fa9.exe
c:\windows\system32\32660hac9tooz55a.dll
c:\windows\system32\32z99ot-a-virus3c25.cpl
c:\windows\system32\3495threat8399z.dll
c:\windows\system32\34d5d9wn5oaderz12.dll
c:\windows\system32\3528zviru911a.exe
c:\windows\system32\355fsparse128z9.cpl
c:\windows\system32\355z9not-a-virus2d5.exe
c:\windows\system32\35a6sparse15z9.dll
c:\windows\system32\364459zkdoor3116.ocx
c:\windows\system32\3789s5arsez242.bin
c:\windows\system32\3795doznloader2333.ocx
c:\windows\system32\39850not-a-viruz728.bin
c:\windows\system32\3987za95tool1aa.exe
c:\windows\system32\3az95hreat32091.exe
c:\windows\system32\3b55sparse908z.exe
c:\windows\system32\3b5zthreat90050.exe
c:\windows\system32\3b98zo5nloader1784.ocx
c:\windows\system32\3c6bbackdooz17795.ocx
c:\windows\system32\3d4b9tzal5589.dll
c:\windows\system32\3d4dzwnloader2957.ocx
c:\windows\system32\3e9fzddware2295.cpl
c:\windows\system32\3fb9addwa9526z2.ocx
c:\windows\system32\3z225vi95sa3.dll
c:\windows\system32\3z2dsparse50189.dll
c:\windows\system32\405b5pyware910z.bin
c:\windows\system32\405sz9mbota1.dll
c:\windows\system32\41b4a59wzre2851.ocx
c:\windows\system32\425cthrzat5090.exe
c:\windows\system32\42c8backdozr3559.ocx
c:\windows\system32\447z9y51.dll
c:\windows\system32\4571spz5s997.ocx
c:\windows\system32\4578vi9usz2.dll
c:\windows\system32\45e4doz9l5ader2999.cpl
c:\windows\system32\4655sparse995z.dll
c:\windows\system32\46659aczdoor1465.bin
c:\windows\system32\4707bacz9oor521.exe
c:\windows\system32\479zp5rse73.dll
c:\windows\system32\48a5sp9ware29z7.bin
c:\windows\system32\48bctzi5f3469.cpl
c:\windows\system32\49409pars5479z.bin
c:\windows\system32\4995download5z3244.cpl
c:\windows\system32\49aetz5eat31990.exe
c:\windows\system32\4a1c9pyware97z5.ocx
c:\windows\system32\4afbz9ief5980.dll
c:\windows\system32\4cfba9kdzo5934.cpl
c:\windows\system32\4d73spy95re257z.exe
c:\windows\system32\4z95spywar9829.dll
c:\windows\system32\5015vi51938z.dll
c:\windows\system32\52337szy195.ocx
c:\windows\system32\5240ba5kdoor324z9.dll
c:\windows\system32\52796zirus94f.exe
c:\windows\system32\527bsp9wzre557.dll
c:\windows\system32\52z35s9ambot285.cpl
c:\windows\system32\531809orm3efz.ocx
c:\windows\system32\535zsp9ware3195.bin
c:\windows\system32\54978spyz4e.bin
c:\windows\system32\549zthreat20054.dll
c:\windows\system32\54z4w5rm2349.bin
c:\windows\system32\5502virz539.bin
c:\windows\system32\557bbac9door30z2.ocx
c:\windows\system32\5597threat1z668.bin
c:\windows\system32\55e0spazse915.ocx
c:\windows\system32\55z0spyware935.ocx
c:\windows\system32\55z5addware2901.exe
c:\windows\system32\5621hackz9ol3f8.dll
c:\windows\system32\56abthreat24z49.ocx
c:\windows\system32\5718addwa9e19z5.dll
c:\windows\system32\579spywarz517.exe
c:\windows\system32\57dbsp9rsez464.dll
c:\windows\system32\58f1spa5z92399.ocx
c:\windows\system32\591sp5mboz481.ocx
c:\windows\system32\592b5ckdoorz54.bin
c:\windows\system32\593cvi590z4.ocx
c:\windows\system32\5953sparsez701.ocx
c:\windows\system32\5957virz825.exe
c:\windows\system32\595faddwarz2142.cpl
c:\windows\system32\5977thiez9205.cpl
c:\windows\system32\59824tro9548z.ocx
c:\windows\system32\59c6bz95door1394.cpl
c:\windows\system32\59d9downlozder2761.exe
c:\windows\system32\59z7backd5or2305.bin
c:\windows\system32\59zcaddware1899.dll
c:\windows\system32\5b45hreaz29539.cpl
c:\windows\system32\5b79vi52345z.cpl
c:\windows\system32\5ceddowzloa5e92587.cpl
c:\windows\system32\5d9caddwa5e914z.exe
c:\windows\system32\5da2backdzor2493.ocx
c:\windows\system32\5ec9s9eal524z.ocx
c:\windows\system32\5f0bviz20269.cpl
c:\windows\system32\5f6bspaz5e905.cpl
c:\windows\system32\5f95vir229z.bin
c:\windows\system32\5fzathreat20892.bin
c:\windows\system32\5z229not-9-virus49d.bin
c:\windows\system32\5z779hreat24935.cpl
c:\windows\system32\610zwor913a5.dll
c:\windows\system32\6120add9a5e17z3.ocx
c:\windows\system32\6275sp9mbot5z4.ocx
c:\windows\system32\6399dowzloa5er1689.exe
c:\windows\system32\6547ad9ware163z.exe
c:\windows\system32\655da9dware1z73.ocx
c:\windows\system32\656fsp5rze1919.bin
c:\windows\system32\6693downloadez2959.cpl
c:\windows\system32\66e19ddwzre1651.dll
c:\windows\system32\6775st5a9z877.cpl
c:\windows\system32\67935azk9ool412.dll
c:\windows\system32\681a5hiefz91.bin
c:\windows\system32\681e5p9rse79z.exe
c:\windows\system32\6849spzrse27695.cpl
c:\windows\system32\6856t5oj496z.exe
c:\windows\system32\686zthie9255.exe
c:\windows\system32\688athzeat29845.ocx
c:\windows\system32\68b79d5ware296z.bin
c:\windows\system32\69275ackdzor9332.dll
c:\windows\system32\694zthi5f1185.cpl
c:\windows\system32\695cthreat2553z.cpl
c:\windows\system32\699cba9kz5or797.bin
c:\windows\system32\69dethi5f16z09.dll
c:\windows\system32\69e1zhreat279549.cpl
c:\windows\system32\6d95stz9l546.bin
c:\windows\system32\6f1dspywz9e18585.exe
c:\windows\system32\6z65steal699.bin
c:\windows\system32\6z75spy99.exe
c:\windows\system32\6zb9spyware529.exe
c:\windows\system32\6zd9backdoor1525.dll
c:\windows\system32\70935z9-a-virus6ee.bin
c:\windows\system32\72359tezl2909.exe
c:\windows\system32\7255addwa9ez475.bin
c:\windows\system32\72faadd95re885z.cpl
c:\windows\system32\73d9st9az19405.cpl
c:\windows\system32\7405not-a-zirus9df.cpl
c:\windows\system32\7406dow9loazer2858.exe
c:\windows\system32\74115ddware9z38.ocx
c:\windows\system32\7457add9are1z10.ocx
c:\windows\system32\7575steaz599.cpl
c:\windows\system32\75c1thr5at105z89.bin
c:\windows\system32\7658z9rus50.bin
c:\windows\system32\767da5dwa9e1z33.dll
c:\windows\system32\77z95hrea95533.exe
c:\windows\system32\79205py7a1z.ocx
c:\windows\system32\794zthie51243.ocx
c:\windows\system32\795ed5wnlo9derz277.dll
c:\windows\system32\79threatz72885.ocx
c:\windows\system32\7a8d9pyzare3592.dll
c:\windows\system32\7b55vir93z2.cpl
c:\windows\system32\7b94bac5dooz629.exe
c:\windows\system32\7e00d9wnloaderz545.bin
c:\windows\system32\7fc5d5wnloazer913.ocx
c:\windows\system32\7zafspar5e2967.bin
c:\windows\system32\805threat19835z.bin
c:\windows\system32\87809za5bot3c7.bin
c:\windows\system32\8849wo5mz0d9.cpl
c:\windows\system32\8890v9rz5a5.exe
c:\windows\system32\8dcthz9f1555.cpl
c:\windows\system32\8z31vi59se2.ocx
c:\windows\system32\908zwo5m289.exe
c:\windows\system32\90z55worm652.dll
c:\windows\system32\9105vzrus6ed.exe
c:\windows\system32\91305zack5ool3d3.ocx
c:\windows\system32\9175spyzc3.exe
c:\windows\system32\918z2w5rm314.exe
c:\windows\system32\91909vizus1f5.ocx
c:\windows\system32\9299zt5oj5ef.dll
c:\windows\system32\92d6ad5zare3203.cpl
c:\windows\system32\9315spazbot658.dll
c:\windows\system32\938ebackdoorz9035.exe
c:\windows\system32\946435acktzol3ef.exe
c:\windows\system32\95029not-azvirus369.cpl
c:\windows\system32\955165irus51z.exe
c:\windows\system32\95551viruz333.dll
c:\windows\system32\9593virzs292.cpl
c:\windows\system32\95948spz475.exe
c:\windows\system32\959dvir45z.ocx
c:\windows\system32\95z1spambo5155.ocx
c:\windows\system32\95z24tr5j74b.ocx
c:\windows\system32\969dviz564.ocx
c:\windows\system32\96z60virus305.cpl
c:\windows\system32\9759h5cktool49z.bin
c:\windows\system32\9759spz7085.cpl
c:\windows\system32\992dthi5fz327.bin
c:\windows\system32\992spazbo53159.cpl
c:\windows\system32\99671szy45.ocx
c:\windows\system32\9967zirus3a95.cpl
c:\windows\system32\996z5acktool3dc.exe
c:\windows\system32\998athzef2015.cpl
c:\windows\system32\99abac5door1z6.cpl
c:\windows\system32\99z6troj539.cpl
c:\windows\system32\9ca65hief105z.bin
c:\windows\system32\9cfcb5czdoor2984.ocx
c:\windows\system32\9f0d5hreat2z85.exe
c:\windows\system32\9z24s9y515.bin
c:\windows\system32\9z83spy575.ocx
c:\windows\system32\9z96backdoor2856.cpl
c:\windows\system32\a80zow9l5ader3014.cpl
c:\windows\system32\b309py5arz397.bin
c:\windows\system32\bf2downlo59er159z.dll
c:\windows\system32\d1cspy5are995z.bin
c:\windows\System32\drivers\MSIVXymvxxynydrfuxveeiirjnbvqxudktopr.sys
c:\windows\system32\e5ethrz9t22172.ocx
c:\windows\system32\e98downl5ader24z9.exe
c:\windows\system32\fc35teal19z2.exe
c:\windows\system32\ffdaddwaz52919.bin
c:\windows\system32\MSIVXcount

c:\windows\System32\MSIVXqtdbgigcokittvpsqljavudhcfxowgtk.dll
c:\windows\system32\MSIVXtigfwbmepqqltxxvwtwmcoiibuimwgpn.dll
c:\windows\system32\z078threat29325.ocx
c:\windows\system32\z1427t9o555b.exe
c:\windows\system32\z191spyware15045.exe
c:\windows\system32\z205do9nloader1955.exe
c:\windows\system32\z25vi95s1c5.bin
c:\windows\system32\z271thi5f9824.bin
c:\windows\system32\z3999hac5tool86.cpl
c:\windows\system32\z3e09par5e1772.cpl
c:\windows\system32\z41925py3799.dll
c:\windows\system32\z4943w9rm2c5.ocx
c:\windows\system32\z4950virus5249.ocx
c:\windows\system32\z55backdoor23059.ocx
c:\windows\system32\z685spamb9t5a1.ocx
c:\windows\system32\z955roje5.ocx
c:\windows\system32\z97thief1650.exe
c:\windows\system32\z9fvi52694.dll
c:\windows\system32\za53sp5rse1196.ocx
c:\windows\system32\zc379ddwa5e2999.ocx
c:\windows\system32\zd9h5ef2544.exe
c:\windows\system32\zeespa9se315.exe
c:\windows\system32\zf2dthreat35942.dll
c:\windows\z0098worm3145.bin
c:\windows\z28c59r1417.cpl
c:\windows\z3349w59m598.bin
c:\windows\z35caddwar91957.cpl
c:\windows\z439tro9510.bin
c:\windows\z4563wor5197.ocx
c:\windows\z4689pars5490.ocx
c:\windows\z5266hack9ool25c.ocx
c:\windows\z5293spambot36c9.dll
c:\windows\z5365troj95a.ocx
c:\windows\z59fspyware752.exe
c:\windows\z5d0vi92056.cpl
c:\windows\z6067virus509.bin
c:\windows\z61895rus290.cpl
c:\windows\z7117w9rm5a45.bin
c:\windows\z7ethief5793.cpl
c:\windows\z82cdown5oader19629.ocx
c:\windows\z8349pambot16d5.cpl
c:\windows\z8599no9-a5virus166.bin
c:\windows\z931sp956.bin
c:\windows\z94059y517.cpl
c:\windows\z9533worm1ac.cpl
c:\windows\z953spyw5re2434.dll
c:\windows\z9ebs5yware584.dll
c:\windows\zbesteal9757.bin
c:\windows\zcb1d9wnloader1459.ocx
c:\windows\zef5sparse25925.bin
c:\windows\zfd2vir96795.cpl
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-09-23 12:51 . 2009-09-23 12:51 10692 ----a-w- c:\windows\system32\495cztoolfb.dll
2009-08-10 20:18 . 2009-08-10 20:18 16145 ----a-w- c:\windows\system32\27889ot-a-vizus5.dll
2009-07-28 20:55 . 2009-07-28 20:55 -------- d-----w- c:\users\Sammy\AppData\Local\temp
2009-07-28 20:55 . 2009-07-28 20:56 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2009-07-28 20:55 . 2009-07-28 20:55 -------- d-----w- c:\users\Scarth\AppData\Local\temp
2009-07-28 20:55 . 2009-07-28 20:55 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2009-07-28 20:55 . 2009-07-28 20:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-28 20:32 . 2009-07-28 20:32 -------- d-----w- c:\programdata\SITEguard
2009-07-25 16:02 . 2009-07-25 16:02 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-24 21:21 . 2009-07-24 21:21 9072 ----a-w- c:\windows\system32\25224zot9a-viruse.exe
2009-07-24 20:07 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-24 20:07 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 20:07 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-24 20:07 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-24 18:09 . 2009-07-24 18:09 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 17:39 . 2009-07-24 17:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 15:27 . 2009-07-24 15:27 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 03:13 . 2009-07-24 03:13 -------- d-----w- c:\users\Susanne\AppData\Roaming\Malwarebytes
2009-07-24 03:08 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 03:08 . 2009-07-24 03:08 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 03:08 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 03:08 . 2009-07-28 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 21:11 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-23 21:11 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-23 21:11 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-23 21:11 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-23 21:11 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-23 21:10 . 2009-07-24 02:51 -------- d-----w- c:\users\Susanne\AppData\Roaming\Simply Super Software
2009-07-23 21:10 . 2009-07-23 21:10 -------- d-----w- c:\programdata\Simply Super Software
2009-07-23 20:01 . 2009-07-23 20:01 -------- d-----w- c:\program files\STOPzilla!
2009-07-23 20:01 . 2009-07-23 20:01 -------- d-----w- c:\program files\Common Files\iS3
2009-07-23 20:01 . 2009-07-28 20:33 -------- d-----w- c:\programdata\STOPzilla!
2009-07-20 18:57 . 2009-07-20 18:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-07-20 18:56 . 2009-07-20 18:56 311296 ----a-r- c:\windows\system32\SZBase5.dll
2009-07-20 18:56 . 2009-07-20 18:56 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-07-19 21:10 . 2009-07-19 21:10 -------- d-----w- c:\users\Susanne\AppData\Local\CurseClient
2009-07-16 20:08 . 2009-07-16 20:08 -------- d-----w- c:\users\Sammy\AppData\Local\Blizzard Entertainment
2009-07-16 00:58 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-16 00:58 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-15 20:32 . 2009-07-15 22:19 -------- d-----w- c:\users\Public\Games
2009-07-11 06:21 . 2009-07-11 06:21 -------- d-----w- c:\users\Scarth\AppData\Local\Mozilla
2009-07-09 19:52 . 2009-07-09 19:52 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-07-09 19:52 . 2009-07-09 19:52 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-07-09 19:51 . 2009-07-09 19:51 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-07-09 19:51 . 2009-07-09 19:51 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-07-09 19:51 . 2009-07-09 19:51 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-07-09 19:50 . 2009-07-09 19:50 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-07-09 19:50 . 2009-07-09 19:50 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-07-09 19:50 . 2009-07-09 19:50 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-07-09 19:47 . 2009-07-09 19:47 724992 ----a-r- c:\windows\system32\IS3Base5.dll
2009-07-08 14:13 . 2009-07-08 14:13 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-07-08 14:12 . 2009-07-08 14:12 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-07-01 03:14 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-01 03:14 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-01 03:14 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-01 03:14 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-01 03:14 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-01 03:14 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-01 03:14 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-01 03:07 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-01 03:07 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-01 03:07 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-01 03:07 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-01 03:07 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-29 22:54 . 2009-06-29 23:08 -------- d-----w- c:\users\Melissa\AppData\Local\FullTiltPoker
2009-06-29 22:47 . 2009-07-24 17:13 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-29 22:40 . 2009-06-29 22:40 -------- d-----w- c:\users\Melissa\AppData\Roaming\WildTangent

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 20:31 . 2009-02-27 00:22 -------- d-----w- c:\users\Sammy\AppData\Roaming\DNA
2009-07-28 20:31 . 2009-04-08 21:59 -------- d-----w- c:\users\Susanne\AppData\Roaming\DNA
2009-07-28 20:11 . 2009-04-15 23:41 -------- d-----w- c:\program files\Steam
2009-07-28 19:41 . 2008-11-27 01:01 -------- d-----w- c:\users\Sammy\AppData\Roaming\Apple Computer
2009-07-28 17:46 . 2008-02-27 00:47 -------- d-----w- c:\program files\BigFix
2009-07-28 17:46 . 2008-02-27 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 16:56 . 2008-02-27 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 16:55 . 2008-02-27 00:35 -------- d-----w- c:\programdata\Symantec
2009-07-28 15:15 . 2008-07-02 00:08 8268 ----a-w- c:\users\Susanne\AppData\Local\d3d9caps.dat
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-27 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-27 21:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-27 21:47 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-26 01:33 . 2008-12-10 17:39 -------- d-----w- c:\users\Melissa\AppData\Roaming\DNA
2009-07-26 01:26 . 2009-03-22 10:48 -------- d-----w- c:\users\Melissa\AppData\Roaming\IMVU
2009-07-24 17:27 . 2008-12-12 18:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 16:58 . 2008-10-09 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 16:52 . 2008-10-09 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-24 01:11 . 2008-09-25 21:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-24 01:09 . 2008-12-13 02:20 -------- d-----w- c:\program files\Yahoo!
2009-07-22 23:40 . 2009-06-17 14:16 -------- d-----w- c:\users\Scarth\AppData\Roaming\Apple Computer
2009-07-16 01:04 . 2009-01-22 21:14 -------- d-----w- c:\program files\DNA
2009-07-12 12:44 . 2009-06-22 02:07 -------- d-----w- c:\program files\Curse
2009-07-11 11:55 . 2008-08-06 13:50 680 ----a-w- c:\users\Sammy\AppData\Local\d3d9caps.dat
2009-07-09 21:05 . 2008-06-29 21:30 74208 ----a-w- c:\users\Scarth\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-05 18:34 . 2009-04-15 23:41 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 23:08 . 2008-07-02 19:53 74208 ----a-w- c:\users\Sammy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 23:04 . 2008-07-01 23:24 74208 ----a-w- c:\users\Susanne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 11:08 . 2008-09-11 10:00 74208 ----a-w- c:\users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-01 07:05 . 2008-02-27 00:48 -------- d-----w- c:\programdata\Microsoft Help
2009-06-26 02:47 . 2008-07-11 23:09 -------- d-----w- c:\users\Susanne\AppData\Roaming\Apple Computer
2009-06-26 00:17 . 2008-09-26 02:08 -------- d-----w- c:\program files\Safari
2009-06-26 00:15 . 2009-06-26 00:14 -------- d-----w- c:\program files\iTunes
2009-06-26 00:14 . 2009-06-26 00:14 -------- d-----w- c:\program files\iPod
2009-06-26 00:14 . 2008-07-11 23:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-26 00:14 . 2008-07-11 23:08 -------- d-----w- c:\programdata\Apple Computer
2009-06-26 00:12 . 2008-07-11 23:08 -------- d-----w- c:\program files\QuickTime
2009-06-26 00:05 . 2009-06-26 00:05 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\users\Melissa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-20 18:44 . 2009-06-20 18:44 -------- d-----w- c:\programdata\PMB Files
2009-06-20 18:43 . 2009-06-20 18:43 -------- d-----w- c:\program files\Pando Networks
2009-06-20 16:06 . 2009-06-20 16:06 -------- d-----w- c:\users\Sammy\AppData\Roaming\PlayFirst
2009-06-18 10:21 . 2009-02-08 18:14 14609464 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-06-18 06:02 . 2008-02-27 00:56 -------- d-----w- c:\program files\Gateway Games
2009-06-14 01:47 . 2009-01-31 14:33 34 ----a-w- c:\users\Sammy\jagex_runescape_preferences.dat
2009-06-12 16:39 . 2009-06-12 16:39 272384 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2009-06-12 16:39 . 2009-06-12 16:39 192512 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2009-06-12 16:39 . 2009-06-12 16:39 258048 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2009-06-12 16:39 . 2009-06-12 16:39 -------- d-----w- c:\users\Sammy\AppData\Roaming\Acreon
2009-06-12 02:23 . 2009-06-11 12:59 34 ----a-w- c:\users\Guest\jagex_runescape_preferences.dat
2009-06-11 07:08 . 2008-02-27 00:44 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-30 22:54 . 2009-05-30 22:54 -------- d-----w- c:\program files\PlayFirst
2009-05-18 15:30 . 2009-05-18 15:30 130632 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-12 18:13 . 2009-05-12 18:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-08 00:16 . 2009-05-08 00:16 0 ----a-w- c:\windows\nsreg.dat
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 12:37 . 2009-06-13 11:54 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 11:54 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-28 16:48 . 2009-05-08 00:16 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"BitTorrent DNA"="c:\users\Susanne\Program Files\DNA\btdna.exe" [2009-06-16 342848]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 29744]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"FBSearch"="c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe" [2008-11-26 325504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-31 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-3-21 2979664]

c:\users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8a,9a,83,6c,8d,0c,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{580D9865-0021-4444-A105-C16295ADD629}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A9F85C3-020D-4862-A812-E0D0F5264F81}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C94BB8BE-44C6-421A-B71D-417C6FDC51F6}"= UDP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"{08628826-AAF3-4F7D-8415-A36597F5639D}"= TCP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"{3747D693-E677-425C-8351-0E9F4A7E6DDF}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F1E0D42D-3D65-4E34-8F7D-924DF192609B}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{33904EE1-7850-48BA-AD6E-FA4EC2735161}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{BBA43F7A-448A-4D8D-B8A0-BC5B9DC25424}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{1580CEC2-AE93-494E-B766-30556A13512B}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{6917F843-F2D3-4ED5-8A07-D4C3793BFD2F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{3765C40F-04EB-4292-8D27-828CDBA5B349}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E8C3CD6-D0E5-4EFD-9A5E-06BF91D47B39}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{37219342-98C9-4A7D-9E91-C9066DC494F3}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC137143-6BBE-4BA6-A8D2-432BAFF0DEC4}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{904A1DFA-1B96-42B5-BC8F-B153B57327A2}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FD90D75C-EFA4-4ACF-9FE3-DFCA7CC9B5A9}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E6BEDD4-7BC2-42BF-A86B-079008402F6A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1781EFDE-944A-4770-98D1-D5087118C9F9}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{42B60B18-5DC8-4A15-AC7B-1D502BB184D3}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5479579-5EAD-473E-A04A-7A8BDC3F3D5D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F4F1645-F2DD-4C7E-B991-3692A2CEE56F}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4AD593B7-B961-4163-9B12-C851A4F78248}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2C7BFF6-DB94-478F-9616-AE21BFA77BC6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{D605B85A-CCE7-4C9E-ADD3-803A96DC183F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{AC48CAD1-A7E8-4324-B06E-A81744303B76}"= UDP:3724:Blizzard Downloader: 3724
"{C0762989-9283-47AA-9B68-F44EA8E3DD34}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{80E76CAF-C531-4A68-9528-7415AF51320A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BB98C6AD-93FB-48D2-8F1B-25A5DFFE18CB}"= UDP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{E3C928CC-86A7-4FC9-B68F-673D84878097}"= TCP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{622BBCC4-BBBD-4061-B2D8-07752B9DD977}"= UDP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{FFD758FD-373B-4C03-8377-CCA63570D8B0}"= TCP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{BB14EA8E-9CBB-4ADA-BD7D-8FC2DD8B79DC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B21A4F46-3A67-4586-8514-2BEE1CB0CFE2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E3E34F5-B8A6-4BF7-8E00-0052D224FCEA}"= UDP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{92FC8A1F-FC2B-4423-A5BD-1E9DC544B2AA}"= TCP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{6D156B54-360F-4043-B6A7-3E69E960D3FE}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{51682368-2632-4FCB-934C-6C29967BB477}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{5316CB00-19A0-4086-B64A-702F6F039486}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3E9B7056-AAAA-46D2-B8B3-719BBEC760E5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{CD0E94A3-3920-4729-9A90-B0A3D96ACA78}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{DA313732-FB90-4CD2-82EF-AC5A3D6C6D04}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{D50F0124-C90D-463D-9C69-D28D69C4716F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{B36926E3-61AD-4E56-816E-A7DDFA63839A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{FC6B66FE-FE8B-4F2D-8687-36966E366987}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E54D4552-9C9E-4DDE-8B30-269384ED421A}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{04A53025-D80E-45AD-A1E3-264805C96646}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23451A0B-21FC-48CF-99FF-28F8BD961866}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{1D0D9A4D-B963-469D-AE45-FE038F5295F8}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{BB3EEFB6-D764-422C-8368-4EBEA3406B39}"= UDP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War
"{FE0A5037-0621-4B93-9D61-DC269B35A9E7}"= TCP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War
"{4796C4FA-4B4E-4794-B343-044592A373A2}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{FC25AE85-9273-4A4C-95C8-EB9C61335F0D}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B4C03DD9-2E04-41C3-A75B-F607D11BAE53}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB72B592-0E83-4BBB-AB66-3BEA553662B3}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{AD485FD7-79EB-4971-B039-452D8596399D}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{3ED01D80-297D-4A2C-8D0B-4F8E742F7F34}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D6357898-52C5-41E4-B3AD-0F45F6C53173}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{C4DE945B-C43B-4BE4-96A4-4F6B04675ED0}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{29EC8CB7-A8D9-4E8C-BE18-408F1FE6660A}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{C233235B-8110-43D0-898D-AD7D9F5CE004}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{7D924CC3-D25D-45AF-A9A0-8D72FAF6D74A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7F01E935-2DB7-46B2-863C-8E6DB66E0B38}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{85474EAC-A91F-47F1-9F13-41C1BD0895BE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E0E049AC-8EDF-4F60-BCFC-9434E685392C}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{69C357A9-C86A-4D4E-9D7B-B43ECEBCBE4E}"= UDP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{ABCEC3B4-1AE4-402B-993B-978B4CE31A9D}"= TCP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R0 szkg5;szkg;c:\windows\System32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/8/2009 1:33 PM 108289]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/15/2008 4:46 PM 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/17/2007 11:13 AM 523816]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S2 gupdate1c996bd85a554c0;Google Update Service (gupdate1c996bd85a554c0);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 4:21 PM 133104]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2008 8:47 PM 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 6:25 AM 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-07-26 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2008-09-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 20:21]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 20:21]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4256181935-640867506-358008855-1005Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 22:46]

2009-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4256181935-640867506-358008855-1005UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 22:46]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.ironmaiden.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\4d6whmf9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ironmaiden.com/
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Susanne\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 16:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe??????????????????????????????

scanning hidden files ...


c:\users\Susanne\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\Avenger

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-28 17:00
ComboFix-quarantined-files.txt 2009-07-28 21:00

Pre-Run: 164,657,307,648 bytes free
Post-Run: 166,893,473,792 bytes free

1174 --- E O F --- 2009-07-28 17:40

Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\495cztoolfb.dll
c:\windows\system32\27889ot-a-vizus5.dll

Driver::
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-08-03.03 - Susanne 08/03/2009 17:26.2.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3070.1668 [GMT -4:00]
Running from: c:\users\Susanne\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Susanne\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\27889ot-a-vizus5.dll"
"c:\windows\system32\495cztoolfb.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Melissa\Favorites\YouTube - ...Vampire Knight Guilty ON-OFF - Rondo....url
c:\users\Susanne\FAVORI~1\BB&T .url
c:\users\Susanne\FAVORI~1\XE.com Conversion .url
c:\users\Susanne\Favorites\BB&T .url
c:\users\Susanne\Favorites\XE.com Conversion .url
c:\windows\system32\27889ot-a-vizus5.dll
c:\windows\system32\495cztoolfb.dll
c:\windows\TEMP\wrd532157c.~lk\0.mdd
c:\windows\TEMP\wrd532157c.~lk\1.mdd
c:\windows\TEMP\wrd532157c.~lk\2.mdd
c:\windows\TEMP\wrd532157c.~lk\3.mdd
c:\windows\TEMP\wrd532157c.~lk\4.mdd
c:\windows\TEMP\wrd532157c.~lk\5.mdd
c:\windows\TEMP\wrd532157c.~lk\6.mdd

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 21:37 . 2009-08-03 21:38 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2009-08-03 21:37 . 2009-08-03 21:37 -------- d-----w- c:\users\Scarth\AppData\Local\temp
2009-08-03 21:37 . 2009-08-03 21:37 -------- d-----w- c:\users\Sammy\AppData\Local\temp
2009-08-03 21:37 . 2009-08-03 21:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-29 22:13 . 2009-07-29 22:13 -------- d-----w- c:\users\Guest\AppData\Local\CurseClient
2009-07-28 21:00 . 2009-08-03 21:40 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2009-07-28 20:32 . 2009-07-29 19:12 -------- d-----w- c:\programdata\SITEguard
2009-07-25 16:02 . 2009-07-25 16:02 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-24 21:21 . 2009-07-24 21:21 9072 ----a-w- c:\windows\system32\25224zot9a-viruse.exe
2009-07-24 20:07 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-24 20:07 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-24 20:07 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-24 20:07 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-24 18:09 . 2009-07-24 18:09 -------- d-----w- c:\windows\system32\EventProviders
2009-07-24 17:39 . 2009-07-24 17:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-24 15:27 . 2009-07-24 15:27 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-24 03:13 . 2009-07-24 03:13 -------- d-----w- c:\users\Susanne\AppData\Roaming\Malwarebytes
2009-07-24 03:08 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 03:08 . 2009-07-24 03:08 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 03:08 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-24 03:08 . 2009-08-02 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 21:11 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-23 21:11 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-23 21:11 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-23 21:11 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-07-23 21:11 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-23 21:10 . 2009-07-24 02:51 -------- d-----w- c:\users\Susanne\AppData\Roaming\Simply Super Software
2009-07-23 21:10 . 2009-07-23 21:10 -------- d-----w- c:\programdata\Simply Super Software
2009-07-23 20:01 . 2009-07-23 20:01 -------- d-----w- c:\program files\Common Files\iS3
2009-07-23 20:01 . 2009-07-31 04:52 -------- d-----w- c:\programdata\STOPzilla!
2009-07-19 21:10 . 2009-07-19 21:10 -------- d-----w- c:\users\Susanne\AppData\Local\CurseClient
2009-07-16 20:08 . 2009-07-16 20:08 -------- d-----w- c:\users\Sammy\AppData\Local\Blizzard Entertainment
2009-07-15 20:32 . 2009-07-15 22:19 -------- d-----w- c:\users\Public\Games
2009-07-11 06:21 . 2009-07-11 06:21 -------- d-----w- c:\users\Scarth\AppData\Local\Mozilla
2009-07-08 14:13 . 2009-07-08 14:13 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-07-08 14:12 . 2009-07-08 14:12 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 21:38 . 2008-12-10 17:39 -------- d-----w- c:\users\Melissa\AppData\Roaming\DNA
2009-08-03 21:38 . 2009-02-27 00:22 -------- d-----w- c:\users\Sammy\AppData\Roaming\DNA
2009-08-03 21:38 . 2009-04-08 21:59 -------- d-----w- c:\users\Susanne\AppData\Roaming\DNA
2009-08-03 21:13 . 2008-09-11 10:00 74208 ----a-w- c:\users\Melissa\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 18:08 . 2008-07-02 19:53 74208 ----a-w- c:\users\Sammy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-02 21:21 . 2008-10-09 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-02 21:18 . 2009-04-15 23:41 -------- d-----w- c:\program files\Steam
2009-08-02 21:17 . 2008-07-01 23:24 74208 ----a-w- c:\users\Susanne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-02 20:45 . 2008-09-15 21:24 74208 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-31 22:47 . 2009-03-03 03:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 04:44 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-31 04:37 . 2008-10-09 20:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-29 23:17 . 2009-03-28 12:25 -------- d-----w- c:\program files\Perfect World Entertainment
2009-07-28 19:41 . 2008-11-27 01:01 -------- d-----w- c:\users\Sammy\AppData\Roaming\Apple Computer
2009-07-28 17:46 . 2008-02-27 00:47 -------- d-----w- c:\program files\BigFix
2009-07-28 17:46 . 2008-02-27 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-28 16:56 . 2008-02-27 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 16:55 . 2008-02-27 00:35 -------- d-----w- c:\programdata\Symantec
2009-07-28 15:15 . 2008-07-02 00:08 8268 ----a-w- c:\users\Susanne\AppData\Local\d3d9caps.dat
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-27 22:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-27 22:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-27 21:56 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-26 01:26 . 2009-03-22 10:48 -------- d-----w- c:\users\Melissa\AppData\Roaming\IMVU
2009-07-24 17:27 . 2008-12-12 18:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 17:13 . 2009-06-29 22:47 -------- d-----w- c:\program files\Full Tilt Poker
2009-07-24 01:11 . 2008-09-25 21:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-24 01:09 . 2008-12-13 02:20 -------- d-----w- c:\program files\Yahoo!
2009-07-22 23:40 . 2009-06-17 14:16 -------- d-----w- c:\users\Scarth\AppData\Roaming\Apple Computer
2009-07-21 21:52 . 2009-07-28 18:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-28 18:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-28 18:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-28 18:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 01:04 . 2009-01-22 21:14 -------- d-----w- c:\program files\DNA
2009-07-12 12:44 . 2009-06-22 02:07 -------- d-----w- c:\program files\Curse
2009-07-11 11:55 . 2008-08-06 13:50 680 ----a-w- c:\users\Sammy\AppData\Local\d3d9caps.dat
2009-07-09 21:05 . 2008-06-29 21:30 74208 ----a-w- c:\users\Scarth\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-05 18:34 . 2009-04-15 23:41 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 07:05 . 2008-02-27 00:48 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 22:40 . 2009-06-29 22:40 -------- d-----w- c:\users\Melissa\AppData\Roaming\WildTangent
2009-06-26 02:47 . 2008-07-11 23:09 -------- d-----w- c:\users\Susanne\AppData\Roaming\Apple Computer
2009-06-26 00:17 . 2008-09-26 02:08 -------- d-----w- c:\program files\Safari
2009-06-26 00:15 . 2009-06-26 00:14 -------- d-----w- c:\program files\iTunes
2009-06-26 00:14 . 2009-06-26 00:14 -------- d-----w- c:\program files\iPod
2009-06-26 00:14 . 2008-07-11 23:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-26 00:14 . 2008-07-11 23:08 -------- d-----w- c:\programdata\Apple Computer
2009-06-26 00:12 . 2008-07-11 23:08 -------- d-----w- c:\program files\QuickTime
2009-06-26 00:05 . 2009-06-26 00:05 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\users\Melissa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-20 18:44 . 2009-06-20 18:44 -------- d-----w- c:\programdata\PMB Files
2009-06-20 18:43 . 2009-06-20 18:43 -------- d-----w- c:\program files\Pando Networks
2009-06-20 16:06 . 2009-06-20 16:06 -------- d-----w- c:\users\Sammy\AppData\Roaming\PlayFirst
2009-06-18 10:21 . 2009-02-08 18:14 14609464 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-06-18 06:02 . 2008-02-27 00:56 -------- d-----w- c:\program files\Gateway Games
2009-06-14 01:47 . 2009-01-31 14:33 34 ----a-w- c:\users\Sammy\jagex_runescape_preferences.dat
2009-06-12 16:39 . 2009-06-12 16:39 272384 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
2009-06-12 16:39 . 2009-06-12 16:39 192512 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Libraries\wmweb.dll
2009-06-12 16:39 . 2009-06-12 16:39 258048 ----a-w- c:\users\Sammy\AppData\Roaming\Acreon\WowMatrix\Libraries\wmzip.dll
2009-06-12 16:39 . 2009-06-12 16:39 -------- d-----w- c:\users\Sammy\AppData\Roaming\Acreon
2009-06-12 02:23 . 2009-06-11 12:59 34 ----a-w- c:\users\Guest\jagex_runescape_preferences.dat
2009-06-11 07:08 . 2008-02-27 00:44 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-18 15:30 . 2009-05-18 15:30 130632 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-08 00:16 . 2009-05-08 00:16 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 16:48 . 2009-05-08 00:16 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-28_20.56.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-28 18:11 . 2009-07-22 05:58 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iesetup.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\iernonce.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iesetup.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\iernonce.dll
+ 2009-07-28 18:11 . 2009-07-22 04:26 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedssync.exe
+ 2009-07-28 18:11 . 2009-07-22 05:59 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\msfeedsbs.dll
+ 2009-07-28 18:11 . 2009-07-21 20:13 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedssync.exe
+ 2009-07-28 18:11 . 2009-07-21 21:48 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\msfeedsbs.dll
+ 2009-07-28 18:11 . 2009-07-22 06:03 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\WininetPlugin.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\jsproxy.dll
+ 2009-07-28 18:11 . 2009-07-21 21:52 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\WininetPlugin.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\jsproxy.dll
+ 2008-01-21 01:58 . 2009-08-03 21:41 44888 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-28 20:34 78416 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-03 21:41 78416 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-16 00:57 . 2009-03-08 11:31 13312 c:\windows\System32\msfeedssync.exe
+ 2009-07-28 18:11 . 2009-07-21 20:13 13312 c:\windows\System32\msfeedssync.exe
- 2009-07-16 00:57 . 2009-03-08 11:31 55296 c:\windows\System32\msfeedsbs.dll
+ 2009-07-28 18:11 . 2009-07-21 21:48 55296 c:\windows\System32\msfeedsbs.dll
- 2009-07-16 00:58 . 2009-05-09 05:50 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-07-28 18:11 . 2009-07-21 21:52 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-07-16 00:58 . 2009-05-09 05:35 25600 c:\windows\System32\jsproxy.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 25600 c:\windows\System32\jsproxy.dll
- 2009-07-16 00:58 . 2009-05-09 05:34 55808 c:\windows\System32\iernonce.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 55808 c:\windows\System32\iernonce.dll
- 2008-06-29 21:29 . 2009-07-28 20:35 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-29 21:29 . 2009-08-03 21:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-29 21:29 . 2009-07-28 20:35 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-29 21:29 . 2009-08-03 21:27 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-28 22:20 . 2009-07-28 22:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009072820090729\index.dat
+ 2008-06-29 21:29 . 2009-08-03 21:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-29 21:29 . 2009-07-28 20:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-29 15:55 . 2008-10-29 07:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-29 15:55 . 2009-07-29 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-29 15:55 . 2009-07-29 01:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-29 15:55 . 2008-10-29 07:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-29 15:55 . 2009-07-29 01:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-29 15:55 . 2008-10-29 07:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-02 20:45 . 2009-08-02 20:45 29926 c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
- 2009-06-11 07:35 . 2009-06-11 07:35 29926 c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2006-11-02 10:25 . 2009-07-31 04:45 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-28 16:55 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-28 16:55 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 04:45 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-31 04:45 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-28 16:55 51200 c:\windows\inf\infpub.dat
+ 2009-01-08 10:44 . 2009-07-29 21:33 1696 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4256181935-640867506-358008855-501_UserData.bin
+ 2008-09-13 10:17 . 2009-07-31 12:03 4524 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4256181935-640867506-358008855-1005_UserData.bin
+ 2008-07-16 16:37 . 2009-08-02 13:12 6572 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4256181935-640867506-358008855-1002_UserData.bin
+ 2008-07-01 23:26 . 2009-08-03 21:41 8198 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4256181935-640867506-358008855-1001_UserData.bin
+ 2009-07-28 18:11 . 2009-07-22 05:58 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieui.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieui.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22903_none_ff07db25e8e4acd8\iesysprep.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18813_none_fe736e6ecfcf28ff\iesysprep.dll
+ 2009-07-28 18:11 . 2009-07-22 04:27 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22903_none_a94676798d617013\ie4uinit.exe
+ 2009-07-28 18:11 . 2009-07-21 20:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe
+ 2009-07-28 18:11 . 2009-07-22 06:02 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\sqmapi.dll
+ 2009-07-28 18:11 . 2009-07-21 21:51 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\sqmapi.dll
+ 2009-07-28 18:11 . 2009-07-22 06:01 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22903_none_1a9c2981430b3c56\occache.dll
+ 2009-07-28 18:11 . 2009-07-21 21:50 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18813_none_1a07bcca29f5b87d\occache.dll
+ 2009-07-28 18:11 . 2009-07-22 06:04 638232 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
+ 2009-07-28 18:11 . 2009-07-22 04:27 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\ieUnatt.exe
+ 2009-07-28 18:11 . 2009-07-21 21:53 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
+ 2009-07-28 18:11 . 2009-07-21 20:13 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\ieUnatt.exe
+ 2009-07-28 18:11 . 2009-07-22 05:58 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22903_none_2b02f14ac9212978\IEShims.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18813_none_2a6e8493b00ba59f\IEShims.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22903_none_73a4a5b47978c30a\ieproxy.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18813_none_731038fd60633f31\ieproxy.dll
+ 2009-07-28 18:11 . 2009-07-22 05:59 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22903_none_435c4ba1695e8b43\msfeeds.dll
+ 2009-07-28 18:11 . 2009-07-21 21:48 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18813_none_42c7deea5049076a\msfeeds.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22903_none_2039460420f600ed\iepeers.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18813_none_1fa4d94d07e07d14\iepeers.dll
+ 2009-07-28 18:11 . 2009-07-22 05:58 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22903_none_57c62dce86655952\iedkcs32.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 386048 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18813_none_5731c1176d4fd579\iedkcs32.dll
+ 2009-07-28 18:11 . 2009-07-22 06:03 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22903_none_e55eb4d2d0bb388b\wininet.dll
+ 2009-07-28 18:11 . 2009-07-21 21:52 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18813_none_e4ca481bb7a5b4b2\wininet.dll
+ 2008-06-29 23:07 . 2009-08-02 20:37 278422 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-08-02 21:21 634234 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-28 20:40 634234 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-08-02 21:21 117438 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-28 20:40 117438 c:\windows\System32\perfc009.dat
+ 2009-07-28 18:11 . 2009-07-21 21:50 206848 c:\windows\System32\occache.dll
- 2009-07-16 00:57 . 2009-03-08 11:32 594432 c:\windows\System32\msfeeds.dll
+ 2009-07-28 18:11 . 2009-07-21 21:48 594432 c:\windows\System32\msfeeds.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 164352 c:\windows\System32\ieui.dll
- 2009-07-16 00:58 . 2009-05-09 05:34 164352 c:\windows\System32\ieui.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 184320 c:\windows\System32\iepeers.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 386048 c:\windows\System32\iedkcs32.dll
- 2009-07-16 00:58 . 2009-05-09 03:36 173056 c:\windows\System32\ie4uinit.exe
+ 2009-07-28 18:11 . 2009-07-21 20:13 173056 c:\windows\System32\ie4uinit.exe
+ 2006-11-02 12:47 . 2009-08-02 21:15 306952 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-07-27 22:11 306952 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-16 01:01 . 2009-08-03 21:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-16 01:01 . 2009-07-28 17:46 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-29 01:36 . 2009-07-29 01:36 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-28 18:11 . 2009-07-22 05:58 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22903_none_2b196baebb6c56e8\iertutil.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18813_none_2a84fef7a256d30f\iertutil.dll
+ 2009-07-28 18:11 . 2009-07-22 05:59 5938176 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22903_none_f6b8d3f15111a1c1\mshtml.dll
+ 2009-07-28 18:11 . 2009-07-21 21:48 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18813_none_f624673a37fc1de8\mshtml.dll
+ 2009-07-28 18:11 . 2009-07-22 06:02 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22903_none_9858d93105b211f8\urlmon.dll
+ 2009-07-28 18:11 . 2009-07-21 21:52 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18813_none_97c46c79ec9c8e1f\urlmon.dll
+ 2009-07-28 18:11 . 2009-07-21 21:52 1208832 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-07-31 04:41 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-28 17:41 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-28 18:11 . 2009-07-21 21:48 5937152 c:\windows\System32\mshtml.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 1985536 c:\windows\System32\iertutil.dll
+ 2009-07-30 05:15 . 2009-07-30 05:15 3295232 c:\windows\Installer\1a85c8f.msi
+ 2009-07-28 18:11 . 2009-07-22 05:58 11068416 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22903_none_48182df4dd072fee\ieframe.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 11067392 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18813_none_4783c13dc3f1ac15\ieframe.dll
+ 2009-07-28 18:11 . 2009-07-21 21:47 11067392 c:\windows\System32\ieframe.dll
+ 2009-07-31 20:32 . 2009-07-31 20:32 15705600 c:\windows\Installer\1d47f2d.msp
+ 2009-06-04 07:01 . 2009-07-31 04:21 192820242 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
"BitTorrent DNA"="c:\users\Susanne\Program Files\DNA\btdna.exe" [2009-06-16 342848]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ButtonMonitor"="c:\program files\IOI\ButtonMonitor.exe" [2007-05-11 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-25 29744]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"FBSearch"="c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe" [2008-11-26 325504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-31 4702208]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

c:\users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Sammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-3-21 2979664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8a,9a,83,6c,8d,0c,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{580D9865-0021-4444-A105-C16295ADD629}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A9F85C3-020D-4862-A812-E0D0F5264F81}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C94BB8BE-44C6-421A-B71D-417C6FDC51F6}"= UDP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"{08628826-AAF3-4F7D-8415-A36597F5639D}"= TCP:c:\windows\System32\lxdccoms.exe:1300 Series Server
"{3747D693-E677-425C-8351-0E9F4A7E6DDF}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F1E0D42D-3D65-4E34-8F7D-924DF192609B}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{33904EE1-7850-48BA-AD6E-FA4EC2735161}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{BBA43F7A-448A-4D8D-B8A0-BC5B9DC25424}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{1580CEC2-AE93-494E-B766-30556A13512B}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{6917F843-F2D3-4ED5-8A07-D4C3793BFD2F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{3765C40F-04EB-4292-8D27-828CDBA5B349}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E8C3CD6-D0E5-4EFD-9A5E-06BF91D47B39}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{37219342-98C9-4A7D-9E91-C9066DC494F3}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC137143-6BBE-4BA6-A8D2-432BAFF0DEC4}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{904A1DFA-1B96-42B5-BC8F-B153B57327A2}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FD90D75C-EFA4-4ACF-9FE3-DFCA7CC9B5A9}"= Profile=Private|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5E6BEDD4-7BC2-42BF-A86B-079008402F6A}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1781EFDE-944A-4770-98D1-D5087118C9F9}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{42B60B18-5DC8-4A15-AC7B-1D502BB184D3}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F5479579-5EAD-473E-A04A-7A8BDC3F3D5D}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7F4F1645-F2DD-4C7E-B991-3692A2CEE56F}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4AD593B7-B961-4163-9B12-C851A4F78248}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2C7BFF6-DB94-478F-9616-AE21BFA77BC6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{D605B85A-CCE7-4C9E-ADD3-803A96DC183F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{AC48CAD1-A7E8-4324-B06E-A81744303B76}"= UDP:3724:Blizzard Downloader: 3724
"{C0762989-9283-47AA-9B68-F44EA8E3DD34}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{80E76CAF-C531-4A68-9528-7415AF51320A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{BB98C6AD-93FB-48D2-8F1B-25A5DFFE18CB}"= UDP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{E3C928CC-86A7-4FC9-B68F-673D84878097}"= TCP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{622BBCC4-BBBD-4061-B2D8-07752B9DD977}"= UDP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{FFD758FD-373B-4C03-8377-CCA63570D8B0}"= TCP:c:\users\Melissa\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{BB14EA8E-9CBB-4ADA-BD7D-8FC2DD8B79DC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B21A4F46-3A67-4586-8514-2BEE1CB0CFE2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E3E34F5-B8A6-4BF7-8E00-0052D224FCEA}"= UDP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{92FC8A1F-FC2B-4423-A5BD-1E9DC544B2AA}"= TCP:c:\program files\Outspark\Project Powder\Run.exe:ProjectPowder
"{6D156B54-360F-4043-B6A7-3E69E960D3FE}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{51682368-2632-4FCB-934C-6C29967BB477}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{5316CB00-19A0-4086-B64A-702F6F039486}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3E9B7056-AAAA-46D2-B8B3-719BBEC760E5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{CD0E94A3-3920-4729-9A90-B0A3D96ACA78}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{DA313732-FB90-4CD2-82EF-AC5A3D6C6D04}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{D50F0124-C90D-463D-9C69-D28D69C4716F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{B36926E3-61AD-4E56-816E-A7DDFA63839A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{FC6B66FE-FE8B-4F2D-8687-36966E366987}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{E54D4552-9C9E-4DDE-8B30-269384ED421A}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{04A53025-D80E-45AD-A1E3-264805C96646}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{23451A0B-21FC-48CF-99FF-28F8BD961866}"= UDP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (TCP-In)
"{1D0D9A4D-B963-469D-AE45-FE038F5295F8}"= TCP:c:\users\Sammy\AppData\Local\Temp\btdna.exe:DNA (UDP-In)
"{BB3EEFB6-D764-422C-8368-4EBEA3406B39}"= UDP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War
"{FE0A5037-0621-4B93-9D61-DC269B35A9E7}"= TCP:c:\program files\Steam\SteamApps\common\empire total war\Empire.exe:Empire: Total War
"{4796C4FA-4B4E-4794-B343-044592A373A2}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{FC25AE85-9273-4A4C-95C8-EB9C61335F0D}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{B4C03DD9-2E04-41C3-A75B-F607D11BAE53}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DB72B592-0E83-4BBB-AB66-3BEA553662B3}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{AD485FD7-79EB-4971-B039-452D8596399D}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{3ED01D80-297D-4A2C-8D0B-4F8E742F7F34}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D6357898-52C5-41E4-B3AD-0F45F6C53173}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{C4DE945B-C43B-4BE4-96A4-4F6B04675ED0}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"{29EC8CB7-A8D9-4E8C-BE18-408F1FE6660A}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{C233235B-8110-43D0-898D-AD7D9F5CE004}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{7D924CC3-D25D-45AF-A9A0-8D72FAF6D74A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7F01E935-2DB7-46B2-863C-8E6DB66E0B38}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{85474EAC-A91F-47F1-9F13-41C1BD0895BE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E0E049AC-8EDF-4F60-BCFC-9434E685392C}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{69C357A9-C86A-4D4E-9D7B-B43ECEBCBE4E}"= UDP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{ABCEC3B4-1AE4-402B-993B-978B4CE31A9D}"= TCP:c:\world of warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{404E6597-9E1E-46AB-9F61-DDBD40F3BE22}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50A0C5A3-75C0-411F-952A-46BE65960C1B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/8/2009 1:33 PM 108289]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [9/15/2008 4:46 PM 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/17/2007 11:13 AM 523816]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/31/2009 12:35 AM 1153368]
S2 gupdate1c996bd85a554c0;Google Update Service (gupdate1c996bd85a554c0);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 4:21 PM 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2008 8:47 PM 29744]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 6:25 AM 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\At1.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2009-08-02 c:\windows\Tasks\At2.job
- c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 21:50]

2008-09-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 20:21]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 20:21]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4256181935-640867506-358008855-1005Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 22:46]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4256181935-640867506-358008855-1005UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ironmaiden.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\4d6whmf9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ironmaiden.com/
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Susanne\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtection.exe??????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\lxdccoms.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\System32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2009-08-03 17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 21:50
ComboFix2.txt 2009-07-28 21:00

Pre-Run: 170,741,321,728 bytes free
Post-Run: 172,953,317,376 bytes free

522 --- E O F --- 2009-07-31 20:33

after this last scan I am unable to use any of my browsers to log on to the internet (IE, Safari and Firefox). I had to log on via a different user account on my pc to post the combo fix log.
THe pop up said something like that this operation failed as the registry key for it is marked for deletion. ??? THat is scarey. I am glad that the ones for other users work. How can we fix this?

Did Spybot interfere? uninstall it and run Combofix again.

Spybot was turned off. A few days later somehow things seemed to have gone back to normal by itself.
I just updated and ran Malwarebytes and Spybot and both did not bring anything up.

Hello.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\program files\Fast Browser SearchP
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "FBSearch"=-
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Folder move failed. c:\program files\Fast Browser SearchP scheduled to be moved on reboot.
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FBSearch scheduled to be deleted on reboot.

OTM by OldTimer - Version 3.0.0.6 log created on 09122009_093956

Files moved on Reboot...
Folder move failed. c:\program files\Fast Browser SearchP scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\FBSearch scheduled to be deleted on reboot.

This was the move it report after the reboot.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
c:\program files\Fast Browser SearchP

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.