www2 websites

[Robynwolf]

I keep getting a Security Threat Analysis pop up window that says my computer is infected. I have McAfee Security Suite, I use CCleaner, Super Anti Spyware, Malwarebytes Anti-Malware....but this website keeps opening the pop up window.
http://www2.rootguard3.co.cc. I have researched this www2 and rootguard and cannot find anything. Can someone lead me to the direction to help me remove this. It certainly has to be in the registry somewhere but I cant find it. RobynWolf

 

[SharonFinLV]

Robyn, a friend of mine was just reporting the same issue, with one particular web site only. Checked the pop-up blocker, it was off somehow, and the only exception in his list that was not for work was that site as well. I have also found nothing online about that address or any part of it - other than your post here. I've recommended that he update and run his SuperAntiSpyware and MalwareBytes tonight and see what happens.

 

[Osiris]

Run thru my guide in my sig below and post the logs

 

[Robynwolf]

Thank you both for your input, Sharon it was comforting to know someone else has seen this, and I have to say, Osiris, I looked at your guide and quite frankly, it concerned me to load yet another spyware, adware, malware program, I have three already suggested to me, but this problem is reoccuring every day. Now I have a second one, I tried to block them both in my firewall options, they appeared again. I did a WhoIsThis IP trace one was from Paraguay; one was from Korea. I kept all the details on them both and maybe someone could use that for a malware list. I also found the www2 url on a malware list online. I ran HijackThis and would like to post my LOG? Can I do that here now and see if anyone here sees anything? I looked at it and I since I am not experienced with the REGISTRY, I would feel better if a professional looked. Thank you, these forums are a good thing, good work you all do. THANK YOU

 

[Osiris]

Post it up, if you ran the other programs lkisted in my site and posted their logs that will help as well.

 

[Robynwolf]

I was still uncomfortable Osiris, with loading more software at this time, so I will load the HiJack This log first, this log was run yesterday when I had at least 5 occurances of different IP address & url's pop ups for security threats. But today I have not have had one. Here is the HiIJackThis log from yesterday:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:36 PM, on 7/31/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Yahoo! Search Results
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RingCentral For Internet Explorer - {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100709134632.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: RingCentral For Internet Explorer - {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Users\Robin Bryson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robin Bryson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Robin Bryson\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10139 bytes

 

[Robynwolf]

Ok Osiris, I thank you, the ones highlighted....what do I do now?? I am totally clueless............

 

[Osiris]

I need you to run combofix and then malwarebytes and post their logs as well when finished. hijackthis will not fix this problem on its own

 

[Robynwolf]

Ok Osiris, tomorrow is my birthday, it is on the 7th, I am taking this as a good sign, so I'll do it.
thank you for all your support, it is majorly appreciated, I thought I knew a lot about computers but I pale in comparison to all of you people here, It is a good. thank you again. RobynWolf

 

[Robynwolf]

PAGE ONE
ComboFix 10-08-06.03 - Robin Bryson 08/07/2010 12:18:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1021.404 [GMT -4:00]
Running from: c:\users\Robin Bryson\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Robin Bryson\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-07 16:36 . 2010-08-07 16:37 -------- d-----w- c:\users\Robin Bryson\AppData\Local\temp
2010-08-07 16:36 . 2010-08-07 16:36 -------- d-----w- c:\users\Noel Coltrane\AppData\Local\temp
2010-08-07 16:36 . 2010-08-07 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-07 16:36 . 2010-08-07 16:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-07 00:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 00:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 00:27 . 2010-08-04 00:27 5840 ----a-w- c:\users\Robin Bryson\cc_20100803_202722.reg
2010-07-29 16:13 . 2010-07-29 16:13 590 ----a-w- c:\users\Robin Bryson\cc_20100729_121343.reg
2010-07-28 14:27 . 2010-07-28 14:28 680 ----a-w- c:\users\Administrator\AppData\Local\d3d9caps.dat
2010-07-26 23:01 . 2010-07-26 23:01 4566 ----a-w- c:\users\Robin Bryson\cc_20100726_190136.reg
2010-07-24 18:06 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-07-24 17:55 . 2010-07-24 17:55 -------- d-----w- c:\users\Robin Bryson\AppData\Local\Windows Live
2010-07-24 16:00 . 2010-07-24 16:00 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\SUPERAntiSpyware.com
2010-07-24 16:00 . 2010-07-24 16:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-24 15:59 . 2010-07-24 16:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-24 00:29 . 2010-07-24 00:29 3130 ----a-w- c:\users\Robin Bryson\cc_20100723_202924.reg
2010-07-19 19:24 . 2010-07-19 19:24 12200 ----a-w- c:\users\Robin Bryson\cc_20100719_152406.reg
2010-07-19 19:24 . 2010-07-19 19:24 -------- d-----w- c:\users\Robin Bryson\Backups
2010-07-19 17:16 . 2010-08-04 00:24 -------- d-----w- c:\program files\CCleaner
2010-07-19 16:47 . 2010-07-19 16:47 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\Malwarebytes
2010-07-19 16:47 . 2010-07-19 16:47 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 16:47 . 2010-08-07 00:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 19:02 . 2010-07-17 19:02 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\Leadertech
2010-07-17 18:59 . 2010-07-17 19:05 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\Logitech
2010-07-17 18:59 . 2010-07-17 19:00 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\Logishrd
2010-07-13 12:05 . 2010-07-13 12:09 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\Yahoo!
2010-07-13 12:02 . 2010-08-04 00:28 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 23:15 . 2010-07-29 23:15 388096 ----a-r- c:\users\Robin Bryson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-28 14:49 . 2008-11-24 18:57 -------- d-----w- c:\programdata\Yahoo!
2010-07-28 14:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-28 14:45 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-28 14:45 . 2007-04-10 07:57 -------- d-----w- c:\program files\Microsoft Works
2010-07-28 14:45 . 2007-04-10 07:41 -------- d-----w- c:\program files\Modem Diagnostic Tool
2010-07-28 14:45 . 2007-04-10 07:54 -------- d-----w- c:\program files\DellSupport
2010-07-28 14:45 . 2007-04-10 07:51 -------- d-----w- c:\program files\Dell Games
2010-07-28 14:45 . 2007-04-10 07:47 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-07-28 14:45 . 2007-04-10 07:55 -------- d-----w- c:\program files\BAE
2010-07-28 14:27 . 2008-12-12 02:25 86992 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 12:57 . 2010-01-27 19:40 -------- d-----w- c:\program files\Google
2010-07-24 22:36 . 2008-12-07 16:28 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-24 16:00 . 2010-07-24 16:00 63488 ----a-w- c:\users\Robin Bryson\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-24 16:00 . 2010-07-24 16:00 52224 ----a-w- c:\users\Robin Bryson\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-24 16:00 . 2010-07-24 16:00 117760 ----a-w- c:\users\Robin Bryson\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-19 14:00 . 2010-04-23 18:31 680 ----a-w- c:\users\Robin Bryson\AppData\Local\d3d9caps.dat
2010-07-19 13:57 . 2009-06-29 00:01 -------- d-----w- c:\program files\Common Files\Logishrd
2010-07-19 13:57 . 2009-06-29 00:03 -------- d-----w- c:\programdata\LogiShrd
2010-07-14 08:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 11:59 . 2009-01-30 19:54 -------- d-----w- c:\programdata\NOS
2010-07-13 11:48 . 2010-07-13 11:48 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb141F.tmp.exe
2010-06-28 21:51 . 2010-06-28 21:51 -------- d-----w- c:\program files\Microsoft LifeCam
2010-06-26 12:27 . 2009-01-18 00:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 02:17 . 2008-12-07 16:28 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-24 22:36 . 2008-12-27 17:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-24 22:36 . 2008-12-27 17:24 -------- d-----w- c:\program files\AVS4YOU
2010-06-24 22:29 . 2010-06-24 22:29 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\AVS4YOU
2010-06-24 22:29 . 2008-11-24 10:22 86992 ----a-w- c:\users\Robin Bryson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-12 19:40 . 2010-06-12 19:40 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\ComodoGroup
2010-06-12 13:07 . 2010-06-12 13:07 -------- d-----w- c:\program files\COMODO
2010-06-12 12:24 . 2010-05-26 22:19 -------- d-----w- c:\users\Robin Bryson\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-12 11:51 . 2009-01-18 00:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-01 00:32 . 2010-05-29 03:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 00:32 . 2010-05-29 03:13 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 00:32 . 2010-05-29 03:13 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-01 00:32 . 2010-05-29 03:13 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 00:32 . 2010-05-29 03:13 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-01 00:32 . 2010-05-29 03:13 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 00:32 . 2010-05-29 03:13 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 00:32 . 2010-05-29 03:13 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-06-01 00:32 . 2010-04-14 16:50 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 00:32 . 2010-04-14 16:50 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-26 17:06 . 2010-06-11 12:29 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 12:29 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-12 15:21 . 2009-10-03 13:26 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2007-04-10 15:28 . 2007-04-10 15:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 15:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 19:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-03 21:08 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2010-03-12 22:41 762736 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,8e,08,eb,7c,9b,ca,01