[Closed] Google and/or site redirection

[Bluecakes]

Hello,

For a month or so now i'd had an issue with redirecting links. If i were to search Google, links would load like normal until i clicked one to which i have a chance to be redirected else or a chance to actually load the site i clicked.

Open in New Window and Open in New Tab have no effect on said chance.

I also use Mozilla Firefox. Requested logs are below:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7045

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/8/2011 8:23:09 PM
mbam-log-2011-07-08 (20-23-09).txt

Scan type: Quick scan
Objects scanned: 169385
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\Users\bluecakes\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-08 20:41:15
Windows 6.1.7600
Running: ryge3bhp.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xFD 0xAD 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x5F 0x80 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x71 0xDD 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0xFD 0xAD 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x5F 0x80 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9A 0x71 0xDD 0xC1 ...

---- EOF - GMER 1.0.15 ----


DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Bluecakes at 20:28:04 on 2011-07-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2542 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Bluecakes\Downloads\ryge3bhp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{459C3A97-4160-4E89-966F-3B04FFB88DAA} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
TCP: Interfaces\{75E0359C-E101-4504-BAEA-53E57F163573} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{91377628-7637-4659-BC16-999F381B706E} : DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bluecakes\AppData\Roaming\Mozilla\Firefox\Profiles\mx3cwfi9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Users\Bluecakes\AppData\Roaming\Mozilla\Firefox\Profiles\mx3cwfi9.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-4-30 219360]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-4-30 68136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-25 2275720]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-4-30 65536]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-5-3 632792]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-08 10:19:55 -------- d-----w- C:\Users\Bluecakes\AppData\Roaming\Malwarebytes
2011-07-08 10:19:48 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-08 10:19:48 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-08 10:19:44 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-08 10:19:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-06 14:15:41 -------- d-----w- C:\sync
2011-07-06 13:50:10 -------- d-----w- C:\Users\Bluecakes\AppData\Roaming\Microsoft Corporation
2011-07-06 13:31:33 -------- d-----w- C:\Users\Bluecakes\AppData\Local\Temporary Projects
2011-07-06 05:57:25 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-06-25 03:54:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-22 00:01:13 -------- d-----w- C:\Users\Bluecakes\AppData\Roaming\LolClient
2011-06-21 23:50:43 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-06-21 23:50:43 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-06-21 23:50:42 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-06-21 23:48:11 -------- d-----w- C:\Riot Games
2011-06-21 15:48:15 -------- d-----w- C:\Program Files (x86)\League of Legends
2011-06-13 12:49:56 -------- d-----w- C:\Users\Bluecakes\AppData\Roaming\ts3overlay
2011-06-13 12:47:07 -------- d-----w- C:\Users\Bluecakes\AppData\Roaming\TS3Client
2011-06-13 12:45:31 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2011-06-12 10:50:35 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-06-12 10:49:50 280768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-06-12 10:49:50 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-06-12 10:49:49 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-06-12 10:49:48 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2011-06-11 02:36:29 -------- d-----w- C:\ProgramData\Skype Extras
.
==================== Find3M ====================
.
2011-07-08 04:21:47 25640 ----a-w- C:\Windows\gdrv.sys
2011-07-03 03:38:39 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-07-03 03:38:39 14848 ----a-w- C:\Windows\System32\slwga.dll
2011-07-03 03:38:39 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2011-04-14 11:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
============= FINISH: 20:29:21.82 ===============

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware problem.

Please do not put logs in quote or code box. It cuts down on the available space and also means I have to navigate within the box to see the entire log.
====================================================
You have some entries that indicate you may not be checking download screens for pre-checked boxes. Be sure to do that and uncheck the toolbars and other 'junk' that may be bundled with the download.
===================================================
You will have to temporarily uninstall AVG to run Combofix. They left no way for it to be fully disabled to run security scans. Do as follows:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
====================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===============================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[Bluecakes]

Hey Bobbye,

Thanks for taking the time to help me, here are the logs you requested:

ComboFix
---------------

ComboFix 11-07-11.02 - Bluecakes 07/11/2011 23:00:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2305 [GMT 10:00]
Running from: c:\users\Bluecakes\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bluecakes\AppData\Roaming\Adobe\plugs
c:\users\Bluecakes\AppData\Roaming\Adobe\shed
H:\Autorun.inf
J:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-11 13:06 . 2010-04-30 10:04 25640 ----a-w- c:\windows\gdrv.sys
2011-07-03 03:38 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-05-23 12:11 . 2011-05-23 12:09 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 12:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjMyNDI3NTA0LVZPUCszLVQxLVVDQUxMKzEtVUNBTEwyKzItVEI4KzItRkwrOC1RSVgxKzQtRjEwTTEwQysyLVgyMDEwKzItTElDKzIyLVNQMSsxLVNQMVRCKzEtRkwxMCsxLVNQMVMyKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzA&prod=90&ver=10.0.1388" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va002;X6va002;c:\users\BLUECA~1\AppData\Local\Temp\00283D3.tmp [x]
R3 X6va003;X6va003;c:\users\BLUECA~1\AppData\Local\Temp\003A9B6.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-16 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-05-03 03:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=15442&l=dis
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
FF - ProfilePath - c:\users\Bluecakes\AppData\Roaming\Mozilla\Firefox\Profiles\mx3cwfi9.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\BLUECA~1\AppData\Local\Temp\00283D3.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\BLUECA~1\AppData\Local\Temp\003A9B6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-07-11 23:13:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 13:13
.
Pre-Run: 121,756,422,144 bytes free
Post-Run: 121,501,880,320 bytes free
.
- - End Of File - - 8ECC05472303A01FA180AD388981D995



ESET
--------

C:\Langames\Trackmania United Forever\Trackmania United Forever Full.iso probably a variant of Win32/Agent.JWALVLQ trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\23db9a00-2e167d00 multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-7b707616 Java/TrojanDownloader.OpenStream.NBS trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\747d068f-66a10d20 multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\281e7c9f-346b6250 multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6e7a3762-118abb7f multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-43ff6edf multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\7a7b3066-72686c67 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7682016d-73032737 multiple threats
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7bf72d70-5ee7aa65 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\73190831-59aa7d22 a variant of Java/Exploit.CVE-2010-4452.A trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7c18d505-3a2ed31f a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bluecakes\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\7c18d505-6ebd8738 a variant of Java/TrojanDownloader.OpenStream.NCE trojan
C:\Users\Bluecakes\Downloads\RegistryMechanic_10.0.0.134.rar probably a variant of Win32/Agent.GMCZCJO trojan
D:\ggf\Bulletstorm\sr-bustm.iso a variant of Win32/Packed.VMProtect.AAA trojan
H:\Etc\Tools\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application
H:\Games\Serious Sam 2\Install\rld-ss2.iso probably a variant of Win32/Agent.NFOIATG trojan
H:\Games\Splinter Cell - Conviction\Tom.Clancys.Splinter.Cell.Conviction.Multiplayer.Crack-SKIDROW\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan

 

[Bobbye]

You're welcome. There is another log from DDS. It's named Attach.txt Please find it an include in your next post. Do not zip it.

Can you tell me please what these drives are?
H:\Autorun.inf
J:\install.exe

If one-or both- are flash drives, they need to be disinfected: Please use the following:

• Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
• Install and run it.
• Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

==========================================
For Eset entries, first clear Java cache::

1. . Click Start > Control Panel.
2. . Double-click the Java icon
   
   in the Control Panel.
3. . Click Settings under Temporary Internet Files.
   http://www.java.com/en/img/download/5000020303.jpg[/b]
   There are three options on this window to clear the cache.(Version dependent)
   [o]. Delete Files
   [o]. View Applications
   [o]. View Applets
   [*]. Click OK on Delete Temporary Files window.
   Note: This deletes all the Downloaded Applications and Applets from the cache.
   [*]. Click OK on Temporary Files Settings window. [/list]
   
   [b]The Java is out of date. You have v6u22 and the current is v6u26. This could have contributed to the malware in the Java cache. Please update> [url=https://www.techspot.com/downloads/6463-java-se.html][b][color=blue]Java Updates[/b][/color][/url] Then uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
   
   [b]Note: Uncheck 'Install Yahoo Toolbar' on the download screen [u]before[/u] you do the update.[/b]
   ======================================
   Then run this: Please download [url=http://oldtimer.geekstogo.com/OTM.exe][b][color=blue]OTMovit by Old Timer[/b][/color][/url] and save to your desktop.
   [list]
   [*] Double-click [b]OTMoveIt3.exe[/b] to run it. (Vista users, please right click on [b]OTMoveit3.exe[/b] and select "Run as an [b]Administrator[/b]")
   [*][b]Copy the file paths below to the clipboard[/b] by highlighting [b]ALL[/b] of them and [b]pressing CTRL + C[/b] (or, after highlighting, right-click and choose [b]Copy[/b]):
   [CODE]
   :Files
   C:\Langames\Trackmania United Forever\Trackmania United Forever Full.iso
   C:\Users\Bluecakes\Downloads\RegistryMechanic_10.0.0.134.rar
   D:\ggf\Bulletstorm\sr-bustm.iso
   H:\Etc\Tools\MsgPlusLive-481.exe
   H:\Games\Serious Sam 2\Install\rld-ss2.iso
   H:\Games\Splinter Cell - Conviction\Tom.Clancys.Splinter.Cell.Conviction.Multiplayer.Crack-SKIDROW\ubiorbitapi_r2.dll
   
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot][/CODE]
   
   [*] Return to OTMoveIt3, right click in the [b]"Paste Instructions for Items to be Moved"[/b] window and choose [b]Paste[/b].
   [*]Click the red [b]Moveit![/b] button.
   [*]A log of files and folders moved will be created in the [b]c:\_OTMoveIt\MovedFiles[/b] folder in the form of Date and Time ([b]mmddyyyy_hhmmss.log[/b]). Please open this log in Notepad and post its contents in your next reply.
   [*]Close [b]OTMoveIt3[/b]
   [/list]If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose [b]Yes.[/b]
   ==========================================
   Please run this also: Download [url=http://downloads.malwareremoval.com/CKScanner.exe][b][color=blue]CKScanner[/b][/color][/url] and save to your desktop.
   [list]
   [*] Doubleclick [b]CKScanner.exe[/b] and click [b]Search For Files[/b].
   [*] When the cursor hourglass disappears, click [b]Save List To File.[/b]
   [*] A message box will verify that the file is saved.
   [*] Double-click the [b]CKFiles.txt icon[/b] on your desktop and copy/paste the contents
   in your next reply. [/list]
   =====================================
   
   The following drive have malware: C, H, J, D. Please identify the drives.
   I suspect you are downloading from torrent sites. This is a straight road to malware.
   
   I will finish reviewing Combofix tomorrow and set up script to remove some entries.

 

[Bluecakes]

Hey Bobbye,

Not 100% on the Autorun.inf but the J:\install.exe program is the installer for the Seagate software that came with my external hard drive.

Drive C is my operating system hard drive so OS, Downloads and Games
Drive D is the spare hard drive inside my tower so it stores all kinds of thing

Drives H and J are my external drives so they store everything from my Anime to my Tv series etc

My apologies for not attaching Attach.log previously, here it is:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/30/2010 7:40:40 PM
System Uptime: 7/8/2011 2:20:43 PM (6 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-890GPA-UD3H
Processor: AMD Phenom(tm) II X4 945 Processor | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 119.654 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 35.034 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)
H: is FIXED (NTFS) - 1397 GiB total, 150.239 GiB free.
I: is CDROM ()
J: is FIXED (NTFS) - 1862 GiB total, 307.256 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341565931343435353734&2
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341565931343435353734&2
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&2BE2F00&0&0050
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_03\4&2BE2F00&0&0050
Service: RTL8167
.
==== System Restore Points ===================
.
RP142: 6/22/2011 9:33:42 PM - Made by Registry Mechanic
RP143: 6/25/2011 7:35:13 PM - Made by Registry Mechanic
RP144: 7/3/2011 7:00:49 PM - Made by Registry Mechanic
RP145: 7/4/2011 7:00:51 PM - Made by Registry Mechanic
RP146: 7/7/2011 7:00:57 PM - Made by Registry Mechanic
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Alien Swarm
Apple Application Support
Apple Software Update
Ask Toolbar
Assassin's Creed II
Battlefield: Bad Company 2
BitTorrent
Browser Configuration Utility
Call of Duty: Black Ops - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Combined Community Codec Pack 2008-09-21 16:18
DisplayFusion 3.1.8.0
EasyBits GO
EasySaver B9.1214.1
Garry's Mod
GhostMouse
Gigabyte Raid Cinfigurer
Hero Editor V0.96
Heroes of Newerth
HydraVision
ImTOO DVD Ripper Platinum 5
iPhone Explorer 2.100
iPhoneBrowser
Java Auto Updater
Java(TM) 6 Update 22
Killing Floor
League of Legends
Left 4 Dead 2
LiveUpdate 3.2 (Symantec Corporation)
Logitech Touch Mouse Server 1.0
LogMeIn Hamachi
Magicka
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox (3.6.18)
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA PhysX
Pando Media Booster
Portal
Prototype(TM)
PunkBuster Services
QuickTime
Real Alternative 1.9.0
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Registry Mechanic 10.0
RIFT
Security Update for CAPICOM (KB931906)
Skype™ 5.3
Spiral Knights
Steam
Symantec Ghost Standard Tools
TeamSpeak 3 Client
TmUnitedForever
Trillian
Ubisoft Game Launcher
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 0.9.9
Windows Live Sign-in Assistant
WinRAR archiver
XBMC
.
==== Event Viewer Messages From Past Week ========
.
7/8/2011 8:25:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
7/8/2011 2:21:54 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.
7/4/2011 8:40:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800497165f, 0xfffff88009390c10, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070411-42791-01.
.
==== End Of File ===========================

------------------------------------------

I have run Panda USB Vaccine on Computer and both External hard drives.

------------------------------------------

OTMoveIT actually moved all the files to a folder on my C drive and then after 30 seconds or so windows crashed, i tried the second time running as an administrator but it still crashed little bit after the program closed, below is a screenshot of the folders and info made by the program as there is no log file in sight.

------------------------------------------

This is the log to CKFiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\langames\demigod\bindata\maps\map05\textures\map05_tile_cracked_d.dds
c:\langames\demigod\bindata\maps\map05\textures\map05_tile_cracked_n.dds
c:\langames\demigod\bindata\maps\map05\textures\map05_tile_cracked_s.dds
c:\langames\demigod\bindata\maps\map05\textures\map05_top_crackmask.dds
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\nature\ground\dirt01_cracked_nrm_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked01_0.xnb
c:\program files (x86)\steam\steamapps\common\magicka\content\levels\textures\surface\structure\stone\wall_cracked_nrm_0.xnb
c:\users\bluecakes\downloads\adobe_photoshop_cs2_keygen-paradox.rar
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen.rar
c:\users\bluecakes\downloads\removewat.2.2.5.hazar.carter67.rar
c:\users\bluecakes\downloads\1.10_item_vault_version_1.2\1.10 item vault version 1.2\uniques\exceptional\weapons\staves\ribcracker quarterstaff.d2i
c:\users\bluecakes\downloads\1.10_item_vault_version_1.2\1.10 item vault version 1.2\uniques\exceptional\weapons\swords\cloudcrack gothic sword.d2i
c:\users\bluecakes\downloads\6203b4beadfec93d0d34a9d3f6b9d9c8ec7\keygen.nfo
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\dvd-ripper-platinum5.exe
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\file list.txt
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\imtoo.dvd.ripper.platinum5.keygen.tlg.[x-ray].exe
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\rapidshare links apps, movies, music, tv season.url
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\read me first!!!.txt
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\readme.htm
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\readme.txt
c:\users\bluecakes\downloads\imtoo_dvd_ripper_platinum_5.0.46.1219_incl_keygen\tlg.nfo
c:\users\bluecakes\downloads\registrymechanic_10.0.0.134\registrymechanic_10.0.0.134\keygen+serial\serial.txt
c:\users\bluecakes\downloads\removewat.2.2.5.hazar.carter67\removewat.2.2.5.hazar.carter67\readme.txt
c:\users\bluecakes\downloads\removewat.2.2.5.hazar.carter67\removewat.2.2.5.hazar.carter67\removewat.exe
c:\users\bluecakes\downloads\removewat.2.2.5.hazar.carter67\removewat.2.2.5.hazar.carter67\removewat225.jpg
c:\users\bluecakes\downloads\removewat.2.2.5.hazar.carter67\removewat.2.2.5.hazar.carter67\removewat_2.2.5.txt
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.ZZ.11.OVLBOI
----- EOF -----

 

[Bobbye]

The image doesn't help me as I don't know what's in those files. I can have you run it again later.

Keygen/Crack Warning:

I note that you have visited crack/keygen sites - using illegal software.You have installed some programs that appear on crack/keygens sites to get access to the cracks/keygens. They install the malware on your system.

If you visit crack sites, use cracks/keygens, you'll ALWAYS get infected.

The danger is not only from the crack/keygen itself, but because one single click entering that site may already download and install a huge malware bundle.

These malware bundles may contain a key logger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.

The malware can do damage a system badly enough that repair may not be an option and the only solution will be to reformat/reinstall. So this "free" software really isn't "free" at all>> it may cost you privacy, your accounts and ultimately your computer system.

Adobe Photo shop CS2> pirated
DVD Ripper Platinum> Pirated
Registry Mechanic> Pirated
And downloads to all of the above.

They will have to be uninstalled of you want to continue support. And this leads me to the question>> Is the operating system legitimate?

 

[Bluecakes]

The operating system is completely Legit.

I have removed the programs and the installers in my downloads folder.

 

[Bobbye]

Please update and repeat the Eset scan so I can make sure all entries were removed.

 

[Bluecakes]

I've run ESet again with the same settings, it came up with a few of the same results but without the applications i've removed and i also cleared the Java cache so that didnt come up this time.

Not sure wether you want me to just delete these files or use some specific application to do it instead.

All but MsgPlusLive are games i've got from friends, MsgPlusLive is something i've downloaded from the internet.

D:\ggf\Bulletstorm\sr-bustm.iso a variant of Win32/Packed.VMProtect.AAA trojan
H:\Etc\Tools\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application
H:\Games\Serious Sam 2\Install\rld-ss2.iso probably a variant of Win32/Agent.NFOIATG trojan
H:\Games\Splinter Cell - Conviction\Tom.Clancys.Splinter.Cell.Conviction.Multiplayer.Crack-SKIDROW\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan

 

[Bobbye]

This download was pirated:

H:\Games\Splinter Cell - Conviction\Tom.Clancys.Splinter.Cell.Conviction.Multiplayer.Crack-SKIDROW\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan

Whether you downloaded from the internet or your friends, both had malware:

H:\Etc\Tools\MsgPlusLive-481.exe a variant of Win32/Adware.CiDHelp application

This is a copied/burned version from somewhere- file sharing?

H:\Games\Serious Sam 2\Install\rld-ss2.iso probably a variant of Win32/Agent.NFOIATG trojan

And this is another burned copy from somewhere:

D:\ggf\Bulletstorm\sr-bustm.iso a variant of Win32/Packed.VMProtect.AAA trojan

===========================================
A 'packed' file is a file in a compressed format. While this can be done to use less memory for a legitimate files a 'packed' file can only be read by the program that 'packed' it because of special codes included.

A 'packed' malware file therefore, such as this from the pirated program:
Win32/Packed.VMProtect.AAA trojan and same from a burned program, may contain file infectors such as Sality or Ramnit or even Virus.
============================================
I'm going to move these files, then withdraw my support due to the amount of piracy:

============================================
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Files 
  D:\ggf\Bulletstorm\sr-bustm.iso 
  H:\Etc\Tools\MsgPlusLive-481.exe 
  H:\Games\Serious Sam 2\Install\rld-ss2.iso 
  H:\Games\Splinter Cell - Conviction\Tom.Clancys.Splinter.Cell.Conviction.Multiplayer.Crack-SKIDROW\ubiorbitapi_r2.dll 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.