TechSpot

Is my computer infected?

By Absurdistof
Feb 25, 2011
  1. Hey guys, quick question.

    My computer's been acting fine until yesterday (haven't been connected to internet via that computer for two days prior), when it started hanging after about 3 minutes of being logged in. Everything I open either takes many minutes to open (even pictures) or just crashes (like the performance monitor report).

    The Event Viewer yielded this:
    Source: Service Control Manager
    Event ID: 7026
    "The following boot-start of system-start driver(s) failed to load:
    AFD
    DfsC
    discache
    NetBIOS
    NetBT
    nsiproxy
    Psched
    rdbss
    spldr
    tdx
    vwififlt
    Wanarpv6
    WfpLwf"

    I searched the quoted terms on google, with quotes, and found this:
    http://www.techspot.com/vb/topic160430.html

    I'd love to see my computer in good shape again, but I would like to know if this is the right forum for my problem, or if it's the other forum that I need to go to.

    Thanks guys :)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!
    I have deleted your duplicate thread. You do not give enough information. A point: if you were starting in Safe Mode, the processes you mentioned would not start.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Absurdistof

    Absurdistof TS Rookie Topic Starter

    Sorry for the double post, I didn't see the first one pop up so I assumed I had to post in the welcome section before anything else :)

    MALWARE LOG

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5876

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    2/25/2011 10:01:09 AM
    mbam-log-2011-02-25 (10-01-09).txt

    Scan type: Quick scan
    Objects scanned: 163357
    Time elapsed: 2 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 84
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 32
    Files Infected: 158

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{57ABA38E-6535-48F3-99FD-EFDC62137C78} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2E8E2100-98CB-4AAC-9480-63A281ACAFF5} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{D335D84D-61D8-4B5F-9C4E-067DC8B27ED5} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{42C23154-00FA-4A93-9DE9-3EB523CFFFF6} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AIMActiveXDLL.AIMHelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AIMActiveXDLL.AIMHelper (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C28A0312-C403-417b-A425-A915BC0519CD} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3FB17508-0BF4-4FDE-845A-323A1052957C} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3FB17508-0BF4-4FDE-845A-323A1052957C} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{305C6CB1-9D31-4489-881D-5A8E2DC3FE14} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E79B1445-DFEA-4BEF-A786-E0C0F33C863B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.Smrt-ShprCtrl.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.Smrt-ShprCtrl (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4CF088BD-BE95-40A5-BE9B-677F8683EDEA} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonA.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonA (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{51B67A88-02D0-43CB-8D12-5CA3E2D4CF49} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0514C9B0-E4C6-4D6B-A3A6-B38BC280B115} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopButtonHandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopButtonHandler (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6FAC4823-815E-4361-836E-46D65ED2550B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButton.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButton (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.HbInfoBand.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.HbInfoBand (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{911F251E-34FD-465E-B6CE-DF00FF49A6BE} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.HbAx.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.HbAx (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D44CC2FB-77B8-48A5-A5DC-F961F2D258FB} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopOEAddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F02C0AE1-D796-42C9-81E1-084D88F79B8E} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2850BDC7-2330-4E31-9FA0-88268846539A} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\GnucDNA.Core (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{FE4F1649-8909-49C0-87BA-24D65120DB46} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonB.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Smart-Shopper.IEButtonB (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{022C671F-6CBA-4A03-A8F9-3B3A361B235A} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{8AD815FC-607B-419F-8B70-D345A507A54E} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90F62EF7-58D1-4E8E-BB3E-CFB10BA9E47B} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEBF} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4DD1-A69A-8C56BCC7BEC0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.DLL (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} (Adware.DoubleD) -> Value: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224E955-00E9-4613-A844-CE69FCCAAE91} (Adware.DoubleD) -> Value: {2224E955-00E9-4613-A844-CE69FCCAAE91} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files (x86)\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\smart-shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\program files (x86)\smart-shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\program files (x86)\smart-shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\smartshopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900 (Adware.DoubleD) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files (x86)\smart-shopper\Bin\2.5.1\smrt-shpr.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\gdiplus.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\mfc80.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\microsoft.vc80.mfc.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\skincrafterdll.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\stbapphelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_dailyvideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_smiley_config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_smiley_tellafriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\module_web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\productinfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\searchenginelist.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\toolbarlayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\updatecentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\updatecentrebk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\urldynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Data\urlstatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\component_combobox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_dailyvideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\module_web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtndefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtndisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtndisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtndisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtndisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnglitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnglitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnglitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnglitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnoption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnsmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnsmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnsmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnsmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtntellfd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtntellfd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtntellfd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtntellfd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnwink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnwink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnwink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Icons\tbbtnwink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\tellafriendskin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\tellafriendskin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\DoubleD\gamingharbor toolbar\4.2.2.21960\Skins\toastskin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\components\npffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\internet saving optimizer\3.6.3.4500\FF\components\npffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\components\hpffaddon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\components\hpffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\media access startup\1.5.5.900\FF\components\hpffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\smart-shopper\Uninst.exe (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\Data\urldynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files (x86)\system search dispatcher\1.3.5.960\Data\urlstatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\smartshopper\uninstall smartshopper.lnk (Adware.SmartShopper) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500\np_20100131-210354.355.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500\np_20100131-210408.709.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\internet saving optimizer\3.6.3.4500\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100131-210354.226.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100131-210408.705.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100502-223225.965.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100502-223545.811.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100502-223752.135.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100502-223752.949.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041320.151.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041338.036.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041338.723.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041436.959.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041437.615.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041604.838.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-041605.541.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100615-102430.006.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100704-205203.148.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100704-205204.181.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-053004.852.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-053006.805.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-053802.301.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-121111.756.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-121115.374.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100710-121514.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100812-161400.248.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100812-161402.747.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100915-130745.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20100926-122101.744.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20101005-165839.043.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20101005-165841.025.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20101012-190747.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20101012-190749.380.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\hjhp_20110218-163739.558.log (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\absurdist\local settings\application data\media access startup\1.5.5.900\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

    My GMER logs come up blank in notepad. I'm just opening it, it quick scans, I hit save and nothing. I'm hitting 'scan' and will post the log in the next post (I think it'll be quite long)
     
  4. Absurdistof

    Absurdistof TS Rookie Topic Starter

    DDS

    DDS - DDS


    DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
    Run by Absurdist at 10:35:20.99 on Fri 02/25/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.5266 [GMT -8:00]

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Absurdist\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Absurdist\Desktop\AntiVirus\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
    uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: AutorunsDisabled - No File
    BHO: Symantec NCO BHO - No File
    BHO: Babylon IE plugin - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - C:\Program Files (x86)\My.Freeze.com Toolbar\freeze_us.dll
    TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
    EB: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\ABSURD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\DESKTO~1.LNK - C:\Program Files (x86)\vghd\vghd.exe
    StartupFolder: C:\Users\ABSURD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\dropbox.lnk - C:\Users\Absurdist\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\ABSURD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\GAMERA~1.LNK - C:\Users\Absurdist\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
    StartupFolder: C:\Users\ABSURD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
    StartupFolder: C:\Users\ABSURD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} -
    TB-X64: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    EB-X64: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\ABSURD~1\AppData\Roaming\Mozilla\Firefox\Profiles\bknphhct.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
    FF - component: C:\Users\Absurdist\AppData\Roaming\Mozilla\Firefox\Profiles\bknphhct.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Absurdist\AppData\Roaming\Mozilla\Firefox\Profiles\bknphhct.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Users\Absurdist\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-25 505176]
    S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-2-25 280408]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-19 203264]
    S2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-12-18 464264]
    S2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-12-18 234888]
    S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-2-25 22360]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-2-25 64344]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-2-25 42184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-7 24652]
    S2 wlcrasvc;Live Mesh Remote Desktop;C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-1-22 51024]
    S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2009-10-12 46824]
    S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-9-19 7767040]
    S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-19 279040]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-19 116240]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-14 1038088]
    S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms [2008-9-9 25888]
    S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-1-22 10576]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2009-5-6 639512]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-23 1255736]
    S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-22 79360]
    S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-6-17 192512]

    =============== Created Last 30 ================

    2011-02-25 17:57:05 -------- d-----w- C:\Users\ABSURD~1\AppData\Roaming\Malwarebytes
    2011-02-25 17:57:01 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-25 17:57:01 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-25 17:56:58 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-25 17:56:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-25 17:51:25 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-02-25 17:51:25 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-02-25 17:51:22 40648 ----a-w- C:\Windows\avastSS.scr
    2011-02-25 17:51:20 -------- d-----w- C:\Program Files\AVAST Software
    2011-02-25 17:51:20 -------- d-----w- C:\PROGRA~3\AVAST Software
    2011-02-14 04:30:39 181608 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
    2011-02-11 05:24:35 -------- d-----w- C:\Program Files (x86)\Conduit
    2011-02-11 05:24:33 -------- d-----w- C:\Program Files (x86)\ConduitEngine
    2011-02-11 05:24:31 -------- d-----w- C:\Program Files (x86)\BitTorrentBar
    2011-01-31 08:04:15 -------- d-----w- C:\Program Files\iTunes
    2011-01-31 08:04:15 -------- d-----w- C:\Program Files\iPod
    2011-01-30 07:31:22 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

    ==================== Find3M ====================

    2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2011-01-02 19:27:40 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-01-02 19:27:40 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-01-02 19:25:46 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-01-02 05:55:33 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

    ============= FINISH: 10:35:51.97 ===============

    DDS - ATTACH



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/17/2010 10:37:25 AM
    System Uptime: 2/25/2011 10:02:06 AM (0 hours ago)

    Motherboard: PEGATRON CORPORATION | | Burbank
    Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz | CPU 1 | 2666/333mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 585 GiB total, 301.411 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.561 GiB free.
    E: is CDROM ()
    F: is FIXED (FAT32) - 233 GiB total, 180.404 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr

    ==== System Restore Points ===================

    RP129: 1/30/2011 10:29:42 PM - Installed Windows Media Player Firefox Plugin
    RP130: 2/8/2011 12:14:57 AM - Scheduled Checkpoint
    RP131: 2/9/2011 3:00:11 AM - Windows Update
    RP132: 2/16/2011 4:28:16 AM - Scheduled Checkpoint
    RP133: 2/16/2011 10:38:39 PM - Installed Java(TM) 6 Update 24

    ==== Installed Programs ======================

    7-Zip 4.65
    ActiveCheck component for HP Active Support Library
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AIM 6
    AIM Toolbar
    Akamai NetSession Interface
    Alien Swarm
    Alien Swarm - SDK
    Apple Application Support
    Apple Software Update
    Ares P2P Powered by AdVantage
    ATI Catalyst Registration
    Audacity 1.2.6
    Audiosurf Demo
    Auslogics BoostSpeed
    Auslogics Disk Defrag
    avast! Free Antivirus
    Battlefield: Bad Company 2
    BioShock 2
    BitTorrent
    BitTorrentBar Toolbar
    Blur
    Borderlands
    Call of Duty: Black Ops - Multiplayer
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Connect
    Convert VOB to AVI 1.7
    Cozi
    Creative Audio Control Panel
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    CyberLink DVD Suite Deluxe
    Dead Space 2
    Dead Space™
    DivX Player
    DivX Setup
    Download Updater (AOL LLC)
    Dropbox
    DVD X Player Professional V3.0
    EA Download Manager
    FAKEFACTORY Cinematic Mod V10
    Fallout 3 - Game of the Year Edition
    Fallout 3 - The Garden of Eden Creation Kit
    Fraps (remove only)
    Free M4a to MP3 Converter 6.1
    Game Booster
    GamingHarbor Toolbar
    Garry's Mod
    GCFScape 1.7.1
    Google Chrome
    Google Toolbar for Internet Explorer
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life Decay PC 1.0
    Half-Life: Blue Shift
    Half-Life: Opposing Force
    Host OpenAL
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Easy Backup
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Recovery Manager RSS
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    iPhone Configuration Utility
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Killing Floor
    kuler
    LabelPrint
    Left 4 Dead 2 Authoring Tools
    Left 4 Dead 2 Demo
    LightScribe System Software 1.14.25.1
    LightScribe Template Labeler
    LimeWire 5.3.6
    Live Mesh
    Livestream Procaster
    Logger Pro 3
    Logger Pro 3.7.0.1
    Malwarebytes' Anti-Malware
    Mass Effect
    MediaCoder 0.6.1
    Microsoft Chart Controls for Microsoft .NET Framework 3.5
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Live Search Toolbar
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mirror's Edge
    Mozilla Firefox (3.6.3)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble and Murmur
    muvee Reveal
    My.Freeze.com Toolbar
    NVIDIA PhysX
    OpenAL
    OpenOffice.org 3.2
    oRipa Screen Recorder
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Portal
    Power2Go
    PowerDirector
    PunkBuster Services
    Python 2.5.2
    QuickTime
    S.T.A.L.K.E.R.: Shadow of Chernobyl
    Safari
    Screen Recorder Gold version 2.6
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Skype™ 4.1
    Sound Blaster X-Fi
    Source SDK
    Stalker Complete 2009 v1.4.4
    Steam
    Suite Shared Configuration CS4
    Sumatra PDF reader
    Sven Co-op 4.0B
    Tag - IGF Professional 2008
    Team Fortress 2
    Total Screen Recorder Gold 1.5
    Trapcode 3DStroke
    Trapcode EchoSpace
    Trapcode Form
    Trapcode Horizon
    Trapcode Lux
    Trapcode Particular v2
    Trapcode Shine
    Trapcode SoundKeys
    Trapcode Starglow
    Unreal Tournament 3
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Viewpoint Media Player
    Virtual DJ - Atomix Productions
    Virtuosa
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 0.9.8a
    VoiceOver Kit
    VTFEdit 1.2.5
    Vuze
    Vuze Toolbar
    WeatherBug
    Windows Media Player Firefox Plugin
    Winferno Registry Power Cleaner
    WinFile
    World of Goo
    Xobni
    Xobni Core

    ==== Event Viewer Messages From Past Week ========

    2/25/2011 9:51:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/25/2011 9:44:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    2/25/2011 10:35:00 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/25/2011 10:02:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/25/2011 10:02:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/25/2011 10:02:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
    2/25/2011 10:02:29 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0011500082A3" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
    2/25/2011 10:02:28 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 9:06:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:54:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/24/2011 8:54:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:53:47 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2011 8:53:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2011 8:53:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2011 8:53:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2011 8:53:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2011 8:20:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2/24/2011 6:44:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/24/2011 6:42:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
    2/23/2011 9:31:39 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The media is write protected.
    2/23/2011 9:30:17 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/23/2011 9:25:22 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/23/2011 5:22:45 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
    2/23/2011 11:18:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    2/23/2011 11:18:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    2/23/2011 11:17:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    2/20/2011 3:16:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    2/20/2011 3:16:22 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    ==== End Of File ===========================

    Sorry, the GMER is taking a while. Will post next.
     
  5. Absurdistof

    Absurdistof TS Rookie Topic Starter

    GMER said no system changes were found.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The system is heavily infected. Please uninstall the following while I'm helping clean the system:
    Ares P2P Powered by AdVantage
    BitTorrent
    BitTorrentBar Toolbar
    GamingHarbor Toolbar
    My.Freeze.com Toolbar
    Vuze
    Vuze Toolbar

    It's useless to try to clean with these file sharing and ad programs running.
    ========================================
    I suspect that the reason you're slow and crashing is 1. Because the system is heavily infected and 2. You have too many processes running. How much RAM do you have installed?

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =====================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. Absurdistof

    Absurdistof TS Rookie Topic Starter

    Quick update, ESET has been working for the past hour+, so I'll edit this post when it finishes and when I get combofix completed. Thanks again for the help, I've deleted those programs you mentioned, and my computer has 6.0 GB RAM. If there's any way you know I could cut down on processes I'd love to do that as well.

    Will edit when I have the logs.

    ESET log.txt

    ESETSmartInstaller@High as downloader log:
    all ok
    ESETSmartInstaller@High as downloader log:
    all ok
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=47f6fac27b2d6e43af7ed2f1e8ef5bd2
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-02-25 10:53:09
    # local_time=2011-02-25 02:53:09 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=5893 16776574 100 94 7834100 50210648 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=387629
    # found=11
    # cleaned=0
    # scan_time=7191
    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe Win32/Adware.DoubleD.AM application (unable to clean) 00000000000000000000000000000000 I
    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi a variant of Win32/Adware.DoubleD.AL application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Absurdist\Documents\LimeWire\Incomplete\T-5860802-headhunterz muzical revolution.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi]Full+Plug-in.iso a variant of Win32/Injector.AWK trojan (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe Win32/Adware.DoubleD.AM application (unable to clean) 00000000000000000000000000000000 I
    C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi a variant of Win32/Adware.DoubleD.AL application (unable to clean) 00000000000000000000000000000000 I
    F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
    F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I

    ESET list of infected files (exported from end screen)

    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe Win32/Adware.DoubleD.AM application
    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi a variant of Win32/Adware.DoubleD.AL application
    C:\Users\Absurdist\Documents\LimeWire\Incomplete\T-5860802-headhunterz muzical revolution.au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi]Full+Plug-in.iso a variant of Win32/Injector.AWK trojan
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe Win32/Adware.DoubleD.AM application
    C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi a variant of Win32/Adware.DoubleD.AL application
    F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe a variant of Win32/Keygen.AR application
    F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe a variant of Win32/Keygen.AR application

    **Will update with results from Combofix
     
  8. Absurdistof

    Absurdistof TS Rookie Topic Starter

    ComboFix results

    ComboFix


    ComboFix 11-02-24.05 - Absurdist 02/25/2011 15:42:32.1.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.5144 [GMT -8:00]
    Running from: c:\users\Absurdist\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\users\Absurdist\AppData\Roaming\AdVantage
    c:\users\Absurdist\AppData\Roaming\AdVantage\about_AdVantage.mht
    c:\users\Absurdist\AppData\Roaming\AdVantage\advantage.cfg
    c:\users\Absurdist\AppData\Roaming\AdVantage\advantage.mht
    c:\users\Absurdist\AppData\Roaming\AdVantage\diff.cfg.bb8e8ed02fcd958e8537dd5165f758cb.29a0881b34fdc1039411bf8999c1ef87
    c:\users\Absurdist\AppData\Roaming\AdVantage\diff.cfg.bb8e8ed02fcd958e8537dd5165f758cb.a5242a329c64482ff8faddf35fefd87c
    c:\users\Absurdist\AppData\Roaming\AdVantage\diff.cfg.e4931d773d4474a878306225c71bdfe9.3fef0fb886c9592362b8ba929aad0f67

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-25 to 2011-02-25 )))))))))))))))))))))))))))))))
    .

    2011-02-25 23:49 . 2011-02-25 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-25 23:37 . 2011-02-25 23:39 -------- d-----w- C:\32788R22FWJFW
    2011-02-25 23:35 . 2011-02-23 14:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-02-25 23:35 . 2011-02-23 14:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-02-25 23:35 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-25 23:35 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-02-25 23:35 . 2011-02-23 14:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-02-25 17:51 . 2011-02-25 17:51 -------- d-----w- c:\program files\AVAST Software
    2011-02-14 04:30 . 2011-02-14 04:30 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
    2011-01-31 08:04 . 2011-01-31 08:04 -------- d-----w- c:\program files\iTunes
    2011-01-31 08:04 . 2011-01-31 08:04 -------- d-----w- c:\program files\iPod
    2011-01-30 07:31 . 2011-01-30 07:31 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 05:40 . 2011-01-23 00:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-01-02 19:27 . 2010-03-06 06:51 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-01-02 19:27 . 2010-03-06 05:16 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-01-02 19:25 . 2010-03-06 05:16 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-01-02 05:55 . 2010-03-06 05:16 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
    2011-02-23 15:04 814160 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"= "c:\program files\AVAST Software\Avast\aswWebRepIE.dll" [2011-02-23 814160]

    [HKEY_CLASSES_ROOT\clsid\{8e5e2654-ad2d-48bf-ac2d-d17f00898d06}]
    [HKEY_CLASSES_ROOT\Avast.WrcBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD3AF781-AF1F-4400-9A30-15470BE43AD9}]
    [HKEY_CLASSES_ROOT\Avast.WrcBar]

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

    c:\users\Absurdist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
    DesktopVideoPlayer.LNK - c:\program files (x86)\vghd\vghd.exe [N/A]
    dropbox.lnk - c:\users\Absurdist\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-12-30 21968784]
    gameranger.lnk - c:\users\Absurdist\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [N/A]
    LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
    OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R1 aswSnx;aswSnx; [x]
    R1 aswSP;aswSP; [x]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-19 203264]
    R2 aswFsBlk;aswFsBlk; [x]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-01-22 51024]
    R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2009-10-12 46824]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-19 7767040]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-19 279040]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-19 116240]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-14 1038088]
    R3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor for Windows\pcd5srvc_x64.pkms [2008-09-10 25888]
    R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-01-22 10576]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]
    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-22 79360]
    R4 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - eeCtrl
    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - SymEFA
    *Deregistered* - SYMFW
    *Deregistered* - SYMNDISV
    *Deregistered* - SYMTDI
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-212166006-3987176063-3787282247-1000Core.job
    - c:\users\Absurdist\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 23:17]

    2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-212166006-3987176063-3787282247-1000UA.job
    - c:\users\Absurdist\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-21 23:17]

    2010-01-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]

    2010-01-29 c:\windows\Tasks\RegPowerClean.job
    - c:\program files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-08-21 21:48]

    2010-01-29 c:\windows\Tasks\RPCReminder.job
    - c:\program files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-08-21 21:34]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
    2011-02-23 15:04 972280 ----a-w- c:\program files\AVAST Software\Avast\aswWebRepIE64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"= "c:\program files\AVAST Software\Avast\aswWebRepIE64.dll" [2011-02-23 972280]

    [HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
    [HKEY_CLASSES_ROOT\Avast.WrcBar64.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6569EAFC-365E-4ef4-932A-454CCD5E1434}]
    [HKEY_CLASSES_ROOT\Avast.WrcBar64]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 15:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Absurdist\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Absurdist\AppData\Roaming\Mozilla\Firefox\Profiles\bknphhct.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Conduit Engine Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
    FF - Ext: Download Youtube Videos +: video.downloader.plugin@ffpimp.com - %profile%\extensions\video.downloader.plugin@ffpimp.com
    FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files (x86)\My.Freeze.com Toolbar\NetAssistant.dll
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    Toolbar-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - c:\program files (x86)\My.Freeze.com Toolbar\freeze_us.dll
    Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    Wow6432Node-HKLM-Run-DivXUpdate - c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    AddRemove-DVD X Player Professional 3.0_is1 - c:\program files (x86)\DVD X Studios\DVD X Player Professional 3.0\unins000.exe
    AddRemove-LimeWire - c:\program files (x86)\LimeWire\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    AddRemove-Screen Recorder Gold_is1 - c:\program files (x86)\Screen Recorder Gold\unins000.exe
    AddRemove-Virtual DJ - Atomix Productions - c:\progra~2\VIRTUA~1\UNWISE.EXE
    AddRemove-XobniMain - c:\program files (x86)\Xobni\UninstallerWizard.exe
    AddRemove-{1B602410-D983-4947-98FE-EE749073D15E} - c:\programdata\{F14A989E-0102-460B-ADB5-BC208314A307}\Setup.exe
    AddRemove-{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1 - c:\program files (x86)\Convert VOB to AVI\unins000.exe
    AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
    AddRemove-{93F2C2FE-5036-4DA4-83C5-3F74608C4D6C}_is1 - c:\program files (x86)\Multi File Downloader\unins000.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
    "ImagePath"="\??\c:\program files\PC-Doctor for Windows\pcd5srvc_x64.pkms"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-212166006-3987176063-3787282247-1000\Software\SecuROM\License information*]
    "datasecu"=hex:72,51,fb,27,6e,7a,d6,88,85,5a,fc,2e,99,97,3a,7d,ca,59,1a,b7,58,
    a1,f7,22,15,54,00,46,68,70,c2,14,64,ea,e2,77,ac,53,27,31,c0,1a,f3,cb,a2,83,\
    "rkeysecu"=hex:9a,a6,e3,7c,77,24,6f,08,7a,60,2d,bb,df,f8,53,bc

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-25 16:04:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-26 00:04

    Pre-Run: 323,349,397,504 bytes free
    Post-Run: 322,914,123,776 bytes free

    - - End Of File - - 00495B6763ECAD623F583E8005C7B2B2
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sony Vegas Pro 9.0 has been pirated.There is evidence of pirated programs in the Eset log. All pirated programs will have to be removed for support to continue. Please run the following:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.

    What is Drive F?
    ===========================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe 
      C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi 
      C:\Users\Absurdist\Documents\LimeWire\Incomplete\T-5860802-headhunterz muzical revolution.au 
      C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi]Full+Plug-in.iso 
      C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe 
      C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe 
      C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe 
      C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe 
      C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi 
      F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe 
      F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==============================================
    There is heavy use of file sharing and no indication of safeguards for safe surfing.
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe.
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
     
  10. Absurdistof

    Absurdistof TS Rookie Topic Starter

    Sorry for the P2P stuff, to be honest the most recent torrents I've been downloading are actually from wikileaks.

    CKSCANNER


    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\steam\steamapps\absurdistof\team fortress 2\tf\materials\materials\maritime\overlays\crack_001_maritime.vmt
    c:\program files (x86)\steam\steamapps\absurdistof\team fortress 2\tf\materials\materials\maritime\overlays\crack_001_maritime.vtf
    c:\program files (x86)\steam\steamapps\common\alien swarm\swarm\materials\glass\glasswindow018a_cracked.vmt
    c:\program files (x86)\steam\steamapps\common\alien swarm\swarm\materials\glass\glasswindow018a_cracked.vtf
    c:\program files (x86)\steam\steamapps\common\audiosurf\engine\crypt.dll
    c:\program files (x86)\steam\steamapps\common\audiosurf\engine\channels\crypt.dll
    c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
    c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
    c:\users\absurdist\desktop\all adobe cs4 keygens\divx plus converter.lnk
    c:\users\absurdist\desktop\all adobe cs4 keygens\readme.txt
    c:\users\absurdist\desktop\all adobe cs4 keygens\adobe cs4 master collection keygen\disable_activation.cmd
    c:\users\absurdist\desktop\all adobe cs4 keygens\adobe photoshop cs4 extended keygen+patch\keygen\keygen_masteruploader.exe
    c:\users\absurdist\desktop\all adobe cs4 keygens\adobe photoshop cs4 extended keygen+patch\patch\adobe.photoshop.cs4.-patch.exe
    c:\users\absurdist\desktop\all adobe cs4 keygens\adobe photoshop cs4 extended keygen+patch\patch\st!d3r.nfo
    c:\users\absurdist\desktop\all adobe cs4 keygens\serails for all adobe cs4 products\godly keygen.exe
    c:\users\absurdist\desktop\all adobe cs4 keygens\serails for all adobe cs4 products\login.txt
    c:\users\absurdist\desktop\all adobe cs4 keygens\serails for all adobe cs4 products\readme.txt
    c:\users\absurdist\documents\crack\keygen.exe
    c:\users\absurdist\documents\crack\method.txt
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\commentary on bo ctf on cracked.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ctf on cracked hq.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ctf on cracked hq.veg.bak
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ffa on cracked, talk about skill.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ffa on cracked, talk about skill.veg.bak
    c:\users\absurdist\downloads\sony vegas pro 9.0 64-bit +keygen+patch (as usual) [contagiuossf]\readme.txt
    c:\users\absurdist\downloads\sony vegas pro 9.0 64-bit +keygen+patch (as usual) [contagiuossf]\keygen\keygen.exe
    c:\users\absurdist\downloads\sony vegas pro 9.0 64-bit +keygen+patch (as usual) [contagiuossf]\setup\vegaspro90_64bit.exe
    c:\users\absurdist\downloads\sony vegas pro 9.0c build 896 [32.64 bit][multi]full+plug-in\sony vegas pro 9.0c build 896 [32.64 bit][multi][full+plug-in][www.zonatorrent.com]\newbluefx ii\multikeygen\seriales.txt
    c:\users\absurdist\downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\keygen.exe
    c:\users\absurdist\downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\keygen.exe
    scanner sequence 3.ZZ.11
    ----- EOF -----

    Will edit with OTM

    OTM


    All processes killed
    ========== FILES ==========
    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe moved successfully.
    C:\ProgramData\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi moved successfully.
    C:\Users\Absurdist\Documents\LimeWire\Incomplete\T-5860802-headhunterz muzical revolution.au moved successfully.
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0c Build 896 [32.64 bit][MULTi]Full+Plug-in.iso moved successfully.
    C:\Users\Absurdist\Downloads\Sony Vegas Pro 9.0 64-bit +Keygen+patch (as usual) [ContagiuosSF]\Keygen\Keygen.exe moved successfully.
    File/Folder C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe not found.
    File/Folder C:\Users\Absurdist\Downloads\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe not found.
    File/Folder C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe not found.
    File/Folder C:\Users\All Users\{F14A989E-0102-460B-ADB5-BC208314A307}\OFFLINE\mFileBagIDE.dll\bag\FFToolbar.xpi not found.
    File/Folder F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90b_32bit\Keygen.exe not found.
    File/Folder F:\vegaspro 32bit 64bit\vegaspro 32bit 64bit\vegaspro90c_64bit\Keygen.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Absurdist
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 59698216 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1221 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TEMP
    ->Temp folder emptied: 0 bytes

    User: TEMP.LostArts
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 57.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 02252011_165951
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Every entry in the CKScanner with the words crack, serial and keygen are for pirated program. Remove them please.
     
  12. Absurdistof

    Absurdistof TS Rookie Topic Starter

    Deleted everything on the desktop, in documents, and in downloads. The other files are videos (for instance 'talk about skill on cracked [name of map in COD: Black Ops]) or textures (crack_001_maritime.vtf)

    UPDATED CKScanner


    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\steam\steamapps\absurdistof\team fortress 2\tf\materials\materials\maritime\overlays\crack_001_maritime.vmt
    c:\program files (x86)\steam\steamapps\absurdistof\team fortress 2\tf\materials\materials\maritime\overlays\crack_001_maritime.vtf
    c:\program files (x86)\steam\steamapps\common\alien swarm\swarm\materials\glass\glasswindow018a_cracked.vmt
    c:\program files (x86)\steam\steamapps\common\alien swarm\swarm\materials\glass\glasswindow018a_cracked.vtf
    c:\program files (x86)\steam\steamapps\common\audiosurf\engine\crypt.dll
    c:\program files (x86)\steam\steamapps\common\audiosurf\engine\channels\crypt.dll
    c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
    c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\commentary on bo ctf on cracked.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ctf on cracked hq.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ctf on cracked hq.veg.bak
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ffa on cracked, talk about skill.veg
    c:\users\absurdist\documents\stuff that was on the desktop\alex archival\pics and vids\ffa on cracked, talk about skill.veg.bak
    scanner sequence 3.DI.11
    ----- EOF -----

    Sidenote:
    I've been operating solely in safe mode so far, I tried booting up normally, but after I logged in the screen went black and I got a dialog box asking to allow OTM to operate. I hit 'cancel' and so far things seem to be normal..

    EDIT: Nevermind. System hung just like before, back in safe mode.
     
  13. Absurdistof

    Absurdistof TS Rookie Topic Starter

    I'm sorry, is there anything else I need to do?

    Booting up normally still hangs, and I've deleted all the old keygens and cracks.
     
  14. Absurdistof

    Absurdistof TS Rookie Topic Starter

    Probably going to reformat. Malwarebytes said I don't have any viruses, but the computer still starts to hang. I've got a good bit of junk I need to clear out anyways.

    Bobbye, I owe you my thanks for taking the time to help walk me through this over the past few days, I'm sorry for the bother :)
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am glad you decided to the reformat/reinstall, because, yes, you do have a lots of bad entries. As I mentioned, one clean log like Mbam does not tell the whole story.. There is a lot more to the word Malware than the word "Virus." There are Worms, Trojans, PUP ad PUM, pests, etc.

    In asking the question "How Did I get infected? the following may be of help:
    See where you fit into the descriptions below and make the necessary changes if you wan to remain clean.
    You usually get infected because your security settings are too low.

    Here are a number of recommendations to help tighten them, which will hopefully make you a less likely victim:
    Safe Computing Practices:>
    Maintenance - what´s that?

    I think many user do as described here:
    14 ways to get Infected without trying>A little bit of humor but also based on fact:
    See where you fit into the descriptions below and make the necessary changes if you wan to remain clean.
    1) Look for cracks, subdivided in illegal software and .....
    2) Practice unsafe hex, browse the web for free pOrn
    3) Look for software that adds smileys to your posts, mail etc
    4) Look for kewl skins, screensavers etc
    5) Look for spyware removers, concentrate on the kind that makes you pay before it removes anything
    6) Install a P2P program and repeat all of the above
    7) You always want the best; use p2p to download anti-virus/firewall software.
    8) Do NOT pay for anything, the internet is a place where you can steal anything from everyone without even saying as much as thank you
    9) Don't have/use/update antivirs/security software
    10) Look for pokergames, slotmachines and other gambling outfits
    11) Look for ringtones and other stuff to bling your phone
    12) Click on those unexpected links and attachments in email, because you're curious...
    13) Do loan your laptop to the next door neighbour for the weekend and give him your Admin account login so he can get his project done with no hassles
    14) Let the Babysitter use your laptop for 'schoolwork'[/quote]
    Thanks to Metallica for most of those and CalamityJane, bitman, Lonny, shelf life. :
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...