Randomly redirected to other sites after clicking links from google

Solved
By winger22
Mar 25, 2011
Topic Status:
Not open for further replies.
  1. Hi there. Sometimes when I search for something on google and click on a link, I am sent to some other random website. I have also recently had to use a system restore because eventually some random program was blocking me from accessing the internet. I hope you can help me. I have run the 8 steps already. A note--before I found your website I had already run MALWAREBYTES and removed some items, but my problem still persists.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6160

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/25/2011 9:02:23 PM
    mbam-log-2011-03-25 (21-02-23).txt

    Scan type: Quick scan
    Objects scanned: 163949
    Time elapsed: 1 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------


    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-03-25 22:09:14
    Windows 6.1.7600
    Running: i2x1qb3t.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0x11 0xE7 0x6A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xCA 0xE1 0xA1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x69 0x5C 0x6C 0x6D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4B 0x11 0xE7 0x6A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xCA 0xE1 0xA1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x69 0x5C 0x6C 0x6D ...

    ---- EOF - GMER 1.0.15 ----

    ------------------------------------------------------------------------------------------------------------------------------------------------------


    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Mitch at 22:14:12.71 on Fri 03/25/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4508 [GMT -5:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Everything\Everything.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Users\Mitch\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
    mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
    TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    mRun: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROSEWI~1.LNK - C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {ECDEE021-0D17-467F-A1FF-C7A115230949} - No File
    mRun-x64: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
    FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    FF - plugin: C:\Users\Mitch\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Mitch\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
    FF - plugin: C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: XULRunner: {01168458-244C-4947-9D23-EA763DD803F9} - C:\Users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Forecastbar Enhanced: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} - %profile%\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Mitch\AppData\Roaming\Move Networks
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-24 69376]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-4 203776]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-1 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-1 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-1 83120]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-16 1405384]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe [2010-5-13 185632]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-4 8283136]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-4 294400]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\System32\drivers\rt2870.sys [2010-5-13 946688]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-6-1 19432]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-20 128928]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-24 17152]
    S3 OV550I;Film and Photo Scanner;C:\Windows\System32\drivers\OVTX16.sys [2010-6-4 139520]
    .
    =============== Created Last 30 ================
    .
    2011-03-25 00:27:57 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-24 22:29:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-24 22:29:10 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-24 22:12:05 -------- d-----w- C:\Windows\pss
    2011-03-22 22:04:03 -------- d-----w- C:\Users\Mitch\AppData\Local\NeoSmart_Technologies
    2011-03-22 22:03:03 -------- d-----w- C:\Program Files (x86)\NeoSmart Technologies
    2011-03-21 01:31:05 -------- d-----w- C:\Users\Mitch\AppData\Local\Sunbelt Software
    2011-03-21 01:30:00 -------- dc----w- C:\PROGRA~3\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    2011-03-19 06:01:43 -------- d-----w- C:\Users\Mitch\AppData\Roaming\Malwarebytes
    2011-03-19 06:01:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-19 06:01:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-18 00:15:07 -------- d-----w- C:\Users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}
    2011-03-16 08:26:32 0 ----a-w- C:\Users\Mitch\AppData\Local\Stutiveba.bin
    .
    ==================== Find3M ====================
    .
    2011-03-25 00:27:16 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-03-09 00:24:02 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-03-03 00:33:11 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-02-11 06:19:42 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-01-05 03:37:14 8283136 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-01-05 03:22:46 22100480 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-01-05 03:03:34 17043968 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-01-05 03:02:40 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-01-05 03:02:28 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-01-05 03:01:12 708608 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-01-05 02:58:42 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-01-05 02:58:22 480256 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-01-05 02:57:44 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-01-05 02:56:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-01-05 02:56:10 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-01-05 02:56:02 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-01-05 02:55:50 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-01-05 02:55:46 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-01-05 02:55:40 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-01-05 02:55:34 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-01-05 02:52:20 4101632 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-01-05 02:43:20 4844544 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-01-05 02:33:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-01-05 02:33:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-01-05 02:33:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-01-05 02:33:20 4162048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-01-05 02:33:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-01-05 02:33:08 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-01-05 02:32:56 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-01-05 02:32:22 3218944 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-01-05 02:31:52 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-01-05 02:28:08 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-01-05 02:27:06 5305856 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-01-05 02:25:04 3461120 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-01-05 02:20:20 353792 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-01-05 02:20:10 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-01-05 02:19:58 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-01-05 02:19:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-01-05 02:19:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-01-05 02:19:52 32256 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-01-05 02:19:44 27648 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-01-05 02:19:38 294400 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-01-05 02:18:52 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-01-05 02:18:46 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-01-05 02:18:34 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-01-05 02:18:26 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-01-05 02:17:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-01-05 02:11:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-01-05 02:11:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-01-05 02:11:00 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-01-05 02:11:00 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2010-12-29 05:48:13 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    .
    ============= FINISH: 22:14:27.91 ===============



    --------------------------------------------------------------------------------------------------------------------------------------------------





    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/26/2010 2:25:38 AM
    System Uptime: 3/25/2011 7:45:01 PM (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P6T
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 596 GiB total, 37.677 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 242.19 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: Applied Networking Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    Class GUID:
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:
    .
    ==== System Restore Points ===================
    .
    RP89: 3/17/2011 8:43:03 PM - Scheduled Checkpoint
    RP90: 3/18/2011 11:06:48 PM - Windows Update
    RP91: 3/19/2011 12:27:18 AM - Restore Operation
    RP92: 3/20/2011 9:58:22 PM - Ad-Aware Checkpoint
    RP93: 3/21/2011 3:02:26 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    µTorrent
    AC3Filter 1.63b
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Aliens vs. Predator
    AOL Instant Messenger
    Apple Software Update
    ATI Catalyst Registration
    Avira AntiVir Personal - Free Antivirus
    Battlefield: Bad Company 2
    Bing Bar
    Bing Bar Platform
    Bit Che
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    CDBurnerXP
    Crysis WARHEAD(R)
    DVD-lab PRO 1.00
    DVD Flick 1.3.0.7
    EA Download Manager
    eMule
    Everything 1.2.1.371
    Fallout 3
    FastStone Photo Resizer 2.8
    Folding@home-x86
    free-downloads.net Toolbar
    Futuremark SystemInfo
    GameSpy Arcade
    GIMP 2.6.7
    Google Chrome
    Google Talk Plugin
    Grand Theft Auto IV
    GRID
    GRID Demo
    Hamachi 1.0.1.1
    HP Deskjet 1050 J410 series Help
    HP Photo Creations
    HP Update
    HydraVision
    Java(TM) 6 Update 16
    KODAK Share Button App
    Left 4 Dead
    Left 4 Dead 2
    Malwarebytes' Anti-Malware
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mirror's Edge
    MKVtoolnix 2.9.7
    Move Media Player
    Mozilla Firefox (3.6.15)
    MSXML4 Parser
    NBA 2K10
    NVIDIA PhysX v8.10.17
    OpenAL
    Osmos
    Pcsx2 0.9.6
    PunkBuster Services
    Pure
    Pure DEMO
    Qtracker
    Quake Live Mozilla Plugin
    QuickTime
    Rise of Nations
    Rockstar Games Social Club
    Rosewill Wireless Network 11N USB adapter RNX-EasyN1
    Seismovision 3 (remove only)
    Serious Sam HD: The First Encounter
    Serious Sam HD: The Second Encounter
    Sony CD Architect 5.2
    Sony Sound Forge 7.0
    StarCraft II
    Steam
    Streamripper (Remove only)
    STREET FIGHTER IV
    STREET FIGHTER IV BENCHMARK
    Team Fortress 2
    The Lord of the Rings FREE Trial
    The Sims™ 3
    TMPGEnc 3.0 XPress
    TMPGEnc 4.0 XPress
    Torchlight
    Trine Demo
    Viewpoint Media Player
    Visual Studio 2008 x64 Redistributables
    VLC media player 0.9.9
    Winamp (remove only)
    Yahoo! Messenger
    zbattle.net 1.09 SR-1 beta
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/25/2011 7:40:08 PM, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/24/2011 7:27:57 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
    3/24/2011 5:45:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/24/2011 5:45:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/24/2011 5:45:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/24/2011 5:45:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/24/2011 5:45:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/24/2011 5:45:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/24/2011 5:45:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/24/2011 5:06:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/24/2011 5:04:28 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    3/24/2011 5:04:25 PM, Error: Service Control Manager [7038] - The wscsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    3/24/2011 5:04:25 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not start due to a logon failure.
    3/23/2011 7:28:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    3/23/2011 10:23:45 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    3/20/2011 8:30:42 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/19/2011 12:24:29 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. winger22

    winger22 Newcomer, in training Topic Starter

    ComboFix 11-03-25.01 - Mitch 03/26/2011 0:00.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4533 [GMT -5:00]
    Running from: c:\users\Mitch\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}
    c:\users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}\chrome.manifest
    c:\users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}\chrome\content\_cfg.js
    c:\users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}\chrome\content\overlay.xul
    c:\users\Mitch\AppData\Local\{01168458-244C-4947-9D23-EA763DD803F9}\install.rdf
    c:\users\Mitch\AppData\Roaming\chrtmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-26 05:03 . 2011-03-26 05:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-26 00:45 . 2011-03-26 00:45 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-03-25 00:27 . 2011-03-25 00:27 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-24 22:29 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-24 22:29 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-22 22:04 . 2011-03-22 22:04 -------- d-----w- c:\users\Mitch\AppData\Local\NeoSmart_Technologies
    2011-03-22 22:03 . 2011-03-22 22:03 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
    2011-03-21 01:31 . 2011-03-21 01:31 -------- d-----w- c:\users\Mitch\AppData\Local\Sunbelt Software
    2011-03-21 01:30 . 2011-03-24 22:09 -------- dc----w- c:\programdata\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    2011-03-19 06:01 . 2011-03-19 06:01 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
    2011-03-19 06:01 . 2011-03-19 06:01 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-19 06:01 . 2011-03-24 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-16 08:26 . 2011-03-19 05:44 0 ----a-w- c:\users\Mitch\AppData\Local\Stutiveba.bin
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-25 00:27 . 2009-11-01 19:26 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-09 00:24 . 2009-08-12 14:42 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-03-03 00:33 . 2009-08-12 14:42 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-02-11 06:19 . 2009-08-18 03:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll
    2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-01-05 03:01 . 2011-01-05 03:01 708608 ----a-w- c:\windows\system32\aticfx64.dll
    2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe
    2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-01-05 02:43 . 2009-09-23 22:15 4844544 ----a-w- c:\windows\system32\atidxx64.dll
    2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-01-05 02:33 . 2009-09-23 22:06 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-01-05 02:32 . 2009-09-23 21:54 3218944 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-01-05 02:28 . 2011-01-05 02:28 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-01-05 02:27 . 2009-09-23 22:00 5305856 ----a-w- c:\windows\system32\atiumd64.dll
    2011-01-05 02:25 . 2009-09-23 21:48 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll
    2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-01-05 02:18 . 2011-01-05 02:18 39936 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-01-05 02:18 . 2011-01-05 02:18 38400 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2010-12-29 05:48 . 2009-08-12 14:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2010-12-27 23:05 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2010-12-27 23:04 . 2009-08-18 17:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2009-03-10 16:47 2079256 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Google Update"="c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Watch"="c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" [2011-03-25 939848]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-07 149280]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rosewill Wireless Utility.lnk - c:\program files (x86)\Rosewill\Common\RaUI.exe [2010-5-13 1691648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
    .
    R3 ALSysIO;ALSysIO;c:\users\Mitch\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-25 1405384]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-25 17152]
    R3 OV550I;Film and Photo Scanner;c:\windows\system32\Drivers\OVTX16.sys [2010-06-04 139520]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000Core.job
    - c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:23]
    .
    2011-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000UA.job
    - c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:23]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-12-30 2225552]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Forecastbar Enhanced: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} - %profile%\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Mitch\AppData\Roaming\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2778418297-1974107206-3840864294-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d1,b3,42,c0,1f,4d,a5,be,34,56,2e,15,5a,e0,ec,a4,7a,30,73,ef,b6,
    08,e2,93,fe,ab,16,eb,0d,02,02,c7,b8,25,7d,d2,32,1d,ae,89,01,2d,6e,de,38,1c,\
    "rkeysecu"=hex:2e,3f,52,f9,54,80,b4,a1,2b,cc,9f,b7,a9,4e,60,de
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-03-26 00:04:41
    ComboFix-quarantined-files.txt 2011-03-26 05:04
    .
    Pre-Run: 39,729,057,792 bytes free
    Post-Run: 39,607,926,784 bytes free
    .
    - - End Of File - - 9B565EBCC1A81F1B520218E24BEB2DB0
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    How is redirection?

    Uninstall Ad-Aware.
    It includes antivirus and you can't be running two AV programs.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. winger22

    winger22 Newcomer, in training Topic Starter

    It only happens every so often. Maybe 1 in 15 clicks on a link. Here is my log for TDSSkiller:

    2011/03/26 21:11:31.0082 4224 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/26 21:11:31.0472 4224 ================================================================================
    2011/03/26 21:11:31.0472 4224 SystemInfo:
    2011/03/26 21:11:31.0472 4224
    2011/03/26 21:11:31.0472 4224 OS Version: 6.1.7600 ServicePack: 0.0
    2011/03/26 21:11:31.0472 4224 Product type: Workstation
    2011/03/26 21:11:31.0472 4224 ComputerName: MITCH-PC
    2011/03/26 21:11:31.0472 4224 UserName: Mitch
    2011/03/26 21:11:31.0472 4224 Windows directory: C:\Windows
    2011/03/26 21:11:31.0472 4224 System windows directory: C:\Windows
    2011/03/26 21:11:31.0472 4224 Running under WOW64
    2011/03/26 21:11:31.0472 4224 Processor architecture: Intel x64
    2011/03/26 21:11:31.0472 4224 Number of processors: 8
    2011/03/26 21:11:31.0472 4224 Page size: 0x1000
    2011/03/26 21:11:31.0472 4224 Boot type: Normal boot
    2011/03/26 21:11:31.0472 4224 ================================================================================
    2011/03/26 21:11:34.0311 4224 Initialize success
    2011/03/26 21:11:38.0789 4720 ================================================================================
    2011/03/26 21:11:38.0789 4720 Scan started
    2011/03/26 21:11:38.0789 4720 Mode: Manual;
    2011/03/26 21:11:38.0789 4720 ================================================================================
    2011/03/26 21:11:41.0082 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/03/26 21:11:41.0144 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/03/26 21:11:41.0160 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/03/26 21:11:41.0191 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/03/26 21:11:41.0222 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/03/26 21:11:41.0253 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/03/26 21:11:41.0300 4720 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/03/26 21:11:41.0331 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/03/26 21:11:41.0347 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/03/26 21:11:41.0472 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/03/26 21:11:41.0503 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/03/26 21:11:41.0737 4720 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/26 21:11:41.0924 4720 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/03/26 21:11:41.0940 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/03/26 21:11:41.0971 4720 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/03/26 21:11:42.0002 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/03/26 21:11:42.0018 4720 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/03/26 21:11:42.0065 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/03/26 21:11:42.0111 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/03/26 21:11:42.0143 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/03/26 21:11:42.0174 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/26 21:11:42.0189 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/03/26 21:11:42.0236 4720 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
    2011/03/26 21:11:42.0267 4720 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/03/26 21:11:42.0548 4720 atikmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/26 21:11:42.0642 4720 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/03/26 21:11:42.0657 4720 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/03/26 21:11:42.0704 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/03/26 21:11:42.0735 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/03/26 21:11:42.0782 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/03/26 21:11:42.0813 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/03/26 21:11:42.0845 4720 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/26 21:11:42.0860 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/26 21:11:42.0876 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/26 21:11:42.0907 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/03/26 21:11:42.0938 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/03/26 21:11:42.0969 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/03/26 21:11:42.0985 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/03/26 21:11:43.0001 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/03/26 21:11:43.0047 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/26 21:11:43.0079 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/03/26 21:11:43.0110 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/26 21:11:43.0172 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/03/26 21:11:43.0203 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/26 21:11:43.0219 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/03/26 21:11:43.0235 4720 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/03/26 21:11:43.0266 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/26 21:11:43.0281 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/03/26 21:11:43.0344 4720 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
    2011/03/26 21:11:43.0375 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/03/26 21:11:43.0406 4720 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2011/03/26 21:11:43.0453 4720 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/26 21:11:43.0469 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/03/26 21:11:43.0484 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/03/26 21:11:43.0531 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/26 21:11:43.0578 4720 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/26 21:11:43.0625 4720 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2011/03/26 21:11:43.0718 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/03/26 21:11:43.0827 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/03/26 21:11:43.0843 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/03/26 21:11:43.0874 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/03/26 21:11:43.0905 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/03/26 21:11:43.0937 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/26 21:11:43.0952 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/26 21:11:43.0983 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/03/26 21:11:43.0999 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/26 21:11:44.0030 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/26 21:11:44.0093 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/03/26 21:11:44.0108 4720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/26 21:11:44.0171 4720 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/26 21:11:44.0186 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/03/26 21:11:44.0249 4720 GEARAspiWDM (d279181e1cf2d85d31cdcffd56b16795) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/26 21:11:44.0295 4720 hamachi (92c58e696f58187255d52e2d76764821) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/03/26 21:11:44.0327 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/03/26 21:11:44.0389 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/26 21:11:44.0420 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/03/26 21:11:44.0451 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/26 21:11:44.0467 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/03/26 21:11:44.0483 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/26 21:11:44.0529 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/03/26 21:11:44.0592 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/03/26 21:11:44.0654 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/03/26 21:11:44.0685 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/03/26 21:11:44.0717 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/03/26 21:11:44.0748 4720 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/03/26 21:11:44.0779 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/03/26 21:11:44.0810 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/03/26 21:11:44.0826 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/26 21:11:44.0841 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/26 21:11:44.0873 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/03/26 21:11:44.0904 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/03/26 21:11:44.0935 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/03/26 21:11:44.0951 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/03/26 21:11:44.0982 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/03/26 21:11:45.0013 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/03/26 21:11:45.0044 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/03/26 21:11:45.0075 4720 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/26 21:11:45.0091 4720 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/03/26 21:11:45.0107 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/03/26 21:11:45.0169 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/26 21:11:45.0200 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/03/26 21:11:45.0216 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/03/26 21:11:45.0247 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/26 21:11:45.0263 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/26 21:11:45.0294 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/03/26 21:11:45.0325 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/03/26 21:11:45.0356 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/03/26 21:11:45.0403 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/03/26 21:11:45.0419 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/26 21:11:45.0450 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/03/26 21:11:45.0481 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/26 21:11:45.0512 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/26 21:11:45.0528 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/03/26 21:11:45.0575 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/26 21:11:45.0621 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/26 21:11:45.0637 4720 mrxsmb (ab5892797c4114640ba333949568de8c) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/26 21:11:45.0653 4720 mrxsmb10 (81a38f7aeeb265634b05ae5f3f29fbc4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/26 21:11:45.0684 4720 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/26 21:11:45.0699 4720 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/03/26 21:11:45.0731 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/03/26 21:11:45.0762 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/03/26 21:11:45.0777 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/03/26 21:11:45.0793 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/03/26 21:11:45.0840 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/26 21:11:45.0855 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/26 21:11:45.0871 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/26 21:11:45.0887 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/26 21:11:45.0918 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/03/26 21:11:45.0933 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/26 21:11:45.0949 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/03/26 21:11:45.0980 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/03/26 21:11:45.0996 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/26 21:11:46.0043 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/03/26 21:11:46.0089 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/03/26 21:11:46.0089 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/26 21:11:46.0121 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/26 21:11:46.0152 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/26 21:11:46.0183 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/26 21:11:46.0199 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/26 21:11:46.0214 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/26 21:11:46.0245 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/03/26 21:11:46.0277 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/03/26 21:11:46.0292 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/26 21:11:46.0339 4720 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/26 21:11:46.0386 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/03/26 21:11:46.0417 4720 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/03/26 21:11:46.0448 4720 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/03/26 21:11:46.0464 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/03/26 21:11:46.0495 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/03/26 21:11:46.0557 4720 OV550I (bbd46a3539276fd5e55d2b55daadabcd) C:\Windows\system32\Drivers\OVTX16.sys
    2011/03/26 21:11:46.0589 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/26 21:11:46.0604 4720 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/03/26 21:11:46.0620 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/03/26 21:11:46.0635 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/03/26 21:11:46.0667 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/26 21:11:46.0698 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/03/26 21:11:46.0713 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/03/26 21:11:46.0823 4720 Point64 (4759c58aaf2582e1d742497f87bd89b3) C:\Windows\system32\DRIVERS\point64k.sys
    2011/03/26 21:11:46.0854 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/26 21:11:46.0869 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/03/26 21:11:46.0901 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/26 21:11:46.0947 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/03/26 21:11:46.0979 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/03/26 21:11:47.0010 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/26 21:11:47.0041 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/26 21:11:47.0088 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/03/26 21:11:47.0103 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/26 21:11:47.0135 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/26 21:11:47.0150 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/26 21:11:47.0166 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/26 21:11:47.0181 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/03/26 21:11:47.0197 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/26 21:11:47.0228 4720 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2011/03/26 21:11:47.0244 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/26 21:11:47.0259 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/03/26 21:11:47.0291 4720 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/26 21:11:47.0306 4720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/03/26 21:11:47.0353 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/26 21:11:47.0400 4720 rt2870 (f16a258b58638fd096e787cc004fc7cd) C:\Windows\system32\DRIVERS\rt2870.sys
    2011/03/26 21:11:47.0478 4720 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/03/26 21:11:47.0525 4720 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/03/26 21:11:47.0556 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/03/26 21:11:47.0587 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/03/26 21:11:47.0634 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/03/26 21:11:47.0665 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/03/26 21:11:47.0696 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/03/26 21:11:47.0712 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/03/26 21:11:47.0743 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/03/26 21:11:47.0759 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/03/26 21:11:47.0759 4720 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/03/26 21:11:47.0774 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/03/26 21:11:47.0805 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/26 21:11:47.0821 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/03/26 21:11:47.0852 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/26 21:11:47.0883 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/03/26 21:11:47.0946 4720 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
    2011/03/26 21:11:47.0946 4720 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
    2011/03/26 21:11:47.0961 4720 sptd - detected Locked file (1)
    2011/03/26 21:11:47.0977 4720 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/26 21:11:48.0024 4720 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/26 21:11:48.0055 4720 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/26 21:11:48.0117 4720 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
    2011/03/26 21:11:48.0149 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/03/26 21:11:48.0211 4720 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/03/26 21:11:48.0227 4720 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/03/26 21:11:48.0273 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/03/26 21:11:48.0835 4720 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    2011/03/26 21:11:48.0897 4720 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/26 21:11:48.0929 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/26 21:11:48.0944 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/26 21:11:48.0960 4720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/26 21:11:48.0975 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/26 21:11:48.0991 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/03/26 21:11:49.0053 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/26 21:11:49.0085 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/26 21:11:49.0100 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/03/26 21:11:49.0131 4720 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/26 21:11:49.0163 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/03/26 21:11:49.0178 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/03/26 21:11:49.0194 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/03/26 21:11:49.0256 4720 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/03/26 21:11:49.0272 4720 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/03/26 21:11:49.0303 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/03/26 21:11:49.0334 4720 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/03/26 21:11:49.0365 4720 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/03/26 21:11:49.0397 4720 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/03/26 21:11:49.0428 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/26 21:11:49.0490 4720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/26 21:11:49.0537 4720 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/26 21:11:49.0553 4720 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/03/26 21:11:49.0599 4720 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
    2011/03/26 21:11:49.0615 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/03/26 21:11:49.0646 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/26 21:11:49.0662 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/03/26 21:11:49.0693 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/03/26 21:11:49.0724 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/03/26 21:11:49.0755 4720 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/03/26 21:11:49.0787 4720 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/03/26 21:11:49.0818 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/03/26 21:11:49.0849 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/26 21:11:49.0880 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/03/26 21:11:49.0911 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/03/26 21:11:49.0943 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/03/26 21:11:49.0958 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/03/26 21:11:49.0989 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/26 21:11:50.0005 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/26 21:11:50.0052 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/03/26 21:11:50.0067 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/26 21:11:50.0130 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/03/26 21:11:50.0145 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/03/26 21:11:50.0208 4720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/03/26 21:11:50.0239 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/03/26 21:11:50.0286 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/26 21:11:50.0301 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/03/26 21:11:50.0333 4720 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/26 21:11:50.0364 4720 xusb21 (5aa532bbac7e34186edff24f72bcd61b) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/03/26 21:11:50.0395 4720 ================================================================================
    2011/03/26 21:11:50.0395 4720 Scan finished
    2011/03/26 21:11:50.0395 4720 ================================================================================
    2011/03/26 21:11:50.0411 4724 Detected object count: 1
    2011/03/26 21:12:00.0130 4724 Locked file(sptd) - User select action: Skip
    2011/03/26 21:12:23.0204 4196 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It shouldn't be happening at all.
    Which browser is affected?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. winger22

    winger22 Newcomer, in training Topic Starter

    I am using firefox version 3.6.16. I haven't been online much today, and so I haven't had any redirects yet---today. Here are my logs.

    OTL logfile created on: 3/26/2011 9:44:14 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mitch\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 79.00% Memory free
    12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 596.07 Gb Total Space | 37.45 Gb Free Space | 6.28% Space Free | Partition Type: NTFS
    Drive D: | 465.75 Gb Total Space | 245.29 Gb Free Space | 52.67% Space Free | Partition Type: NTFS
    Drive G: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS

    Computer Name: MITCH-PC | User Name: Mitch | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/26 21:42:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    PRC - [2011/03/16 13:25:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/12/29 00:48:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/12/13 09:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/10/07 13:43:18 | 000,106,496 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    PRC - [2009/06/24 09:54:14 | 001,691,648 | ---- | M] (Rosewill Inc.) -- C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    PRC - [2009/04/29 20:15:40 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe
    PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
    PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/26 21:42:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/01/04 21:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/03/16 13:25:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/12/29 00:48:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/12/13 09:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/11/11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2009/10/31 15:05:48 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/29 20:15:40 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe -- (RalinkRegistryWriter)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/04 22:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/01/04 22:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/01/04 21:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/12/13 09:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/12/13 09:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/11/19 03:36:06 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/17 01:06:10 | 000,017,656 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2010/06/04 18:44:12 | 000,139,520 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OVTX16.sys -- (OV550I)
    DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 04:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/04/28 18:02:28 | 000,946,688 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt2870.sys -- (rt2870)
    DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
    DRV:64bit: - [2009/03/19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/29 20:55:36 | 000,033,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
    DRV:64bit: - [2007/02/26 20:15:20 | 000,092,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV - [2010/06/04 18:44:12 | 000,139,520 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\OVTX16.sys -- (OV550I)
    DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 80 D8 A2 41 FC C9 01 [binary data]
    IE - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2

    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/11/30 17:46:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 17:46:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 17:09:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 17:09:37 | 000,000,000 | ---D | M]

    [2010/02/26 03:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
    [2011/03/26 21:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions
    [2010/04/03 22:25:38 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2010/04/28 15:01:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/02/26 03:03:22 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2011/03/13 00:11:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/16 02:15:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/03/13 00:11:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011/02/21 23:40:02 | 000,000,000 | ---D | M] (YouTube mp3) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\info@youtube-mp3.org
    [2011/03/26 21:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/02/26 03:03:22 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MITCH\APPDATA\ROAMING\MOVE NETWORKS

    O1 HOSTS File: ([2011/03/26 00:03:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2778418297-1974107206-3840864294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/05/27 01:01:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.I420 - File not found
    Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/26 21:42:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    [2011/03/26 21:01:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mitch\Desktop\TDSSKiller.exe
    [2011/03/26 00:52:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/26 00:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/03/25 23:59:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/25 23:59:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/25 23:59:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/25 23:59:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/25 23:58:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/25 23:58:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/25 23:58:37 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/25 22:11:03 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Desktop\tech website
    [2011/03/24 17:29:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/24 17:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/24 17:29:10 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/03/24 17:12:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/03/22 17:04:03 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\NeoSmart_Technologies
    [2011/03/22 17:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
    [2011/03/22 17:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoSmart Technologies
    [2011/03/20 20:31:05 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\Sunbelt Software
    [2011/03/20 20:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    [2011/03/20 20:29:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/03/19 01:01:43 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Malwarebytes
    [2011/03/19 01:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/19 01:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/14 15:27:25 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2007/10/15 10:35:00 | 000,040,960 | ---- | C] ( ) -- C:\Windows\OMNIUNS.EXE

    ========== Files - Modified Within 30 Days ==========

    [2011/03/26 21:42:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    [2011/03/26 21:33:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000UA.job
    [2011/03/26 21:33:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000Core.job
    [2011/03/26 21:16:00 | 000,024,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/26 21:16:00 | 000,024,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/26 21:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/26 21:10:18 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/26 00:03:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/03/24 19:27:16 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/03/24 17:29:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/19 00:44:06 | 000,000,120 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Vnusuzayahejozu.dat
    [2011/03/19 00:44:06 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Stutiveba.bin
    [2011/03/18 23:01:05 | 000,010,266 | -HS- | M] () -- C:\Users\Mitch\AppData\Local\7370jh63o4m2k83g6lx7uq5358viy257
    [2011/03/18 23:01:05 | 000,010,266 | -HS- | M] () -- C:\ProgramData\7370jh63o4m2k83g6lx7uq5358viy257
    [2011/03/17 19:17:52 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/17 19:17:52 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/17 19:17:52 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/15 21:33:32 | 000,002,401 | ---- | M] () -- C:\Users\Mitch\Desktop\Google Chrome.lnk
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mitch\Desktop\TDSSKiller.exe
    [2011/03/08 19:24:02 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/03/02 19:33:11 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

    ========== Files Created - No Company Name ==========

    [2011/03/25 23:59:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/25 23:59:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/25 23:59:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/25 23:59:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/25 23:59:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/24 17:29:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/18 19:03:11 | 000,010,266 | -HS- | C] () -- C:\Users\Mitch\AppData\Local\7370jh63o4m2k83g6lx7uq5358viy257
    [2011/03/18 19:03:11 | 000,010,266 | -HS- | C] () -- C:\ProgramData\7370jh63o4m2k83g6lx7uq5358viy257
    [2011/03/16 03:26:32 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Stutiveba.bin
    [2011/03/16 03:26:31 | 000,000,120 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Vnusuzayahejozu.dat
    [2011/03/14 15:27:26 | 000,002,401 | ---- | C] () -- C:\Users\Mitch\Desktop\Google Chrome.lnk
    [2011/01/13 20:51:22 | 000,000,036 | ---- | C] () -- C:\Users\Mitch\AppData\Local\housecall.guid.cache
    [2010/12/30 01:25:54 | 000,007,623 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Resmon.ResmonCfg
    [2010/12/21 18:13:06 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/12/15 14:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/05/13 23:33:17 | 000,376,832 | ---- | C] () -- C:\Windows\SysWow64\AegisI5Installer.exe
    [2010/05/13 23:33:07 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2010/03/02 23:13:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/02/26 02:40:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/12/15 19:29:10 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
    [2009/10/25 00:15:55 | 000,002,040 | ---- | C] () -- C:\Windows\disney.ini
    [2009/08/17 22:25:55 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2009/08/12 09:42:06 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2009/08/12 09:41:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2009/08/10 02:40:11 | 000,000,476 | ---- | C] () -- C:\Windows\kaillera.ini
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/14 10:49:37 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2008/06/14 04:24:12 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\JpgLib.dll
    [2007/12/28 02:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2010/02/26 02:59:38 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\2K Sports
    [2010/02/26 02:59:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Aim
    [2010/12/29 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\AVG10
    [2010/11/22 15:14:09 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Canneverbe Limited
    [2010/02/26 02:59:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Convivea
    [2010/02/26 02:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Disney Interactive Studios
    [2010/02/26 02:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Folding@home-x86
    [2010/02/26 02:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\gtk-2.0
    [2010/02/26 02:59:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Leadertech
    [2010/09/28 00:42:06 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LEAPS
    [2010/09/28 00:41:41 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Pegasys Inc
    [2010/02/14 02:13:57 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Publish Providers
    [2010/02/26 03:03:22 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Sony
    [2011/03/24 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\streamripper
    [2011/03/24 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\uTorrent
    [2010/12/15 00:35:46 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/03/26 20:43:59 | 000,133,328 | ---- | M] () -- C:\aaw7boot.log
    [2009/06/09 12:51:57 | 000,023,910 | ---- | M] () -- C:\AFUDOS236.zip
    [2011/03/26 00:04:41 | 000,019,003 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/26 21:10:18 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/03/26 21:10:23 | 2137,120,767 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/26 21:12:23 | 000,065,768 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.03.2011_21.11.31_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/06/01 04:13:38 | 000,000,221 | -HS- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2010/02/26 05:06:54 | 000,000,221 | -HS- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/03 02:14:22 | 000,563,728 | ---- | M] () -- C:\Users\Mitch\Desktop\Core Temp.exe
    [2011/03/26 21:42:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
    [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mitch\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/01 15:32:49 | 000,001,847 | ---- | M] () -- C:\Users\Mitch\Favorites\AOL for Broadband.lnk
    [2010/02/26 05:06:53 | 000,000,402 | -HS- | M] () -- C:\Users\Mitch\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/18 23:01:05 | 000,010,266 | -HS- | M] () -- C:\ProgramData\7370jh63o4m2k83g6lx7uq5358viy257

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Let me know, if any redirection will happen again.

    ================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/03/19 00:44:06 | 000,000,120 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Vnusuzayahejozu.dat
      [2011/03/19 00:44:06 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Stutiveba.bin
      [2011/03/18 23:01:05 | 000,010,266 | -HS- | M] () -- C:\Users\Mitch\AppData\Local\7370jh63o4m2k83g6lx7uq5358viy257
      [2011/03/18 23:01:05 | 000,010,266 | -HS- | M] () -- C:\ProgramData\7370jh63o4m2k83g6lx7uq5358viy257
      [2010/12/29 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\AVG10
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  9. winger22

    winger22 Newcomer, in training Topic Starter

    I've updated JAVA and uninstalled the previous versions. I ran OTL and have pasted the log. I ran security check and pasted the log. TFC was run and finished.
    Finally I downloaded ESET and ran it. It found 11 threats (2 variations):
    1. win32/Agent.RSY Trojan
    2. A variant of win32/keygen.AQ application.
    I cannot find the log for the scan. The scan took over 3 hours to complete and I did not see "a list of found threats" to export. I ticked the "uninstall program" button expecting the log to be on the following screen. Is there a spot where the log saves automatically?
    OTL:
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    File C:\Users\Mitch\AppData\Local\Vnusuzayahejozu.dat not found.
    File C:\Users\Mitch\AppData\Local\Stutiveba.bin not found.
    File C:\Users\Mitch\AppData\Local\7370jh63o4m2k83g6lx7uq5358viy257 not found.
    File C:\ProgramData\7370jh63o4m2k83g6lx7uq5358viy257 not found.
    C:\Users\Mitch\AppData\Roaming\AVG10\cfgall folder moved successfully.
    C:\Users\Mitch\AppData\Roaming\AVG10 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mitch
    ->Temp folder emptied: 23288 bytes
    ->Temporary Internet Files folder emptied: 118928 bytes
    ->Java cache emptied: 9166 bytes
    ->FireFox cache emptied: 55809758 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2512 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3426 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mitch
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03282011_094446

    Files\Folders moved on Reboot...
    C:\Users\Mitch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...




    Check up:
    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.15)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    This one should go faster....

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
  11. winger22

    winger22 Newcomer, in training Topic Starter

    QuickScan Beta 32-bit v0.9.9.80
    -------------------------------
    Scan date: Tue Mar 29 22:03:58 2011
    Machine ID: 6E418CAA



    No infection found.
    -------------------



    Processes
    ---------
    (unsigned) Everything 2404 C:\Program Files (x86)\Everything\Everything.exe
    (unsigned) KODAK Share Button App 2656 C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    (unsigned) StarWind Alcohol Edition 2520 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    (unsigned) Wireless Utility Application 1628 C:\Program Files (x86)\Rosewill\Common\RaUI.exe

    (verified) hpwuSchd Application 2400 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (verified) AntiVir Desktop 3356 C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
    (verified) AntiVir Desktop 2412 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (verified) AntiVir Desktop 1540 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (verified) AntiVir Desktop 1292 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (verified) Apple Mobile Device Service 1568 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (verified) Bonjour 1588 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (verified) Firefox 1676 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (verified) Firefox 3708 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    (verified) Microsoft Search Enhancement Pack 1792 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (verified) PnkBstrA.exe 1704 C:\Windows\SysWOW64\PnkBstrA.exe
    (verified) Ralink RalinkRegistryWriter 1768 C:\Program Files (x86)\Rosewill\Common\RegistryWriter.exe


    Network activity
    ----------------
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 184.85.244.74
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.226.1
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.27
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 204.236.217.201
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 204.236.131.46
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 216.137.39.192
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 184.51.200.73
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 216.137.39.192
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.95.149
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 50.17.222.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 184.85.37.115
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 8.19.18.29
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 66.220.149.25
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19
    Process firefox.exe (1676) connected on port 80 (HTTP) --> 74.125.225.19

    Process StarWindServiceAE.exe (2520) listens on ports: 3260 (iSCSI Target), 3261


    Autoruns and critical files
    ---------------------------
    (unsigned) ATI Customer Care C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
    (unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    (unsigned) Everything C:\Program Files (x86)\Everything\Everything.exe
    (unsigned) Wireless Utility Application C:\Program Files (x86)\Rosewill\Common\RaUI.exe

    (verified) hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    (verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (verified) Alcohol Soft Development Team C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe
    (verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (verified) Default Manager C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    (verified) Google Update C:\Users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe
    (verified) GrooveShellExtensions Module c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
    (verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (verified) Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (verified) Microsoft Xbox 360 Accessories C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    (verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    (verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


    Browser plugins
    ---------------
    (unsigned) AOL Instant Messenger C:\Program Files (x86)\AIM\aim.exe
    (unsigned) Conduit Toolbar c:\program files (x86)\free-downloads.net\tbfree.dll
    (unsigned) Java(TM) Platform SE 6 U24 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

    (verified) 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    (verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
    (verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
    (verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    (verified) Bing Bar c:\program files (x86)\msn toolbar\platform\5.0.1449.0\npwinext.dll
    (verified) BitDefender QuickScan C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (verified) Google Talk Plugin C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    (verified) Google Talk Plugin Video Accelerator C:\Users\Mitch\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    (verified) Google Update C:\Users\Mitch\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    (verified) GrooveShellExtensions Module c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll
    (verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    (verified) Java(TM) Platform SE 6 U24 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    (verified) Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
    (verified) Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
    (verified) Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
    (verified) Move Streaming Media Player C:\Users\Mitch\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
    (verified) Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
    (verified) NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    (verified) QUAKE LIVE C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    (verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
    (verified) Windows Genuine Advantage C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    (verified) Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    (verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
    (verified) Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll


    Scan
    ----
    (unsigned) MD5: d7a8b327af534d75baefa1e422c00f73 C:\Program Files (x86)\AIM\aim.exe
    (unsigned) MD5: b1691af4a072cb674d600db16dd7308e C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    (unsigned) MD5: c440f1bf19db5a1f73a958b029599f76 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    (unsigned) MD5: 9b5e7eff0485f39a9663314667d97049 C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
    (unsigned) MD5: afff0fff53ae04747c340868ab1cfa27 C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll
    (unsigned) MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll
    (unsigned) MD5: e567556d03a0b22b21eef77879de5dd4 C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll
    (unsigned) MD5: 3bcdffbf6f488524abb81c9af96ee18f C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll
    (unsigned) MD5: d8915a6baf8ffc978834cfb03388cd71 C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
    (unsigned) MD5: 42267f214325ec4153698c2ae874d94f C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll
    (unsigned) MD5: 96a4b21b245f488cfa20c5c893c6623e C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll
    (unsigned) MD5: a0d0d6e981ccbd7f80f31531af0f26c0 C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll
    (unsigned) MD5: bd8e5b4b16db2a53709ea74df7b22282 C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll
    (unsigned) MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll
    (unsigned) MD5: 1bee87a4dcfea2bd0bfd5dd6a9998bc1 C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll
    (unsigned) MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll
    (unsigned) MD5: ddf0d660e994d0bb912f37dca7afe8f7 C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll
    (unsigned) MD5: dc4075c135ef78f6bc8674bb4c87e0b5 C:\Program Files (x86)\Avira\AntiVir Desktop\avgio.dll
    (unsigned) MD5: 92ea86876dfde3b9f6b4b6443c8b11fb C:\Program Files (x86)\Avira\AntiVir Desktop\avpref.dll
    (unsigned) MD5: ce3852ef8a90620e59aa9555aed4e0e9 C:\Program Files (x86)\Avira\AntiVir Desktop\ccev.dll
    (unsigned) MD5: 1c8244c24f208591d7bdecffe5856d44 C:\Program Files (x86)\Avira\AntiVir Desktop\ccevrc.dll
    (unsigned) MD5: 7488bce9f9c852f0931d29b0d76292bd C:\Program Files (x86)\Avira\AntiVir Desktop\ccgen.dll
    (unsigned) MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files (x86)\Avira\AntiVir Desktop\ccguard.dll
    (unsigned) MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files (x86)\Avira\AntiVir Desktop\cclic.dll
    (unsigned) MD5: d0d12e791014691e78463f2e752f328e C:\Program Files (x86)\Avira\AntiVir Desktop\cclicw.dll
    (unsigned) MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmsg.dll
    (unsigned) MD5: d7aef90bd657a81342260ac90e16997d C:\Program Files (x86)\Avira\AntiVir Desktop\ccprofil.dll
    (unsigned) MD5: beca3be673f7b31ef0800a76c2f8b0c4 C:\Program Files (x86)\Avira\AntiVir Desktop\ccquamgr.dll
    (unsigned) MD5: 48620181236476ec845cb96d453edf54 C:\Program Files (x86)\Avira\AntiVir Desktop\ccquarc.dll
    (unsigned) MD5: 5757fd95f10d5307292bf2f874f06ce9 C:\Program Files (x86)\Avira\AntiVir Desktop\ccreporc.dll
    (unsigned) MD5: d905f69b305f4df234e064559fbccdb7 C:\Program Files (x86)\Avira\AntiVir Desktop\ccreport.dll
    (unsigned) MD5: ad676891b172562c0b19edd0be701940 C:\Program Files (x86)\Avira\AntiVir Desktop\ccscanrc.dll
    (unsigned) MD5: 1e5458a3b6dc42f49c542a32b895df4c C:\Program Files (x86)\Avira\AntiVir Desktop\ccsched.dll
    (unsigned) MD5: 3e7264a7e9c6eaec21715d5fb05f0083 C:\Program Files (x86)\Avira\AntiVir Desktop\ccschedw.dll
    (unsigned) MD5: 0ca0530bda80a75a63ef95d7ddfd6b4c C:\Program Files (x86)\Avira\AntiVir Desktop\ccscherc.dll
    (unsigned) MD5: e7feef1353ac83447857807457f1ea8d C:\Program Files (x86)\Avira\AntiVir Desktop\cctpc.dll
    (unsigned) MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdate.dll
    (unsigned) MD5: 18882bc47c2b97fdf172aa3103ee3075 C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdw.dll
    (unsigned) MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
    (unsigned) MD5: 92d9eb35797530fedc07b1d75533f68e C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll
    (unsigned) MD5: 7464c6694036b42ba237eb723a34d0f4 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
    (unsigned) MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll
    (unsigned) MD5: 4dab37e8beda1f286f0c40b8aab0d65c C:\Program Files (x86)\Everything\Everything.exe
    (unsigned) MD5: c211c688d13d2420b7f0ae2b93be7eaf c:\program files (x86)\free-downloads.net\tbfree.dll
    (unsigned) MD5: e7af1f6d89354bdb810a8523613ea2c3 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    (unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) MD5: c5d16bdcd6de6793ce8cb8676e3c2176 C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    (unsigned) MD5: 8c7efbb06d10dc915809a4931409f06f C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
    (unsigned) MD5: f32e5182eebab7698a6c1dd1eb9b2cfc C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
    (unsigned) MD5: 1733738c15ad02fb4ca9f3ce13f40623 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
    (unsigned) MD5: 7f55a31f674b37e3958cbf71c9914f45 C:\Program Files (x86)\Rosewill\Common\acAuth.dll
    (unsigned) MD5: 692fdf58f6b3e1af0ae43babe6753d5b C:\Program Files (x86)\Rosewill\Common\RaUI.exe
    (unsigned) MD5: f92254b0bcfcd10caac7bccc7cb7f467 C:\Windows\system32\drivers\StarOpen.sys
    (unsigned) MD5: a8112ce91f7d805fdaf3bfc7165c3f56 C:\Windows\SysWOW64\libeay32.dll
    (unsigned) MD5: 8029855c327bffe7300a782abcce1544 C:\Windows\SysWOW64\RAPI.dll


    No file uploaded.

    Scan finished - communication took 2 sec
    Total traffic - 0.03 MB sent, 0.44 KB recvd
    Scanned 594 files and modules - 16 seconds

    ==============================================================================
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  13. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    The issue seems to be resolved.
     
  14. winger22

    winger22 Newcomer, in training Topic Starter

    Things were going smoothly for 5 days before this happened. I did a google search for 'laundry symbols' and clicked on the image on the far left.
    [​IMG]
    Then this happened.
    [​IMG]

    I ran malwarebytes in safe mode and it didn't find anything. I also ran esetsmartinstaller_enu and that did not find anything either.
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It looks like you got reinfected with a fake Secure Defense Antivirus.

    MBAM should be run in normal, not safe mode.
    Re-run it and post fresh log.
  16. winger22

    winger22 Newcomer, in training Topic Starter

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6292

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    4/6/2011 10:35:22 PM
    mbam-log-2011-04-06 (22-35-22).txt

    Scan type: Quick scan
    Objects scanned: 170297
    Time elapsed: 1 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  18. winger22

    winger22 Newcomer, in training Topic Starter

    ComboFix 11-04-06.02 - Mitch 04/06/2011 23:01:29.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4738 [GMT -5:00]
    Running from: c:\users\Mitch\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-07 04:04 . 2011-04-07 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-30 03:03 . 2011-03-30 03:03 -------- d-----w- c:\users\Mitch\AppData\Roaming\QuickScan
    2011-03-29 22:03 . 2011-03-29 22:03 -------- d-----w- c:\program files (x86)\ESET
    2011-03-28 04:57 . 2011-03-28 04:57 -------- d-----w- C:\_OTL
    2011-03-27 23:29 . 2011-03-27 23:29 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-27 23:29 . 2011-02-03 02:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-27 23:29 . 2011-02-03 02:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-24 22:29 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-24 22:29 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-22 22:04 . 2011-03-22 22:04 -------- d-----w- c:\users\Mitch\AppData\Local\NeoSmart_Technologies
    2011-03-22 22:03 . 2011-03-22 22:03 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
    2011-03-21 01:31 . 2011-03-21 01:31 -------- d-----w- c:\users\Mitch\AppData\Local\Sunbelt Software
    2011-03-21 01:30 . 2011-03-24 22:09 -------- dc----w- c:\programdata\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    2011-03-19 06:01 . 2011-03-19 06:01 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
    2011-03-19 06:01 . 2011-03-19 06:01 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-19 06:01 . 2011-03-24 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-25 00:27 . 2009-11-01 19:26 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-09 00:24 . 2009-08-12 14:42 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-03-03 00:33 . 2009-08-12 14:42 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-02-11 06:19 . 2009-08-18 03:45 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-26_05.03.18 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-03-26 03:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-04 20:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-04 20:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-26 03:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-26 03:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-04 20:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-10 06:25 . 2011-04-07 00:40 41466 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-04-07 00:40 30886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-03-26 00:47 30886 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-02-26 07:41 . 2011-04-06 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-26 07:41 . 2011-03-24 23:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-04-06 02:24 . 2011-04-06 02:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-24 23:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-06 02:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:46 . 2011-03-24 23:06 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2011-03-27 08:56 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2010-02-26 08:23 . 2011-04-07 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-26 08:23 . 2011-03-26 04:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-26 08:23 . 2011-03-26 04:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-26 08:23 . 2011-04-07 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-26 10:08 . 2011-04-07 00:40 8904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2778418297-1974107206-3840864294-1000_UserData.bin
    - 2011-03-26 00:45 . 2011-03-26 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-04-07 00:38 . 2011-04-07 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-26 00:45 . 2011-03-26 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-07 00:38 . 2011-04-07 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-27 23:29 . 2011-02-03 02:40 157472 c:\windows\SysWOW64\javaws.exe
    + 2011-03-27 23:29 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\javaw.exe
    - 2009-12-07 06:11 . 2009-12-07 06:10 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-03-27 23:29 . 2011-02-03 02:40 145184 c:\windows\SysWOW64\java.exe
    - 2009-12-07 06:11 . 2009-12-07 06:10 145184 c:\windows\SysWOW64\java.exe
    + 2009-07-14 02:36 . 2011-04-04 20:10 615122 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-03-18 00:17 615122 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-04-04 20:10 103496 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-03-18 00:17 103496 c:\windows\system32\perfc009.dat
    + 2011-03-27 23:29 . 2011-03-27 23:29 183808 c:\windows\Installer\81350.msi
    + 2010-12-03 08:43 . 2010-12-03 08:43 242176 c:\windows\Installer\11f242.msi
    + 2008-08-31 19:35 . 2008-08-31 19:35 240128 c:\windows\Installer\11f23b.msi
    - 2009-07-14 02:34 . 2011-03-10 23:21 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2011-04-06 05:23 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 04:45 . 2011-03-27 02:10 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2011-03-24 22:13 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-06-06 06:52 . 2011-04-06 16:52 1064896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2009-03-10 16:47 2079256 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-03-10 2079256]
    .
    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Google Update"="c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rosewill Wireless Utility.lnk - c:\program files (x86)\Rosewill\Common\RaUI.exe [2010-5-13 1691648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R3 ALSysIO;ALSysIO;c:\users\Mitch\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
    R3 OV550I;Film and Photo Scanner;c:\windows\system32\Drivers\OVTX16.sys [2010-06-04 139520]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000Core.job
    - c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:23]
    .
    2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2778418297-1974107206-3840864294-1000UA.job
    - c:\users\Mitch\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 17:23]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-12-30 2225552]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\8nvd561z.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Forecastbar Enhanced: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8} - %profile%\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
    FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Mitch\AppData\Roaming\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2778418297-1974107206-3840864294-1000\Software\SecuROM\License information*]
    "datasecu"=hex:d1,b3,42,c0,1f,4d,a5,be,34,56,2e,15,5a,e0,ec,a4,7a,30,73,ef,b6,
    08,e2,93,fe,ab,16,eb,0d,02,02,c7,b8,25,7d,d2,32,1d,ae,89,01,2d,6e,de,38,1c,\
    "rkeysecu"=hex:2e,3f,52,f9,54,80,b4,a1,2b,cc,9f,b7,a9,4e,60,de
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-06 23:05:41
    ComboFix-quarantined-files.txt 2011-04-07 04:05
    .
    Pre-Run: 41,083,351,040 bytes free
    Post-Run: 41,032,421,376 bytes free
    .
    - - End Of File - - 70A0CAEC161F66C36E9CE6D2A0F7F5AA
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I don't see anything malicious there.
    Was this one time occurrence, or it keeps popping up?
  20. winger22

    winger22 Newcomer, in training Topic Starter

    It was just once. I really don't know what to think about it. Nothing has happened since.
  21. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I would assume, it was just a pop-up created through that site, you clicked on.

    Your computer doesn't show anything suspicious.

    Take care :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.