Solved Google redirect Virus and Congratulations, You Won random pop ups

Status
Not open for further replies.
S

SashiMurai

Posts: 13   +0
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5290

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/10/2010 3:37:57 PM
mbam-log-2010-12-10 (15-37-57).txt

Scan type: Quick scan
Objects scanned: 152319
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 29
Files Infected: 198

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.Info (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBLiteAX.UserProfiles (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\HBLite@HBLite.com (Adware.HotBar) -> Value: HBLite@HBLite.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\common files\comobject (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\autoconfig (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\chrome (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\dictionaries (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\extensions (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\greprefs (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\plugins (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\dtd (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\html (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\uninstall (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\Users\Silver S\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\HBLite\bin\11.0.326.0\hblitesaax.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\blocklist.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\accessiblemarshal.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\application.ini (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\browserconfig.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\crashreporter-override.ini (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\crashreporter.exe (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\crashreporter.ini (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\freebl3.chk (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\hostdata.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\js3250.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\LICENSE (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\mozcrt19.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\nspr4.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\nss3.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\nssckbi.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\nssdbm3.chk (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\nssutil3.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\platform.ini (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\plc4.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\plds4.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\README.txt (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\smime3.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\softokn3.chk (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\sqlite3.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\ssl3.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\update.locale (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\updater.exe (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\updater.ini (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\xpcom.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\xul.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\browser.xpt (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\browserdirprovider.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\brwsrcmp.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\components.list (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\compreg.dat (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\feedconverter.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\feedprocessor.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\feedwriter.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\fuelapplication.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\gpsdgeolocationprovider.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\jsconsole-clhandler.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\networkgeolocationprovider.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsaddonrepository.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsbadcerthandler.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsblocklistservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsbrowsercontenthandler.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsbrowserglue.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nscontentdispatchchooser.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nscontentprefservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsdefaultclh.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsdownloadmanagerui.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsextensionmanager.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsformautocomplete.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nshandlerservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nshelperappdlg.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nslivemarkservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nslogininfo.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsloginmanager.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsloginmanagerprompter.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsmicrosummaryservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsplacesautocomplete.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsplacesdbflush.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsplacestransactionsservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsprivatebrowsingservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsproxyautoconfig.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssafebrowsingapplication.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssearchservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssearchsuggestions.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssessionstartup.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssessionstore.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssetdefaultbrowser.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nssidebar.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nstaggingservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nstrytoclose.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsupdateservice.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsupdateservicestub.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsupdatetimermanager.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsurlclassifierlib.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsurlclassifierlistmanager.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nsurlformatter.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\nswebhandlerapp.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\pluginglue.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\storage-legacy.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\storage-mozstorage.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\txexsltregexfunctions.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\webcontentconverter.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\components\xpti.dat (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\autoconfig\platform.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\autoconfig\prefcalls.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\bookmarks.html (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\localstore.rdf (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\mimetypes.rdf (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\prefs.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\chrome\userchrome-example.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\defaults\profile\chrome\usercontent-example.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\dictionaries\en-US.aff (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\dictionaries\en-US.dic (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\greprefs\all.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\greprefs\security-prefs.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\greprefs\xpinstall.js (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\certutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\ctypes.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\downloadlastdir.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\downloadutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\fileutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\iso8601dateutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\lightweightthemeconsumer.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\lightweightthememanager.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\NetUtil.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\networkprioritizer.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\openlocationlasturl.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\placesdbutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\pluralform.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\windowdraggingutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\windowspreviewpertab.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\modules\xpcomutils.jsm (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\plugins\npbasic.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\plugins\npnul32.dll (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\arrow.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\arrowd.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\broken-image.png (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\charsetalias.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\charsetdata.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\contenteditable.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\designmode.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\editoroverride.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\forms.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\grabber.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\hiddenwindow.html (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\html.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\langgroups.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\language.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\loading-image.png (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\mathml.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\quirk.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\svg.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-after-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-after-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-after.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-before-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-before-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-column-before.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-after-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-after-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-after.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-before-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-before-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-add-row-before.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-column-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-column-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-column.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-row-active.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-row-hover.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\table-remove-row.gif (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\ua.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\viewsource.css (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\wincharset.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\dtd\mathml.dtd (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\dtd\xhtml11.dtd (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\html40latin1.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\html40special.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\html40symbols.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\htmlentityversions.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\mathml20.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\entitytables\transliterate.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfont.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfontstandardsymbolsl.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfontstixnonunicode.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfontstixsize1.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfontsymbol.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\fonts\mathfontunicode.properties (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\res\html\folder.png (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\amazondotcom.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\answers.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\creativecommons.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\eBay.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\google.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\wikipedia.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\searchplugins\yahoo.xml (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\program files (x86)\common files\comobject\uninstall\helper.exe (Trojan.ObCom) -> Quarantined and deleted successfully.
c:\Windows\System32\iexplore.sy_ (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\iexplore.sy_ (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaabout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesaeula.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\HBLiteSA\hblitesa_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\hblitesahook.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\hbliteuninstaller.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\program files (x86)\HBLite\bin\11.0.326.0\firefox\extensions\plugins\npclntax_hblitesa.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-10 16:18:14
Windows 6.1.7600
Running: fxkj9w9v.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x0B 0x63 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x90 0xB1 0x12 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x44 0x25 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3E 0xCE 0x11 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x96 0x22 0x58 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x93 0xAE 0x4C 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6C 0xC9 0xB6 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0x3D 0x00 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0xD4 0x29 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0x8C 0x75 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x0B 0x63 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x90 0xB1 0x12 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x44 0x25 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x3E 0xCE 0x11 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x96 0x22 0x58 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x93 0xAE 0x4C 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6C 0xC9 0xB6 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x64 0x3D 0x00 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6F 0xD4 0x29 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0x8C 0x75 0x43 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Silver S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\xb7ÉËÙÍÁ\xb6\xb9\\xb7ÉËÙÍÁ\xb6\xb9.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Silver S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\xb7ÉËÙÍÁ\xb6\xb9\Ð\xb6ÔØ\xb7ÉËÙÍÁ\xb6\xb9.lnk 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files (x86)\Tudou\\xb7ÉËÙTudou\uninst.exe 33

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Silver S at 16:21:35.09 on Fri 12/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2431 [GMT -6:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Silver S\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {7CE361C6-5AD6-4D0A-85FC-760042B5A271} = 75.133.168.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
mRun-x64: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\SILVER~1\AppData\Roaming\Mozilla\Firefox\Profiles\73rsgtmt.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_US&apn_uid=3DC39473-889B-4475-B59D-951DE4029038&apn_ptnrs=GL&apn_sauid=EEA1F5C9-1964-4EDD-89FF-EEF8A7CD750A&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-2 55280]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2009-7-7 25312]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-10 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-10 267944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-10 83120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 WDDMService.exe;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-9-4 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-7-7 278528]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe [2010-9-9 33960]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-7-7 789496]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-10-8 19544]
S3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2010-9-8 35200]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-10-14 16448]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]

=============== Created Last 30 ================

2010-12-10 21:34:51 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-10 21:34:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-10 21:25:43 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\Avira
2010-12-10 21:23:43 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-10 21:23:42 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-10 21:23:42 -------- d-----w- C:\PROGRA~3\Avira
2010-12-10 19:39:55 -------- d-----w- C:\Program Files (x86)\Guitar Pro 5
2010-12-06 00:46:33 -------- d-----w- C:\Program Files (x86)\Audacity
2010-12-05 23:59:43 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2010-12-05 21:12:55 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-05 21:11:31 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\PACE Anti-Piracy
2010-12-05 21:11:31 -------- d-----w- C:\Users\SILVER~1\AppData\Local\PACE Anti-Piracy
2010-12-05 21:11:31 -------- d-----w- C:\PROGRA~3\PACE Anti-Piracy
2010-12-05 21:00:29 -------- d-----w- C:\Users\SILVER~1\AppData\Local\Western_Digital
2010-12-05 20:58:29 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\Western Digital
2010-12-05 20:58:10 -------- d-----w- C:\PROGRA~3\Western Digital
2010-12-05 20:58:00 -------- d-----w- C:\Program Files\Western Digital
2010-12-05 20:58:00 -------- d-----w- C:\Program Files (x86)\Western Digital
2010-12-05 20:57:30 -------- d-----w- C:\Users\SILVER~1\AppData\Local\Western Digital
2010-12-02 16:56:13 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2010-12-02 16:55:33 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-12-02 16:51:45 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2010-12-02 16:51:45 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2010-12-02 16:51:45 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2010-12-02 16:51:45 -------- d-----w- C:\Program Files (x86)\My Company Name
2010-12-02 16:51:45 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2010-12-02 16:51:45 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-12-02 16:47:25 -------- d-----w- C:\Users\SILVER~1\AppData\Local\Adobe
2010-12-02 15:58:06 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-11-28 14:25:39 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-11-28 14:25:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-11-25 07:06:28 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\Total Immersion
2010-11-25 07:05:36 -------- d-----w- C:\Program Files (x86)\Total Immersion
2010-11-25 06:59:08 -------- d-----w- C:\Users\SILVER~1\AppData\Local\Electronic Arts
2010-11-25 06:49:59 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2010-11-24 18:47:55 -------- d--h--w- C:\$AVG
2010-11-24 11:37:01 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 11:37:01 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-24 06:14:44 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-11-24 06:14:23 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-11-23 16:19:23 -------- d-----w- C:\Users\SILVER~1\AppData\Local\Google
2010-11-23 15:53:30 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\SUPERAntiSpyware.com
2010-11-23 15:53:30 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-11-23 13:32:55 -------- d-----w- C:\Users\SILVER~1\AppData\Roaming\GlarySoft
2010-11-23 13:24:08 -------- d-----w- C:\Program Files (x86)\Ask.com
2010-11-23 13:23:56 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2010-11-23 08:16:54 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ABB41F15-364B-49AA-9212-55939238DE05}\mpengine.dll
2010-11-13 14:22:08 -------- d-----w- C:\PROGRA~3\dBfHp02097

==================== Find3M ====================

2010-11-29 23:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-10 04:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-11 02:54:58 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-10-11 02:54:58 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-10-06 03:58:16 21052 ----a-w- C:\Windows\SysWow64\SIntfNT.dll
2010-10-06 03:58:16 15144 ----a-w- C:\Windows\SysWow64\SIntf32.dll
2010-10-06 03:58:15 12067 ----a-w- C:\Windows\SysWow64\SIntf16.dll
2010-09-15 10:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 21:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys

============= FINISH: 16:22:08.49 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/2/2009 2:12:21 PM
System Uptime: 12/10/2010 3:48:50 PM (1 hours ago)

Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 281.087 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP198: 11/23/2010 9:08:29 AM - Scheduled Checkpoint
RP199: 11/23/2010 9:36:21 AM - Restore Operation
RP200: 11/24/2010 12:13:41 AM - Installed AVG 2011
RP201: 11/24/2010 12:13:59 AM - Installed AVG 2011
RP202: 11/24/2010 3:51:24 PM - Windows Update
RP203: 11/25/2010 12:49:04 AM - Installed ProductName from default.wxl
RP204: 12/2/2010 11:53:33 AM - Scheduled Checkpoint
RP205: 12/9/2010 2:13:03 PM - Scheduled Checkpoint
RP206: 12/10/2010 3:57:48 PM - Installed Java(TM) 6 Update 22

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Add or Remove Adobe Premiere Pro CS5
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Dragon Age Toolset
Glary Utilities 2.29.0.1032
Google Update Helper
Guitar Pro 5.0
Harry Potter and the Deathly Hallows™ - Part 1
Java Auto Updater
Java(TM) 6 Update 22
Lexmark Printable Web
Malwarebytes' Anti-Malware
Mass Effect
Mavis Beacon Teaches Typing Platinum 20
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PerformanceTest v6.1
Prince of Persia
Prince of Persia The Forgotten Sands™
PxMergeModule
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
RealUpgrade 1.0
Rosetta Stone Ltd Services
Samsung New PC Studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Switch Sound File Converter
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 World Adventures
Total Immersion D'Fusion @Home Web Plug-In
Ubisoft Game Launcher
Uplink
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.4
Winamp
Winamp Detector Plug-in

==== Event Viewer Messages From Past Week ========

12/5/2010 9:59:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer FAMILY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FA9D5943-CA3C-453A-8FDC-55BDBA6A82E3}. The master browser is stopping or an election is being forced.
12/5/2010 8:37:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/10/2010 3:49:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
12/10/2010 3:49:38 PM, Error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2010 3:49:36 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
12/10/2010 3:23:59 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

You're running two AV programs, AVG and Avira.
One of them has to go.
If AVG (preferably), use this tool to uninstall it: http://www.avg.com/us-en/download-tools

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: To be filled by O.E.M.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000003fd

Kernel Drivers (total 171):
0x02E4C000 \SystemRoot\system32\ntoskrnl.exe
0x02E03000 \SystemRoot\system32\hal.dll
0x00BAC000 \SystemRoot\system32\kdcom.dll
0x00CBB000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CC8000 \SystemRoot\system32\PSHED.dll
0x00CDC000 \SystemRoot\system32\CLFS.SYS
0x00D3A000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E56000 \SystemRoot\System32\Drivers\spmq.sys
0x00F7C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00F85000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x010C5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x0111C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01126000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x01133000 \SystemRoot\system32\DRIVERS\pci.sys
0x01166000 \SystemRoot\System32\drivers\partmgr.sys
0x0117B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01190000 \SystemRoot\System32\drivers\volmgrx.sys
0x011EC000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01000000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01010000 \SystemRoot\System32\drivers\mountmgr.sys
0x0102A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01033000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0105D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01068000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FB4000 \SystemRoot\system32\drivers\fileinfo.sys
0x010B4000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01200000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01495000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150D000 \SystemRoot\System32\Drivers\cng.sys
0x01580000 \SystemRoot\System32\drivers\pcw.sys
0x01591000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C6000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x0159B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0168B000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x01695000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016A5000 \SystemRoot\System32\Drivers\spldr.sys
0x017B8000 \SystemRoot\System32\drivers\rdyboost.sys
0x016AD000 \SystemRoot\System32\Drivers\mup.sys
0x017F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x013A3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00FC8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x011F3000 \SystemRoot\System32\Drivers\Null.SYS
0x016BF000 \SystemRoot\System32\Drivers\Beep.SYS
0x00FF2000 \SystemRoot\System32\drivers\vga.sys
0x00E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x00E25000 \SystemRoot\System32\drivers\watchdog.sys
0x00E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00E3E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00E47000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C99000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02CA4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CB5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CD3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CE0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D25000 \SystemRoot\system32\drivers\afd.sys
0x02DAF000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02DBA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DC3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DE9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C0F000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C2C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C47000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C5B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02C65000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03A37000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A88000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A94000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A9F000 \SystemRoot\System32\drivers\discache.sys
0x03AAE000 \SystemRoot\system32\drivers\csc.sys
0x03B31000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B4F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B60000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03B82000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x15E81000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x16B13000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CA1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D95000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03C4B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x16B15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03DDB000 \SystemRoot\system32\DRIVERS\irsir.sys
0x03DE7000 \SystemRoot\system32\drivers\irenum.sys
0x03DF0000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03EA8000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03E00000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03E0D000 \SystemRoot\System32\Drivers\a7gzf7h1.SYS
0x16B6B000 \SystemRoot\System32\Drivers\a0lpxdf2.SYS
0x03E52000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03E5B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E6B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03E81000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x16BE1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x15E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x15E2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x15E4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BBD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x15E6B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x16BED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03BD7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03EA5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x040CD000 \SystemRoot\system32\DRIVERS\ks.sys
0x04110000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04115000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04127000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04139000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04193000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0419E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0523F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05200000 \SystemRoot\system32\drivers\portcls.sys
0x041B3000 \SystemRoot\system32\drivers\drmk.sys
0x053EB000 \SystemRoot\system32\drivers\ksthunk.sys
0x053F1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x041D5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x041E1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x041EA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0523D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0401D000 \SystemRoot\system32\DRIVERS\Alpham164.sys
0x0402A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04038000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04051000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0405A000 \SystemRoot\system32\DRIVERS\Alpham264.sys
0x04060000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x0406E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0407A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x04088000 \SystemRoot\system32\drivers\luafv.sys
0x040AB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x03A00000 \SystemRoot\system32\drivers\WudfPf.sys
0x02C6F000 \SystemRoot\system32\DRIVERS\irda.sys
0x03A21000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0461B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0466E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04681000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04699000 \SystemRoot\system32\drivers\HTTP.sys
0x04761000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0477F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04797000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x060D7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06125000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06148000 \SystemRoot\system32\drivers\peauth.sys
0x061EE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0602D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0603F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07277000 \SystemRoot\System32\DRIVERS\srv.sys
0x0730D000 \SystemRoot\System32\drivers\ipnat.sys
0x0733C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07349000 \SystemRoot\system32\drivers\WmVirHid.sys
0x0734C000 \SystemRoot\system32\drivers\spsys.sys
0x073BD000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x779F0000 \Windows\System32\ntdll.dll
0x47E70000 \Windows\System32\smss.exe
0xFFD10000 \Windows\System32\apisetschema.dll

Processes (total 70):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
412 csrss.exe
464 C:\Windows\System32\wininit.exe
480 csrss.exe
528 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
492 C:\Windows\System32\svchost.exe
548 C:\Windows\System32\audiodg.exe
632 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\nvvsvc.exe
1332 C:\Windows\System32\spoolsv.exe
1452 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1540 C:\Windows\System32\dwm.exe
1568 C:\Windows\System32\taskhost.exe
1612 C:\Windows\explorer.exe
1748 C:\Windows\System32\svchost.exe
1888 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1920 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1096 C:\Windows\System32\lxeacoms.exe
1476 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1492 C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
1776 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1812 C:\Windows\System32\conhost.exe
2104 C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
2152 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2192 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2292 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2336 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2612 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2980 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3032 C:\Windows\System32\alg.exe
2312 C:\Windows\System32\svchost.exe
3204 C:\Windows\System32\svchost.exe
2700 C:\Windows\System32\notepad.exe
2232 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
628 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
204 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
3408 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
1244 C:\Program Files (x86)\uTorrent\uTorrent.exe
432 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2316 C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
3744 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
3752 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2928 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1772 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
2776 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3816 C:\Program Files (x86)\Winamp\winampa.exe
1760 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3536 C:\Windows\System32\svchost.exe
3724 C:\Program Files\Windows Media Player\wmpnetwk.exe
4128 C:\Windows\System32\svchost.exe
4192 WmiPrvSE.exe
4580 C:\Windows\System32\sppsvc.exe
4260 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4588 dllhost.exe
3120 C:\Windows\servicing\TrustedInstaller.exe
4224 C:\Users\Silver S\Desktop\MBRCheck.exe
4104 C:\Windows\System32\conhost.exe
4476 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/11/2010 at 02:42 AM

Application Version : 4.45.1000

Core Rules Database Version : 5989
Trace Rules Database Version: 3801

Scan type : Complete Scan
Total Scan Time : 00:53:13

Memory items scanned : 337
Memory threats detected : 0
Registry items scanned : 14085
Registry threats detected : 0
File items scanned : 151213
File threats detected : 0
 
PhysicalDrive0 MBR Code Faked!
Click to expand...
We'll start with fixing your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: To be filled by O.E.M.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000003fd

Kernel Drivers (total 169):
0x02E67000 \SystemRoot\system32\ntoskrnl.exe
0x02E1E000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D06000 \SystemRoot\system32\PSHED.dll
0x00D1A000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E46000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010C0000 \SystemRoot\System32\Drivers\spjf.sys
0x011E6000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EF9000 \SystemRoot\system32\DRIVERS\pci.sys
0x0109D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F2C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F41000 \SystemRoot\System32\drivers\volmgrx.sys
0x010B2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x011EF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00F9D000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FC0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FEA000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D78000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys
0x00E14000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys
0x014D1000 \SystemRoot\System32\Drivers\msrpc.sys
0x0152F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01549000 \SystemRoot\System32\Drivers\cng.sys
0x015BC000 \SystemRoot\System32\drivers\pcw.sys
0x015CD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016B2000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x017A4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017EE000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
0x01486000 \SystemRoot\System32\Drivers\mup.sys
0x016A3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00DC4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01498000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00CC0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x015EA000 \SystemRoot\System32\Drivers\Null.SYS
0x017F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x01200000 \SystemRoot\System32\drivers\vga.sys
0x00E20000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0120E000 \SystemRoot\System32\drivers\watchdog.sys
0x015F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00FF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00CEA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C88000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C93000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CA4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CC2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CCF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D14000 \SystemRoot\system32\drivers\afd.sys
0x02D9E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02DA9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DB2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DD8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DEE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\serial.sys
0x02C1D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C38000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C4C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02C56000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03A64000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03AB5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03AC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03ACC000 \SystemRoot\System32\drivers\discache.sys
0x03ADB000 \SystemRoot\system32\drivers\csc.sys
0x03B5E000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B7C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B8D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03BD5000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x15E3A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x16ACC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x16ACE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03A00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C47000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03C92000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C9D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03CF3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03D04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03D28000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03D34000 \SystemRoot\system32\DRIVERS\irsir.sys
0x03D40000 \SystemRoot\system32\drivers\irenum.sys
0x03D49000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03E2D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03F85000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03F92000 \SystemRoot\System32\Drivers\ajomin3z.SYS
0x03D56000 \SystemRoot\System32\Drivers\ar3na1up.SYS
0x03FD7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03FE0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DCC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x16BC2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x16BDD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x15E00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E22000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03FF0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03C2F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03C3E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04060000 \SystemRoot\system32\DRIVERS\ks.sys
0x040A3000 \SystemRoot\system32\drivers\WmBEnum.sys
0x040A8000 \SystemRoot\system32\drivers\WmXlCore.sys
0x040BA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x040CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04126000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x04131000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0521E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04146000 \SystemRoot\system32\drivers\portcls.sys
0x053CA000 \SystemRoot\system32\drivers\drmk.sys
0x053EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x053F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05200000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0520C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04183000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x04196000 \SystemRoot\System32\drivers\Dxapi.sys
0x041A2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05215000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x041BF000 \SystemRoot\system32\DRIVERS\Alpham164.sys
0x041CC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x041DA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x041F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05217000 \SystemRoot\system32\DRIVERS\Alpham264.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0400E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x0401C000 \SystemRoot\system32\drivers\luafv.sys
0x0403F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02C60000 \SystemRoot\system32\drivers\WudfPf.sys
0x014AE000 \SystemRoot\system32\DRIVERS\irda.sys
0x15E1A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0543F000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05492000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x054A5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x054BD000 \SystemRoot\system32\drivers\HTTP.sys
0x05585000 \SystemRoot\system32\DRIVERS\bowser.sys
0x055A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x055BB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06AF6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06B44000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06B67000 \SystemRoot\system32\drivers\WmVirHid.sys
0x06B6A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06A00000 \SystemRoot\system32\drivers\peauth.sys
0x06AA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06ADE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B77000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07AE2000 \SystemRoot\System32\DRIVERS\srv.sys
0x07B78000 \SystemRoot\System32\drivers\ipnat.sys
0x776E0000 \Windows\System32\ntdll.dll
0x47C50000 \Windows\System32\smss.exe
0xFFA00000 \Windows\System32\apisetschema.dll

Processes (total 69):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
408 csrss.exe
460 C:\Windows\System32\wininit.exe
488 csrss.exe
528 C:\Windows\System32\winlogon.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\nvvsvc.exe
820 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
384 C:\Windows\System32\audiodg.exe
388 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\nvvsvc.exe
1140 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\spoolsv.exe
1332 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1492 C:\Windows\System32\taskeng.exe
1520 C:\Windows\System32\dwm.exe
1544 C:\Windows\explorer.exe
1572 C:\Windows\System32\taskhost.exe
1628 C:\Windows\System32\taskeng.exe
1724 C:\Windows\System32\taskeng.exe
1812 C:\Windows\System32\svchost.exe
1920 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1948 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1072 C:\Windows\System32\lxeacoms.exe
1432 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2020 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
1208 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2072 C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
2152 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2160 C:\Windows\System32\conhost.exe
2208 C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2216 C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2240 C:\Program Files (x86)\uTorrent\uTorrent.exe
2248 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
2268 C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
2292 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2300 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2308 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
2824 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2840 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
2896 C:\Program Files (x86)\Winamp\winampa.exe
2916 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3040 C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
1392 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
952 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
980 C:\Windows\System32\svchost.exe
1364 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1348 C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2576 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2660 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
3420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3468 C:\Windows\System32\alg.exe
3592 C:\Windows\System32\svchost.exe
3996 C:\Windows\System32\svchost.exe
2004 C:\Windows\System32\svchost.exe
4180 C:\Program Files\Windows Media Player\wmpnetwk.exe
4424 WmiPrvSE.exe
4764 dllhost.exe
4316 C:\Users\Silver S\Desktop\MBRCheck.exe
3788 C:\Windows\System32\conhost.exe
2112 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Good job :)

How is redirection?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Redirect seems to have stopped completely. I assume that was due to the mbr.

ComboFix 10-12-11.03 - Silver S 12/11/2010 21:11:21.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2867 [GMT -6:00]
Running from: c:\users\Silver S\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: SUPERAntiSpyware *Disabled/Updated* {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\drivers\etc\lmhosts
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 03:14 . 2010-12-12 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 16:25 . 2010-12-11 16:25 -------- d-----w- C:\Electronic Arts
2010-12-10 21:34 . 2010-11-29 23:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-10 21:34 . 2010-12-10 21:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-10 21:25 . 2010-12-10 21:25 -------- d-----w- c:\users\Silver S\AppData\Roaming\Avira
2010-12-10 21:23 . 2010-12-01 00:13 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-10 21:23 . 2010-12-01 00:13 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-10 21:23 . 2010-12-10 21:23 -------- d-----w- c:\programdata\Avira
2010-12-10 21:23 . 2010-12-10 21:23 -------- d-----w- c:\program files (x86)\Avira
2010-12-10 19:39 . 2010-12-10 19:39 -------- d-----w- c:\program files (x86)\Guitar Pro 5
2010-12-06 00:46 . 2010-12-06 00:46 -------- d-----w- c:\program files (x86)\Audacity
2010-12-05 23:59 . 2010-12-05 23:59 -------- d-----w- c:\program files (x86)\Winamp Detect
2010-12-05 23:59 . 2010-12-06 00:01 -------- d-----w- c:\users\Silver S\AppData\Roaming\Winamp
2010-12-05 23:59 . 2010-12-05 23:59 -------- d-----w- c:\program files (x86)\Winamp
2010-12-05 21:12 . 2010-12-05 21:12 -------- d-----w- c:\users\Silver S\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-12-05 21:11 . 2010-12-05 21:11 -------- d-----w- c:\users\Silver S\AppData\Roaming\PACE Anti-Piracy
2010-12-05 21:11 . 2010-12-05 21:11 -------- d-----w- c:\users\Silver S\AppData\Local\PACE Anti-Piracy
2010-12-05 21:11 . 2010-12-05 21:11 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-12-05 21:00 . 2010-12-05 21:00 -------- d-----w- c:\users\Silver S\AppData\Local\Western_Digital
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\users\Silver S\AppData\Roaming\Western Digital
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\programdata\Western Digital
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\program files\Western Digital
2010-12-05 20:58 . 2010-12-05 20:58 -------- d-----w- c:\program files (x86)\Western Digital
2010-12-05 20:57 . 2010-12-05 20:57 -------- d-----w- c:\users\Silver S\AppData\Local\Western Digital
2010-12-02 16:56 . 2010-12-02 16:56 -------- d-----w- c:\users\Silver S\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2010-12-02 16:55 . 2010-12-02 16:55 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-12-02 16:51 . 2010-12-05 23:59 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2010-12-02 16:51 . 2010-12-02 16:51 -------- d-----w- c:\program files (x86)\My Company Name
2010-12-02 16:51 . 2010-12-02 16:51 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2010-12-02 16:51 . 2009-07-09 09:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-12-02 16:51 . 2009-06-23 09:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-02 16:51 . 2009-06-23 09:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-02 16:51 . 2010-12-02 16:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-02 16:47 . 2010-12-02 17:11 -------- d-----w- c:\users\Silver S\AppData\Local\Adobe
2010-12-02 15:58 . 2010-12-02 15:58 12800 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-11-28 14:25 . 2010-11-28 14:25 -------- d-----w- c:\programdata\!SASCORE
2010-11-28 14:25 . 2010-12-11 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-25 07:06 . 2010-11-25 07:06 -------- d-----w- c:\users\Silver S\AppData\Roaming\Total Immersion
2010-11-25 07:05 . 2010-11-25 07:05 -------- d-----w- c:\program files (x86)\Total Immersion
2010-11-25 06:59 . 2010-12-11 16:25 -------- d-----w- c:\users\Silver S\AppData\Local\Electronic Arts
2010-11-25 06:49 . 2007-10-22 09:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2010-11-24 18:47 . 2010-11-24 18:47 -------- d-----w- C:\$AVG
2010-11-24 11:37 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 11:37 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-23 16:19 . 2010-11-23 16:19 -------- d-----w- c:\users\Silver S\AppData\Local\Google
2010-11-23 16:19 . 2010-11-23 16:19 -------- d-----w- c:\program files (x86)\Google
2010-11-23 16:19 . 2010-11-24 06:08 -------- d-----w- c:\programdata\Lavasoft
2010-11-23 15:53 . 2010-11-23 15:53 -------- d-----w- c:\users\Silver S\AppData\Roaming\SUPERAntiSpyware.com
2010-11-23 15:53 . 2010-11-23 15:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-23 13:32 . 2010-11-23 13:32 -------- d-----w- c:\users\Silver S\AppData\Roaming\GlarySoft
2010-11-23 13:24 . 2010-11-23 13:24 -------- d-----w- c:\program files (x86)\Ask.com
2010-11-23 13:23 . 2010-11-23 13:24 -------- d-----w- c:\program files (x86)\Glary Utilities
2010-11-23 08:16 . 2010-11-16 18:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABB41F15-364B-49AA-9212-55939238DE05}\mpengine.dll
2010-11-13 14:22 . 2010-11-23 02:46 -------- d-----w- c:\programdata\dBfHp02097

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2010-11-08 01:39 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 16:41 . 2010-09-15 12:22 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-11 02:54 . 2010-10-11 02:54 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2010-10-11 02:54 . 2010-10-11 02:54 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-10-06 03:58 . 2010-10-06 03:58 21052 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2010-10-06 03:58 . 2010-10-06 03:58 15144 ----a-w- c:\windows\SysWow64\SIntf32.dll
2010-10-06 03:58 . 2010-10-06 03:58 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2010-09-15 10:50 . 2010-09-09 20:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 21:23 1385864 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-29 328056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-10-11 202256]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-02 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-8-6 51776]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2009-7-7 3272704]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2104320]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-9-4 8970240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\k:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 136176]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2009-04-24 33960]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-05-05 789496]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2010-09-08 35200]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-14 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-11 834544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-01 135336]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2009-04-24 1032360]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-09-04 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]

.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-23 03:55]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 16:19]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 16:19]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28844.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-14 7714336]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-14 1833504]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-05-05 190536]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2009-04-27 766632]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2009-04-27 139944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {7CE361C6-5AD6-4D0A-85FC-760042B5A271} = 75.133.168.1
FF - ProfilePath - c:\users\Silver S\AppData\Roaming\Mozilla\Firefox\Profiles\73rsgtmt.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=en_US&apn_uid=3DC39473-889B-4475-B59D-951DE4029038&apn_ptnrs=GL&apn_sauid=EEA1F5C9-1964-4EDD-89FF-EEF8A7CD750A&apn_dtid=YYYYYYYYUS&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2677964023-1080549460-2596455609-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,36,38,4c,3d,73,b0,80,aa,66,1a,10,cd,5b,9e,ed,a2,1c,84,fa,94,
1b,34,92,1e,75,91,2d,30,2b,ac,38,4b,54,b5,bf,9b,63,e5,14,58,b7,fe,83,c9,62,\
"rkeysecu"=hex:1d,35,65,1e,05,4d,eb,62,f9,6f,cb,2b,a1,b3,91,69

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
"DisplayName"=expand:"@fdeploy.dll,-261"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"DisplayName"=expand:"@%SystemRoot%\\System32\\dskquota.dll,-100"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"%SystemRoot%\\System32\\dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"DisplayName"=expand:"@gptext.dll,-201"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@DACL=(02 0000)
@="Windows Search Group Policy Extension"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\srchadmin.dll"
"RequiresSuccessfulRegistry"=dword:00000001
"NoSlowLink"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000000
"NoMachinePolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@DACL=(02 0000)
@="Deployed Printer Connections"
"DisplayName"=expand:"@%systemroot%\\system32\\gpprnext.dll,-1"
"DllName"=expand:"%systemroot%\\system32\\gpprnext.dll"
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@DACL=(02 0000)
@="TCPIP"
"DisplayName"=expand:"@gptext.dll,-204"
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"DllName"=expand:"%SystemRoot%\\System32\\polstore.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
"DisplayName"=expand:"@c:\\Windows\\system32\\polstore.dll,-5012"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@DACL=(02 0000)
@="Audit Policy Configuration"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"DllName"=expand:"auditcse.dll"
"NoUserPolicy"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
"ForceRefreshFG"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@DACL=(02 0000)
@="Enterprise QoS"
"DisplayName"=expand:"@gptext.dll,-203"
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"DllName"=expand:"gptext.dll"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@DACL=(02 0000)
@="CP"
"DisplayName"=expand:"@gptext.dll,-205"
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2010-12-11 21:20:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 03:20

Pre-Run: 312,842,817,536 bytes free
Post-Run: 312,063,574,016 bytes free

- - End Of File - - F36F7091BFAC5194B6E6B6D96CF90F4B
 
Good news :)

Uninstall Ask Toolbar, known adware.

Combofix log looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 12/12/2010 9:45:30 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Silver S\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 292.75 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Computer Name: -PC | User Name: Silver S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/12 09:41:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\OTL.exe
PRC - [2010/12/02 09:56:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 18:13:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/10 20:54:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/28 20:08:31 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/04 18:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/04/01 03:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/06/16 13:36:22 | 003,272,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/04/27 13:13:49 | 000,766,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/12 09:41:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 19:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 19:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 19:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/09/04 15:23:02 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService.exe)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/24 13:47:59 | 001,032,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/04/24 13:47:53 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/03 14:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 14:49:18 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009/04/24 13:47:44 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeacoms.exe -- (lxea_device)
SRV - [2008/11/24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2010/11/30 18:13:39 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/11/30 18:13:39 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/08 15:46:20 | 000,035,200 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/05 13:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/28 01:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/11 11:53:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:09:46 | 000,789,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/19 05:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007/07/23 06:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/20 08:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 43 E0 F8 1B 61 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9415/tudouva.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/10 20:55:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 20:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 20:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 20:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 20:18:20 | 000,000,000 | ---D | M]

[2009/07/07 05:51:39 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\mozilla\Extensions
[2010/12/12 09:39:31 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\mozilla\Firefox\Profiles\73rsgtmt.default\extensions
[2010/09/09 14:33:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Silver S\AppData\Roaming\mozilla\Firefox\Profiles\73rsgtmt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/24 00:09:48 | 000,002,567 | ---- | M] () -- C:\Users\Silver S\AppData\Roaming\Mozilla\FireFox\Profiles\73rsgtmt.default\searchplugins\askcom.xml
[2009/07/11 11:53:25 | 000,002,059 | ---- | M] () -- C:\Users\Silver S\AppData\Roaming\Mozilla\FireFox\Profiles\73rsgtmt.default\searchplugins\daemon-search.xml
[2010/12/10 15:58:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/09 14:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/10 15:58:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/06/11 12:05:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\CheckTudouVa.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/02 09:58:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\k:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/12 09:41:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Silver S\Desktop\OTL.exe
[2010/12/11 21:20:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/11 21:18:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/12/11 21:10:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/11 21:10:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/11 21:10:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/11 21:10:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/11 21:10:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/11 21:10:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/11 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\NTBR_CD
[2010/12/11 10:25:56 | 000,000,000 | ---D | C] -- C:\Electronic Arts
[2010/12/10 22:39:40 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\patch
[2010/12/10 22:39:39 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\crack
[2010/12/10 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\Logs
[2010/12/10 15:34:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/10 15:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/10 15:33:56 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Silver S\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/10 15:25:43 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\Avira
[2010/12/10 15:23:43 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/12/10 15:23:43 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/12/10 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/12/10 15:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/10 15:20:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Silver S\Desktop\TFC.exe
[2010/12/10 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 5
[2010/12/10 13:38:49 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\Guitar Pro 5
[2010/12/05 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/12/05 17:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2010/12/05 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\Winamp
[2010/12/05 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010/12/05 15:12:55 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/12/05 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\PACE Anti-Piracy
[2010/12/05 15:11:31 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\PACE Anti-Piracy
[2010/12/05 15:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010/12/05 15:11:26 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Documents\Adobe
[2010/12/05 15:00:29 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\Western_Digital
[2010/12/05 14:58:29 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\Western Digital
[2010/12/05 14:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010/12/05 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/12/05 14:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2010/12/05 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\Western Digital
[2010/12/02 10:56:21 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Documents\Untitled
[2010/12/02 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/12/02 10:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/12/02 10:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010/12/02 10:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/12/02 10:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010/12/02 10:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/12/02 10:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/12/02 10:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/12/02 10:47:25 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\Adobe
[2010/12/02 10:20:10 | 000,000,000 | ---D | C] -- C:\Users\Silver S\Desktop\Adobe Premiere Pro CS5
[2010/11/28 08:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/28 08:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/25 01:06:28 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\Total Immersion
[2010/11/25 01:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Immersion
[2010/11/25 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\Electronic Arts
[2010/11/24 12:47:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/11/23 10:19:23 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Local\Google
[2010/11/23 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/11/23 10:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/23 10:01:20 | 009,705,656 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Silver S\Desktop\SUPERAntiSpyware.exe
[2010/11/23 10:01:08 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Silver S\Desktop\spybotsd162.exe
[2010/11/23 09:53:30 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/23 09:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/23 07:32:55 | 000,000,000 | ---D | C] -- C:\Users\Silver S\AppData\Roaming\GlarySoft
[2010/11/23 07:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/11/23 07:23:28 | 008,465,360 | ---- | C] (Glarysoft Ltd ) -- C:\Users\Silver S\Desktop\gusetup.exe
[2010/11/13 08:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\dBfHp02097
[2010/09/09 14:19:31 | 000,368,640 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2010/09/09 14:19:31 | 000,348,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2010/09/09 14:19:30 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2010/09/09 14:19:28 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2010/09/09 14:19:27 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2010/09/09 14:19:27 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2010/09/09 14:19:26 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2010/09/09 14:19:25 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2010/09/09 14:19:25 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll

========== Files - Modified Within 30 Days ==========

[2010/12/12 09:41:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\OTL.exe
[2010/12/12 09:29:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/12 07:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 21:25:04 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 21:25:04 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/11 21:22:08 | 000,796,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/11 21:22:08 | 000,673,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/11 21:22:08 | 000,124,862 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/11 21:18:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010/12/11 21:17:45 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/11 21:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/11 21:17:39 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 21:00:10 | 003,988,425 | R--- | M] () -- C:\Users\Silver S\Desktop\ComboFix.exe
[2010/12/11 18:13:16 | 002,565,432 | ---- | M] () -- C:\Users\Silver S\Desktop\NTBR_CD.exe
[2010/12/11 17:53:39 | 000,000,807 | ---- | M] () -- C:\Users\Silver S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2010/12/11 17:53:39 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect.lnk
[2010/12/11 10:25:54 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/12/11 01:47:32 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/11 01:36:47 | 000,080,384 | ---- | M] () -- C:\Users\Silver S\Desktop\MBRCheck.exe
[2010/12/10 18:30:01 | 225,782,419 | ---- | M] () -- C:\Users\Silver S\Desktop\DLC.zip
[2010/12/10 16:20:52 | 000,624,128 | ---- | M] () -- C:\Users\Silver S\Desktop\dds.scr
[2010/12/10 16:04:43 | 000,296,448 | ---- | M] () -- C:\Users\Silver S\Desktop\fxkj9w9v.exe
[2010/12/10 15:34:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:34:06 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Silver S\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/10 15:32:02 | 004,972,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/10 15:23:47 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/10 15:20:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\TFC.exe
[2010/12/10 15:14:37 | 058,794,264 | ---- | M] () -- C:\Users\Silver S\Desktop\avira_antivir_personal_en.exe
[2010/12/10 13:40:29 | 000,000,936 | ---- | M] () -- C:\Users\Silver S\Desktop\Guitar Pro 5.lnk
[2010/12/09 13:27:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/12/05 18:46:34 | 000,000,947 | ---- | M] () -- C:\Users\Silver S\Desktop\Audacity.lnk
[2010/12/05 17:59:43 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/12/05 14:58:06 | 000,001,373 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/05 14:58:06 | 000,001,318 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/02 10:56:21 | 000,005,069 | ---- | M] () -- C:\Users\Silver S\Documents\Untitled.ncor
[2010/12/02 08:31:25 | 1897,046,061 | ---- | M] () -- C:\Users\Silver S\Desktop\Adobe Premiere Pro CS5.exe
[2010/11/30 18:13:39 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/11/30 18:13:39 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/11/30 08:52:55 | 000,018,595 | R--- | M] () -- C:\Users\Silver S\Desktop\ADOBE_PREMIERE_PRO_CS5_[thethingy].5565856.TPB.torrent
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 00:09:40 | 000,001,967 | ---- | M] () -- C:\Users\Silver S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/24 00:09:40 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/23 09:52:35 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Silver S\Desktop\spybotsd162.exe
[2010/11/23 09:46:22 | 012,347,992 | ---- | M] () -- C:\Users\Silver S\Desktop\SAS_8050010.COM
[2010/11/23 09:45:45 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Silver S\Desktop\SUPERAntiSpyware.exe
[2010/11/23 08:15:59 | 000,808,936 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/23 07:23:58 | 000,000,992 | ---- | M] () -- C:\Users\Silver S\Desktop\Glary Utilities.lnk
[2010/11/23 07:18:26 | 008,465,360 | ---- | M] (Glarysoft Ltd ) -- C:\Users\Silver S\Desktop\gusetup.exe

========== Files Created - No Company Name ==========

[2010/12/11 21:10:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/11 21:10:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/11 21:10:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/11 21:10:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/11 21:10:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/11 21:00:10 | 003,988,425 | R--- | C] () -- C:\Users\Silver S\Desktop\ComboFix.exe
[2010/12/11 18:13:15 | 002,565,432 | ---- | C] () -- C:\Users\Silver S\Desktop\NTBR_CD.exe
[2010/12/11 17:53:39 | 000,000,807 | ---- | C] () -- C:\Users\Silver S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mass Effect.lnk
[2010/12/11 17:53:39 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect.lnk
[2010/12/11 10:25:54 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/12/11 01:36:47 | 000,080,384 | ---- | C] () -- C:\Users\Silver S\Desktop\MBRCheck.exe
[2010/12/10 18:24:22 | 225,782,419 | ---- | C] () -- C:\Users\Silver S\Desktop\DLC.zip
[2010/12/10 16:20:52 | 000,624,128 | ---- | C] () -- C:\Users\Silver S\Desktop\dds.scr
[2010/12/10 16:04:42 | 000,296,448 | ---- | C] () -- C:\Users\Silver S\Desktop\fxkj9w9v.exe
[2010/12/10 15:34:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/10 15:23:47 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/10 15:12:05 | 058,794,264 | ---- | C] () -- C:\Users\Silver S\Desktop\avira_antivir_personal_en.exe
[2010/12/10 13:40:29 | 000,000,936 | ---- | C] () -- C:\Users\Silver S\Desktop\Guitar Pro 5.lnk
[2010/12/09 13:27:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/12/05 18:46:34 | 000,000,947 | ---- | C] () -- C:\Users\Silver S\Desktop\Audacity.lnk
[2010/12/05 17:59:43 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/12/05 14:58:06 | 000,001,373 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/12/05 14:58:06 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/02 10:56:21 | 000,005,069 | ---- | C] () -- C:\Users\Silver S\Documents\Untitled.ncor
[2010/12/02 08:05:24 | 1897,046,061 | ---- | C] () -- C:\Users\Silver S\Desktop\Adobe Premiere Pro CS5.exe
[2010/12/02 08:04:57 | 000,018,595 | R--- | C] () -- C:\Users\Silver S\Desktop\ADOBE_PREMIERE_PRO_CS5_[thethingy].5565856.TPB.torrent
[2010/11/28 08:25:38 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/24 00:09:40 | 000,001,967 | ---- | C] () -- C:\Users\Silver S\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/24 00:09:40 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/23 10:19:39 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 10:19:39 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 10:00:55 | 012,347,992 | ---- | C] () -- C:\Users\Silver S\Desktop\SAS_8050010.COM
[2010/11/23 07:24:00 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/11/23 07:23:58 | 000,000,992 | ---- | C] () -- C:\Users\Silver S\Desktop\Glary Utilities.lnk
[2010/10/05 21:58:16 | 000,021,052 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/10/05 21:58:16 | 000,015,144 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/10/05 21:58:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/09/09 14:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/09/09 14:25:36 | 000,000,089 | ---- | C] () -- C:\ProgramData\lxea.log
[2010/09/09 14:21:03 | 000,009,696 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2010/09/09 14:19:31 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2010/09/09 14:19:31 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2010/09/09 14:19:30 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2010/09/09 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2010/09/09 14:19:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2010/09/09 14:19:29 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2010/09/09 14:19:29 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2010/09/09 14:19:28 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2010/09/09 14:19:28 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2010/09/09 14:14:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010/09/09 14:14:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010/09/09 14:14:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/09/09 14:14:00 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2010/09/09 14:14:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2010/08/16 22:34:11 | 000,808,936 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/23 14:00:33 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/13 09:52:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========

[2010/09/30 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\AVG10
[2010/11/23 06:55:09 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\BitComet
[2010/09/15 21:13:53 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Broderbund
[2010/07/26 10:18:04 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\DAEMON Tools
[2009/07/11 11:56:15 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\DAEMON Tools Lite
[2010/08/16 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Dragon Age Toolset
[2010/11/03 18:41:20 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\DriverFinder
[2010/10/05 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\GetRightToGo
[2010/11/23 07:32:55 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\GlarySoft
[2009/07/05 23:37:09 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\InterTrust
[2010/09/08 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\NCH Swift Sound
[2010/12/05 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\PACE Anti-Piracy
[2010/10/10 19:09:04 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\PC Suite
[2010/07/26 10:43:17 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Petroglyph
[2010/12/02 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/14 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Samsung
[2010/12/05 15:12:55 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/25 01:06:28 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Total Immersion
[2010/11/03 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Ubisoft
[2010/12/12 09:42:06 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\uTorrent
[2010/12/05 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\Western Digital
[2010/12/11 21:17:45 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/01 08:39:01 | 000,022,208 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/11 21:20:39 | 000,026,769 | ---- | M] () -- C:\ComboFix.txt
[2010/12/11 21:17:39 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/11 21:17:38 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/20 17:36:40 | 000,000,221 | -HS- | M] () -- C:\Users\Silver S\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/02 08:31:25 | 1897,046,061 | ---- | M] () -- C:\Users\Silver S\Desktop\Adobe Premiere Pro CS5.exe
[2010/12/10 15:14:37 | 058,794,264 | ---- | M] () -- C:\Users\Silver S\Desktop\avira_antivir_personal_en.exe
[2010/12/11 21:00:10 | 003,988,425 | R--- | M] () -- C:\Users\Silver S\Desktop\ComboFix.exe
[2010/12/10 16:04:43 | 000,296,448 | ---- | M] () -- C:\Users\Silver S\Desktop\fxkj9w9v.exe
[2010/11/23 07:18:26 | 008,465,360 | ---- | M] (Glarysoft Ltd ) -- C:\Users\Silver S\Desktop\gusetup.exe
[2010/10/14 18:10:14 | 000,439,296 | ---- | M] () -- C:\Users\Silver S\Desktop\JADgen.exe
[2010/12/10 15:34:06 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Silver S\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/11 01:36:47 | 000,080,384 | ---- | M] () -- C:\Users\Silver S\Desktop\MBRCheck.exe
[2010/12/11 18:13:16 | 002,565,432 | ---- | M] () -- C:\Users\Silver S\Desktop\NTBR_CD.exe
[2010/12/12 09:41:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\OTL.exe
[2010/11/23 09:52:35 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Silver S\Desktop\spybotsd162.exe
[2010/11/23 09:45:45 | 009,705,656 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Silver S\Desktop\SUPERAntiSpyware.exe
[2010/12/10 15:20:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Silver S\Desktop\TFC.exe
[2010/10/14 16:50:39 | 000,700,416 | ---- | M] () -- C:\Users\Silver S\Desktop\TkFileExplorer_2.2.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/10/11 15:07:10 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/10/11 15:07:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/10/11 15:07:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/10/11 15:07:10 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/10/11 15:07:09 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/10/11 15:07:10 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/08 02:17:05 | 000,000,402 | -HS- | M] () -- C:\Users\Silver S\Favorites\desktop.ini
[2010/09/20 17:36:50 | 000,000,290 | ---- | M] () -- C:\Users\Silver S\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/09 14:14:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\cmn_upld.log
[2010/09/09 14:26:00 | 000,000,256 | ---- | M] () -- C:\ProgramData\FastPics.log
[2010/09/09 14:25:36 | 000,000,089 | ---- | M] () -- C:\ProgramData\lxea.log
[2010/12/11 21:18:12 | 000,009,696 | ---- | M] () -- C:\ProgramData\lxeascan.log
[2010/09/09 14:14:20 | 000,000,000 | ---- | M] () -- C:\ProgramData\LxWbGwLog.log
[2010/09/09 14:14:09 | 000,000,000 | ---- | M] () -- C:\ProgramData\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1030 bytes -> C:\Users\Silver S\AppData\Local\KmJbJ9Z4LK:hA58Es34ZIPTtTMVeFnTONMn

< End of report >
 
OTL Extras logfile created on: 12/12/2010 9:45:30 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Silver S\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 292.75 Gb Free Space | 49.11% Space Free | Partition Type: NTFS

Computer Name: -PC | User Name: Silver S | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84057C9C-2F85-4C67-A035-FD75FFE2DE88}" = Logitech Gaming Software 5.09
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9BAC619B-B811-4318-8C27-B11DDF3F1719}" = WD SmartWare
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Dragon Age Toolset
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C9AAF970-4E7E-4C98-AD67-09C74379D345}" = Harry Potter and the Deathly Hallows™ - Part 1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"EADM" = EA Download Manager
"Glary Utilities_is1" = Glary Utilities 2.29.0.1032
"Guitar Pro 5_is1" = Guitar Pro 5.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PerformanceTest_is1" = PerformanceTest v6.1
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"Uplink" = Uplink
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/23/2010 6:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2010 7:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2010 8:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2010 9:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2010 10:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/23/2010 11:24:30 PM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/24/2010 12:24:30 AM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 11/24/2010 1:24:29 AM | Computer Name = -PC | Source = Google Update | ID = 20
Description =

Error - 12/5/2010 9:03:21 PM | Computer Name = -PC | Source = Application Error | ID = 1000
Description = Faulting application name: audacity.exe, version: 0.0.0.0, time stamp:
0x455814e4 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process id:
0x5a0 Faulting application start time: 0x01cb94df08a308a4 Faulting application path:
C:\Program Files (x86)\Audacity\audacity.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 9e036ee1-00d4-11e0-8587-003018a957b1

Error - 12/7/2010 12:19:36 AM | Computer Name = -PC | Source = Application Error | ID = 1000
Description = Faulting application name: MassEffect.exe, version: 1.0.14184.0, time
stamp: 0x562b029a Faulting module name: wrap_oal.dll_unloaded, version: 0.0.0.0,
time stamp: 0x46927487 Exception code: 0xc0000005 Fault offset: 0x06dcf9e0 Faulting
process id: 0x12a8 Faulting application start time: 0x01cb95597d2a4ef7 Faulting application
path: C:\Program Files (x86)\Mass Effect\Binaries\MassEffect.exe Faulting module
path: wrap_oal.dll Report Id: 32bbc91b-01b9-11e0-b81f-003018a957b1

[ Media Center Events ]
Error - 9/8/2010 12:00:56 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 11:00:56 PM - Error connecting to the internet. 11:00:56 PM - Unable
to contact server..

Error - 9/8/2010 12:01:02 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 11:01:01 PM - Error connecting to the internet. 11:01:01 PM - Unable
to contact server..

Error - 9/8/2010 1:01:07 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 12:01:07 AM - Error connecting to the internet. 12:01:07 AM - Unable
to contact server..

Error - 9/8/2010 1:01:13 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 12:01:12 AM - Error connecting to the internet. 12:01:12 AM - Unable
to contact server..

Error - 9/8/2010 10:54:10 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 9:54:10 AM - Error connecting to the internet. 9:54:10 AM - Unable
to contact server..

Error - 9/8/2010 10:54:16 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 9:54:15 AM - Error connecting to the internet. 9:54:15 AM - Unable
to contact server..

Error - 9/24/2010 10:06:52 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 9:06:50 AM - Error connecting to the internet. 9:06:50 AM - Unable
to contact server..

Error - 9/24/2010 11:06:58 AM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 10:06:57 AM - Error connecting to the internet. 10:06:57 AM - Unable
to contact server..

Error - 9/24/2010 12:07:03 PM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 11:07:02 AM - Error connecting to the internet. 11:07:02 AM - Unable
to contact server..

Error - 9/24/2010 1:07:17 PM | Computer Name = -PC | Source = MCUpdate | ID = 0
Description = 12:07:10 PM - Error connecting to the internet. 12:07:10 PM - Unable
to contact server..

[ System Events ]
Error - 12/11/2010 9:14:25 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/11/2010 9:14:25 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
service to connect.

Error - 12/11/2010 9:14:25 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/11/2010 11:14:40 PM | Computer Name = -PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 12/11/2010 11:14:57 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/11/2010 11:15:02 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/11/2010 11:15:43 PM | Computer Name = -PC | Source = DCOM | ID = 10010
Description =

Error - 12/11/2010 11:17:46 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/11/2010 11:17:46 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
service to connect.

Error - 12/11/2010 11:17:46 PM | Computer Name = -PC | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053


< End of report >
 
My Internet connection bugged out on me while trying to post the other one, and when I tried again, it said it would be viewable after it has been approved by a moderator.
 
Uninstall Ask Toolbar, known adware.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/24 12:47:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/09/30 12:09:16 | 000,000,000 | ---D | M] -- C:\Users\Silver S\AppData\Roaming\AVG10
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1030 bytes -> C:\Users\Silver S\AppData\Local\KmJbJ9Z4LK:hA58Es34ZIPTtTMVeFnTONMn


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\Users\Silver S\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Silver S\AppData\Roaming\AVG10 folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\Users\Silver S\AppData\Local\KmJbJ9Z4LK:hA58Es34ZIPTtTMVeFnTONMn deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Silver S
->Temp folder emptied: 378463 bytes
->Temporary Internet Files folder emptied: 14067952 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45574117 bytes
->Flash cache emptied: 651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 57.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Silver S
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12122010_122730

Files\Folders moved on Reboot...
C:\Users\Silver S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

----------------------------
Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.13) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Right on!

Thanks Broni.

Here's the OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Silver S
->Temp folder emptied: 205203 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45724228 bytes
->Flash cache emptied: 1118 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 44.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Silver S
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 12122010_162844

Files\Folders moved on Reboot...
C:\Users\Silver S\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back