Solved Google redirect malware

[Resolved] Google redirect malware

Whenever I click on a link through google, it redirects me to all different kinds of random websites. Search sites, fake anti virus sites, ad sites, etc. It will usually do this about 3-5 times for each link, until taking me to the intended site.

I have Windows 7 Home Premium. I ran a scan with malware bytes but it turned up nothing. This is a particularly annoying problem and I have no idea how to fix it beyond a simple scan. Any help is appreciated.

here are my logs

DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Nyck at 22:49:28.06 on Mon 03/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1841 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Nyck\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\windows defender\MpCmdRun.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\nyck\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WebcammaxMoniter] "c:\program files\webcammax\wcmmon.exe" -a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\nyck\appdata\roaming\mozilla\firefox\profiles\vxc7tuew.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - plugin: c:\users\nyck\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\nyck\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-6 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe [2009-2-20 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-6 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-6 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-21 138680]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-12 1053056]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-21 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-21 352920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-3 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-7 25832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-5-12 31872]

=============== Created Last 30 ================

2010-03-08 07:15:11 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-08 07:15:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-08 07:09:21 65536 --sha-w- c:\users\nyck\ntuser.dat{9e69347f-2a5d-11df-9ed9-0023ae19a9ef}.TM.blf
2010-03-08 07:09:21 524288 --sha-w- c:\users\nyck\ntuser.dat{9e69347f-2a5d-11df-9ed9-0023ae19a9ef}.TMContainer00000000000000000002.regtrans-ms
2010-03-08 07:09:21 524288 --sha-w- c:\users\nyck\ntuser.dat{9e69347f-2a5d-11df-9ed9-0023ae19a9ef}.TMContainer00000000000000000001.regtrans-ms
2010-03-07 02:08:11 0 d-----w- c:\programdata\Blizzard Entertainment
2010-03-06 23:00:09 0 d-----w- C:\VideoOutput
2010-03-06 23:00:05 0 d-----w- c:\program files\FLV Converter
2010-03-06 02:24:53 0 d-----w- C:\!KillBox
2010-03-06 02:23:52 0 d-----w- c:\program files\Trend Micro
2010-03-05 00:31:48 0 d-----w- c:\users\nyck\appdata\roaming\Malwarebytes
2010-03-05 00:31:28 0 d-----w- c:\programdata\Malwarebytes
2010-03-05 00:31:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 05:26:24 0 d-----w- c:\users\nyck\appdata\roaming\Scanahand
2010-02-23 02:18:43 17 ----a-w- c:\windows\popcinfo.dat
2010-02-11 02:44:23 0 d-----w- c:\program files\Firaxis Games
2010-02-09 22:45:01 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 22:45:00 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 22:45:00 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-08 04:23:50 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

==================== Find3M ====================

2010-03-08 20:39:03 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-03-08 19:38:04 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-14 16:12:06 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-15 07:35:34 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2009-12-15 07:35:34 760344 ----a-w- c:\windows\system32\igxpun.exe
2009-12-15 07:35:34 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2009-12-15 07:35:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-12-15 07:35:32 268312 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-12-15 07:35:32 178200 ----a-w- c:\windows\system32\igfxext.exe
2009-12-15 07:35:32 175640 ----a-w- c:\windows\system32\hkcmd.exe
2009-12-15 07:35:32 166936 ----a-w- c:\windows\system32\igfxpers.exe
2009-12-15 07:29:06 81920 ----a-w- c:\windows\system32\igfxCoIn_v2021.dll
2009-12-15 07:21:26 4499456 ----a-w- c:\windows\system32\igdumd32.dll
2009-12-15 07:19:04 982224 ----a-w- c:\windows\system32\igkrng500.bin
2009-12-15 07:19:04 92292 ----a-w- c:\windows\system32\igfcg500m.bin
2009-12-15 07:19:04 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-12-15 07:16:04 550912 ----a-w- c:\windows\system32\igdumdx32.dll
2009-12-15 07:12:00 3896832 ----a-w- c:\windows\system32\igd10umd32.dll
2009-12-15 07:02:20 4077568 ----a-w- c:\windows\system32\ig4dev32.dll
2009-12-15 07:02:06 6060032 ----a-w- c:\windows\system32\ig4icd32.dll
2009-12-15 06:48:30 59392 ----a-w- c:\windows\system32\oemdspif.dll
2009-12-15 06:48:30 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2009-12-15 06:48:26 23552 ----a-w- c:\windows\system32\igfxexps.dll
2009-12-15 06:48:26 200704 ----a-w- c:\windows\system32\igfxpph.dll
2009-12-15 06:48:10 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-12-15 06:47:54 130560 ----a-w- c:\windows\system32\igfxdo.dll
2009-12-15 06:47:48 94720 ----a-w- c:\windows\system32\hccutils.dll
2009-12-15 06:47:38 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2009-12-15 06:47:38 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2009-12-15 06:47:36 226304 ----a-w- c:\windows\system32\igfxdev.dll
2009-12-15 06:47:26 9030656 ----a-w- c:\windows\system32\igfxress.dll
2009-12-15 06:42:44 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2009-12-15 06:42:44 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2009-12-14 22:48:58 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2009-12-14 22:48:36 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-09-10 03:49:20 681984000 ----a-w- c:\program files\dndsetup-2.bin
2009-09-10 03:49:18 681482240 ----a-w- c:\program files\dndsetup-1.bin
2009-09-10 03:49:11 681984000 ----a-w- c:\program files\dndsetup-3.bin
2009-09-10 03:49:10 681984000 ----a-w- c:\program files\dndsetup-4.bin
2009-09-10 03:48:51 335721958 ----a-w- c:\program files\dndsetup-5.bin
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-16 10:19:48 438101273 ----a-w- c:\program files\top_setup_2.00_20090604.exe
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-10-29 03:13:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-29 03:13:23 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-29 03:13:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-29 03:13:23 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:50:29.26 ===============








Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/27/2009 7:02:39 PM
System Uptime: 3/8/2010 10:27:33 PM (0 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | Microprocessor | 2167/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 134 GiB total, 4.522 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 8.515 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: atksgt
Device ID: ROOT\LEGACY_ATKSGT\0000
Manufacturer:
Name: atksgt
PNP Device ID: ROOT\LEGACY_ATKSGT\0000
Service: atksgt

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

==== System Restore Points ===================

RP88: 2/10/2010 9:43:23 PM - Installed Sid Meier's Pirates!
RP89: 2/15/2010 4:57:47 PM - Windows Update
RP91: 2/17/2010 5:54:21 PM - Removed Sid Meier's Pirates!
RP92: 2/18/2010 4:13:37 PM - Windows Update
RP93: 2/22/2010 6:11:07 PM - Windows Update
RP94: 2/23/2010 9:06:48 PM - Windows Update
RP95: 3/3/2010 1:29:48 PM - Scheduled Checkpoint
RP96: 3/4/2010 11:25:15 AM - Windows Update
RP97: 3/8/2010 2:01:19 AM - Restore Operation

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
AAC Decoder
Acoustica Effects Pack
Acoustica Mixcraft 4.5
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Media Live Encoder 3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Antares Auto-Tune Evo VST
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Azada 2 Ancient Magic v 1.0.4 FINAL 1.0.4
BoneTown
Bonjour
Bookworm Adventures 2 1.00
CDisplay 1.8
Cisco EAP-FAST Module
Cisco LEAP Module
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Cozi
Dell Dock
Dell Getting Started Guide
Dell Touchpad
Dell Wireless WLAN Card Utility
DELL0604
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Media Foundation Components
DivX Version Checker
DivX Web Player
Dragon Age: Origins
EDocs
Google Chrome
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
GunboundWC
H.264 Decoder
Hybrid Downloader 1,0,2,6
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Interlok driver setup x32
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
League of Legends
Logitech QuickCam Driver Package
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.0
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
MKV Splitter
Mozilla Firefox (3.5.8)
MSVCRT
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org 3.0
Pcsx2 - Playstation 2 Emulator
PDF Settings
PowerDVD
PowerISO
Project64 1.6
PunkBuster Services
Puzzle Quest
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype web features
Skypeâ„¢ 4.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Station LaunchPad
System Requirements Lab
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977839)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
Vista Codec Package
WebcamMax
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

3/8/2010 10:28:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
3/8/2010 10:28:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
3/8/2010 10:28:17 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
3/8/2010 10:28:17 PM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
3/8/2010 10:27:36 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
3/7/2010 7:02:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/7/2010 7:02:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
3/7/2010 7:02:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/7/2010 7:01:47 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 7:00:47 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 8:08:11 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2010 8:06:11 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/6/2010 3:10:04 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/3/2010 9:39:39 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/2/2010 4:03:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/2/2010 4:03:13 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

 

Please post your Malwarebytes log for me.

==============

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

Here is my malware bytes, combofix, and HJT logs. In that order.


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/9/2010 4:27:08 PM
mbam-log-2010-03-09 (16-27-08).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 305555
Time elapsed: 1 hour(s), 23 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ComboFix 10-03-09.03 - Nyck 03/09/2010 16:34:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1941 [GMT -5:00]
Running from: c:\users\Nyck\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-4148384353-627025135-3537533437-1001
c:\$recycle.bin\S-1-5-21-4148384353-627025135-3537533437-1002
c:\$recycle.bin\S-1-5-21-4148384353-627025135-3537533437-500
c:\windows\system32\oem56.inf
c:\windows\system32\oem6.inf

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-09 21:43 . 2010-03-09 21:45 -------- d-----w- c:\users\Nyck\AppData\Local\temp
2010-03-09 21:43 . 2010-03-09 21:43 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-03-09 21:43 . 2010-03-09 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-08 07:15 . 2010-03-09 04:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-08 07:15 . 2010-03-09 04:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-07 02:08 . 2010-03-09 04:42 -------- d-----w- c:\program files\StarCraft II Beta
2010-03-07 02:08 . 2010-03-07 02:12 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-03-06 23:00 . 2010-03-06 23:01 -------- d-----w- C:\VideoOutput
2010-03-06 23:00 . 2010-03-09 04:42 -------- d-----w- c:\program files\FLV Converter
2010-03-06 22:48 . 2010-03-09 04:42 -------- d-----w- c:\program files\StarCraft II Beta enUS 13891 Installer
2010-03-06 02:24 . 2010-03-06 02:24 -------- d-----w- C:\!KillBox
2010-03-06 02:23 . 2010-03-09 04:41 -------- d-----w- c:\program files\Trend Micro
2010-03-05 00:31 . 2010-03-05 00:31 -------- d-----w- c:\users\Nyck\AppData\Roaming\Malwarebytes
2010-03-05 00:31 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-05 00:31 . 2010-03-09 04:41 -------- d-----w- c:\programdata\Malwarebytes
2010-03-05 00:31 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-05 00:31 . 2010-03-09 04:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 05:26 . 2010-03-09 04:43 -------- d-----w- c:\users\Nyck\AppData\Local\Scanahand
2010-02-28 05:26 . 2010-02-28 20:52 -------- d-----w- c:\users\Nyck\AppData\Roaming\Scanahand
2010-02-28 05:08 . 2010-03-09 04:43 -------- d-----w- c:\users\Nyck\AppData\Local\FontCreator
2010-02-24 02:07 . 2010-03-09 04:43 -------- d-----w- c:\windows\system32\Wat
2010-02-24 02:06 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 02:06 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 02:06 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 02:06 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 02:18 . 2010-03-09 04:42 -------- d-----w- c:\program files\PopCap Games
2010-02-23 02:18 . 2010-02-24 01:49 17 ----a-w- c:\windows\popcinfo.dat
2010-02-11 02:44 . 2010-02-17 22:55 -------- d-----w- c:\program files\Firaxis Games
2010-02-09 22:45 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 22:45 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 22:45 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-08 04:23 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 21:46 . 2009-09-03 04:24 -------- d-----w- c:\users\Nyck\AppData\Roaming\skypePM
2010-03-09 21:45 . 2009-09-03 04:23 -------- d-----w- c:\users\Nyck\AppData\Roaming\Skype
2010-03-09 21:44 . 2009-10-27 22:17 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-09 19:58 . 2009-04-01 00:45 -------- d-----w- c:\users\Nyck\AppData\Roaming\uTorrent
2010-03-09 05:34 . 2009-11-07 20:30 -------- d-----w- c:\program files\Dragon Age
2010-03-09 05:26 . 2009-11-07 20:57 -------- d-----w- c:\programdata\BioWare
2010-03-09 04:43 . 2009-02-20 19:37 317976 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-03-09 04:42 . 2009-11-07 20:53 -------- d-----w- c:\programdata\Media Center Programs
2010-03-09 04:42 . 2010-01-29 06:38 -------- d-----w- c:\program files\Azada 2 Ancient Magic FINAL with relaxed mode and strategy guide - Requested [h33t][Wendy99]
2010-03-09 04:42 . 2010-01-15 01:20 -------- d-----w- c:\program files\BoneTown
2010-03-09 04:42 . 2009-11-07 20:30 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-09 04:41 . 2009-05-10 03:00 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-24 14:16 . 2009-10-02 21:12 181632 ----a-w- c:\windows\system32\MpSigStub.exe
2010-02-23 03:05 . 2009-07-08 20:57 -------- d-----w- c:\programdata\PopCap Games
2010-02-17 22:55 . 2009-02-20 19:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 06:39 . 2009-03-31 05:32 -------- d-----w- c:\program files\DivX
2010-02-09 06:48 . 2009-02-20 20:45 -------- d-----w- c:\program files\Google
2010-02-08 06:18 . 2009-03-31 05:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-08 04:38 . 2009-05-11 07:58 -------- d-----w- c:\program files\Pando Networks
2010-02-08 04:36 . 2009-09-13 07:23 -------- d-----w- c:\program files\EA GAMES
2010-01-29 07:07 . 2010-01-29 07:07 -------- d-----w- c:\users\Nyck\AppData\Roaming\Big Fish Games
2010-01-29 07:06 . 2009-08-03 21:34 -------- d-----w- c:\program files\Games
2010-01-22 20:18 . 2010-01-16 00:44 -------- d-----w- c:\program files\Peggle
2010-01-18 23:29 . 2010-02-09 22:44 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-09 22:44 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-09 22:44 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-09 22:44 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-09 22:44 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-09 22:44 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-09 22:44 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-09 22:44 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 00:56 . 2010-01-17 20:30 -------- d-----w- c:\program files\BOINC
2010-01-17 21:20 . 2010-01-17 20:30 -------- d-----w- c:\programdata\BOINC
2010-01-17 20:33 . 2010-01-17 20:33 105 ----a-w- c:\programdata\BOINC\slots\1\primegrid_llr_wrapper_5.11_windows_intelx86.exe
2010-01-17 20:33 . 2010-01-17 20:33 105 ----a-w- c:\programdata\BOINC\slots\0\primegrid_llr_wrapper_5.11_windows_intelx86.exe
2010-01-17 20:33 . 2010-01-17 20:33 461312 ----a-w- c:\programdata\BOINC\slots\1\primegrid_llr_5.09_windows_intelx86.exe
2010-01-17 20:33 . 2010-01-17 20:33 461312 ----a-w- c:\programdata\BOINC\slots\0\primegrid_llr_5.09_windows_intelx86.exe
2010-01-17 20:33 . 2010-01-17 20:33 487424 ----a-w- c:\programdata\BOINC\projects\www.primegrid.com\primegrid_llr_wrapper_5.11_windows_intelx86.exe
2010-01-15 01:33 . 2010-01-15 01:27 -------- d-----w- c:\users\Nyck\AppData\Roaming\BoneTown
2010-01-15 01:20 . 2010-01-15 01:20 3774 ----a-r- c:\users\Nyck\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\controlPanelIcon.exe
2010-01-15 01:20 . 2010-01-15 01:20 3774 ----a-r- c:\users\Nyck\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\BoneTown.exe
2010-01-15 01:20 . 2010-01-15 01:20 10134 ----a-r- c:\users\Nyck\AppData\Roaming\Microsoft\Installer\{5E7C721D-B008-4269-A1C4-2CE7E9757983}\SystemFolder_msiexec.exe
2010-01-14 20:23 . 2010-01-14 20:22 -------- d-----w- c:\program files\Bonetown Crack
2010-01-14 04:00 . 2010-01-14 03:54 -------- d-----w- c:\program files\Telltale Games
2010-01-13 19:00 . 2009-12-04 08:50 -------- d-----w- c:\programdata\Microsoft Help
2010-01-08 03:18 . 2010-02-09 22:44 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-09 22:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02 . 2010-02-09 22:44 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-09 22:44 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-09 22:44 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-09 22:44 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-09 22:44 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-09 22:44 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-09 22:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-09 22:44 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-15 07:35 . 2009-12-15 07:35 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2009-12-15 07:35 . 2009-12-15 07:35 3126808 ----a-w- c:\windows\system32\GfxUI.exe
2009-12-15 07:35 . 2009-12-15 07:35 141848 ----a-w- c:\windows\system32\igfxtray.exe
2009-12-15 07:35 . 2009-12-06 03:35 760344 ----a-w- c:\windows\system32\igxpun.exe
2009-12-15 07:35 . 2009-12-15 07:35 268312 ----a-w- c:\windows\system32\igfxsrvc.exe
2009-12-15 07:35 . 2009-12-15 07:35 178200 ----a-w- c:\windows\system32\igfxext.exe
2009-12-15 07:35 . 2009-12-15 07:35 175640 ----a-w- c:\windows\system32\hkcmd.exe
2009-12-15 07:35 . 2009-12-15 07:35 166936 ----a-w- c:\windows\system32\igfxpers.exe
2009-12-15 07:29 . 2009-12-15 07:29 81920 ----a-w- c:\windows\system32\igfxCoIn_v2021.dll
2009-12-15 07:21 . 2009-12-15 07:21 4499456 ----a-w- c:\windows\system32\igdumd32.dll
2009-12-15 07:21 . 2009-12-15 07:21 7062016 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2009-12-15 07:19 . 2009-12-15 07:19 982224 ----a-w- c:\windows\system32\igkrng500.bin
2009-12-15 07:19 . 2009-12-15 07:19 92292 ----a-w- c:\windows\system32\igfcg500m.bin
2009-12-15 07:19 . 2009-12-15 07:19 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
2009-12-15 07:16 . 2009-12-15 07:16 550912 ----a-w- c:\windows\system32\igdumdx32.dll
2009-12-15 07:12 . 2009-07-13 22:09 3896832 ----a-w- c:\windows\system32\igd10umd32.dll
2009-12-15 07:02 . 2009-12-15 07:02 4077568 ----a-w- c:\windows\system32\ig4dev32.dll
2009-12-15 07:02 . 2009-12-15 07:02 6060032 ----a-w- c:\windows\system32\ig4icd32.dll
2009-12-15 06:48 . 2009-12-15 06:48 59392 ----a-w- c:\windows\system32\oemdspif.dll
2009-12-15 06:48 . 2009-12-15 06:48 260096 ----a-w- c:\windows\system32\igfxTMM.dll
2009-12-15 06:48 . 2009-12-15 06:48 23552 ----a-w- c:\windows\system32\igfxexps.dll
2009-12-15 06:48 . 2009-12-15 06:48 200704 ----a-w- c:\windows\system32\igfxpph.dll
2009-12-15 06:48 . 2009-08-14 02:15 56832 ----a-w- c:\windows\system32\igfxsrvc.dll
2009-12-15 06:47 . 2009-12-15 06:47 130560 ----a-w- c:\windows\system32\igfxdo.dll
2009-12-15 06:47 . 2009-08-14 02:15 94720 ----a-w- c:\windows\system32\hccutils.dll
2009-12-15 06:47 . 2009-12-15 06:47 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2009-12-15 06:47 . 2009-12-15 06:47 119808 ----a-w- c:\windows\system32\gfxSrvc.dll
2009-12-15 06:47 . 2009-08-14 02:15 226304 ----a-w- c:\windows\system32\igfxdev.dll
2009-12-15 06:47 . 2009-08-14 02:15 9030656 ----a-w- c:\windows\system32\igfxress.dll
2009-12-15 06:42 . 2009-12-15 06:42 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2009-12-15 06:42 . 2009-12-15 06:42 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2009-12-14 22:48 . 2009-12-06 03:38 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2009-12-14 22:48 . 2009-12-06 03:38 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2009-12-14 01:18 . 2009-10-28 00:27 115384 ----a-w- c:\users\Nyck\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 22:05 . 2009-12-11 22:05 5058 ----a-w- c:\windows\Help\hhcolreg.dat
2009-12-11 21:35 . 2009-04-08 03:34 1 ----a-w- c:\users\Nyck\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-09-10 03:49 . 2009-09-10 00:37 681984000 ----a-w- c:\program files\dndsetup-2.bin
2009-09-10 03:49 . 2009-09-10 00:37 681482240 ----a-w- c:\program files\dndsetup-1.bin
2009-09-10 03:49 . 2009-09-10 00:37 681984000 ----a-w- c:\program files\dndsetup-3.bin
2009-09-10 03:49 . 2009-09-10 00:37 681984000 ----a-w- c:\program files\dndsetup-4.bin
2009-09-10 03:48 . 2009-09-10 00:37 335721958 ----a-w- c:\program files\dndsetup-5.bin
2009-06-16 10:19 . 2009-06-16 09:56 438101273 ----a-w- c:\program files\top_setup_2.00_20090604.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"XboxStat "= "c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebcammaxMoniter "= "c:\program files\WebcamMax\wcmmon.exe" [2009-09-25 449024]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-12-15 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-12-15 175640]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-12-15 166936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-20 19:43 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@= "FSFilter System Recovery "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-19 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 135664]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-10-28 3407292]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S1 aswSP;avast! Self Protection; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe [2008-12-15 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2009-08-07 1053056]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:39]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 06:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nyck\AppData\Roaming\Mozilla\Firefox\Profiles\vxc7tuew.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - plugin: c:\users\Nyck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-Pcsx2 - c:\users\Nyck\Desktop\New Folder\Pcsx2\uninstall.exe
AddRemove-Persona - c:\program files\Persona\uninst.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4148384353-627025135-3537533437-1000\Software\SecuROM\License information*]
"datasecu "=hex:d1,77,18,47,bd,55,20,e4,24,78,98,cf,e7,54,25,a3,c8,91,d1,f5,60,
d2,25,ac,65,17,26,47,9b,89,8c,0f,53,9b,e4,c5,e2,61,5b,b4,b8,a6,6f,c6,84,2b,\
"rkeysecu "=hex:85,e3,68,aa,68,d2,17,71,d4,80,6c,89,83,d8,81,38

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\taskhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-03-09 16:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 21:51

Pre-Run: 10,899,046,400 bytes free
Post-Run: 10,886,438,912 bytes free

- - End Of File - - 0FEDBE73B9FAFD41E62AACBF444213D9






Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:35 PM, on 3/9/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe "
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WebcammaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" -a
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files\Cozi Express\CoziProtocolHandler.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 8236 bytes

 

Ok. MBA-M is weeks out of date so you need to update that and then run a scan. Post the log when done.
Let me know how the pc is.

Keep away from cracks as they are full of malware.

 

The google redirect problem seems to have been resolved I haven't experienced any redirecting since running Combofix.

I ran the updater for Malware Bytes and ran another scan here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3845
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/9/2010 10:07:03 PM
mbam-log-2010-03-09 (22-06-59).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 313841
Time elapsed: 1 hour(s), 12 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\svchost (Trojan.Backdoor) -> No action taken.

Files Infected:
C:\svchost\logs.dat (Trojan.Backdoor) -> No action taken.
C:\svchost\plugin.dat (Trojan.Backdoor) -> No action taken.

 

Ok. Can you run MBA-M again and have it remove those entries.

• Click START then RUN
• Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  
  ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

========

Also need you to do one more scan.

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color= "blue"]Kaspersky Online Scanner[/color]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color= "#3333FF"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • [color= "#6666CC"]Extended[/color]
  • Scan Options:
    • [color= "#6666CC"]Scan Archives[/color]
    • [color= "#6666CC"]Scan Mail Bases[/color]
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color= "Navy"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.


To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color= "Navy"]Save as [/color]prompt, [color= "navy"]Save in[/color] area, select: Desktop
In the [color= "navy"]File name[/color] area, use KScan, or something similar
In [color= "navy"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color= "Navy"]Kaspersky Online Scanner Report [/color]in your reply.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, March 10, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 09, 2010 23:07:57
Records in database: 3751592
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 173176
Threats found: 6
Infected objects found: 17
Suspicious objects found: 0
Scan duration: 06:46:56


File name / Threat / Threats count
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\630c3e4a-642d1a02 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5704af19-4b929357 Infected: Trojan-Downloader.Java.OpenStream.ad 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\7278e12c-2f22dcb5 Infected: Trojan-Downloader.Java.OpenStream.af 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\eb66a35-38f018b8 Infected: Exploit.OSX.Smid.c 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6e49cf76-102475b8 Infected: Trojan-Downloader.Java.Agent.t 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eae6f3b-6a6333c9 Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\Nyck\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6e736388-59d7e4f5 Infected: Exploit.OSX.Smid.c 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R0644596cX2a60977fY61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R0644596cX2a61d146Y61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R0644596cX2a61e284Y61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R0644596cX2a61e96eY61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R1ad790acX2a608d6bY61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409R72c436e6X2a60fcefY61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AIEI3P1\q00a106201317r0409Rcc3b13d0X2a61d179Y61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ASHLXSAQ\q00a106201317r0409R59e96525X2a612e75Y61ed4f5dZ0100f080[1].pdf Infected: Exploit.JS.Pdfka.bso 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5c244c96-3f6515b6 Infected: Exploit.OSX.Smid.c 1
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\42123aa8-47cc0a20 Infected: Exploit.OSX.Smid.c 1

Selected area has been scanned.

 

• Go to Start > Control Panel double-click on the Software icon > add/remove programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
• Select it and click Remove.
• Then Download and install the newest version from here:
• http://www.java.com/en/download/manual.jsp

==

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

====

Did you manage to delete the files from MBA-M's last run?

Everything still ok with the pc?

 

I've downloaded the new java and used the ATF cleaner

And yes, the problems from the last MBA-M scan were removed without a problem, and everything seems to be working, I haven't encountered any other issues.

 

Ok. I think we can call you done then.

 

Thanks for the all the help Crunchie

 

No worries. Stay clean .