Laptop with possible infection

[SnowBum]

Hello and thank you for helping.

I'm looking at a friends laptop which won't boot into normal Windows. It will boot into safe mode with networking. I've downloaded and ran Spybot search & destroy, Malwareytes Anti-malware, SUPERAntiSpyware free edition and also Advanced SystemCare free version. These all found various infections/malware and removed them. The friend also managed to use a system recovery disc but that seemed to make things worse.

Here is the DDS log & i have attached the required DDS log:-

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by sharon at 21:07:16.32 on 02/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2538 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
S2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 17:38:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{10663334-f8a0-470e-8ab7-0a3cc144118f}\mpengine.dll
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:50 -------- d-----w- c:\program files\PriceGong
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 19:21:48 -------- d-----w- c:\program files\alot
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}
2011-01-13 16:27:05 -------- d-----w- c:\users\sharon\appdata\local\{39653FED-3D38-4DAD-902C-CDF26DD5F103}
2011-01-12 16:10:14 -------- d-----w- c:\users\sharon\appdata\local\{63A4F272-E935-43F8-9D36-80540BE60DD3}
2011-01-11 16:13:43 -------- d-----w- c:\users\sharon\appdata\local\{4ADA1D10-8CDD-470F-B402-68CA4DD97F35}
2011-01-10 16:32:29 -------- d-----w- c:\users\sharon\appdata\local\{C31DA975-DD65-4C3E-BD85-1D4592D97530}
2011-01-09 09:55:03 -------- d-----w- c:\users\sharon\appdata\local\{5407061F-F962-4526-9B6E-D45D662148FF}
2011-01-08 11:37:45 -------- d-----w- c:\users\sharon\appdata\local\{6B328144-8707-4010-ABD6-FA9E4D278CEE}
2011-01-07 23:16:15 -------- d-----w- c:\users\sharon\appdata\local\{35E8201E-859B-4C0D-881E-81199973B126}
2011-01-07 07:38:57 -------- d-----w- c:\users\sharon\appdata\local\{D6EE3FCA-7F94-42C5-84D5-8FEBB358B49A}
2011-01-06 16:07:47 -------- d-----w- c:\users\sharon\appdata\local\{E0F3EF1D-C638-467B-AC0B-1B022D75D208}
2011-01-05 09:12:15 -------- d-----w- c:\users\sharon\appdata\local\{D7C8C36A-1390-4786-B079-F45AA4BCF46D}
2011-01-04 10:02:36 -------- d-----w- c:\users\sharon\appdata\local\{B58DAC72-87DE-4503-9255-7229466541AB}

==================== Find3M ====================

2010-11-10 02:54:18 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 02:28:46 301936 ----a-w- c:\windows\WLXPGSS.SCR

============= FINISH: 21:08:24.50 ===============
Edit

Hello SnowBum,

I'm looking at a friends laptop which won't boot into normal Windows.

Any reason your friend isn't posting in the first person?

Best regards.

Because they're one of these people who buy a laptop, go online on all sorts of sites and then are stuck when their laptop starts locking up and freezing.

I'm constantly getting laptops/PCs from friends and family to look at. Most of the time i can clear the rubbish slowing them down but occasionally i need more expert help. Hence why i'm here again.

[Baabiouz]

Hello

Do you have any logs of Spybot search & destroy, Malwareytes Anti-malware or SUPERAntiSpyware?

Please post a fresh DDS log back here so we can see latest state.

[SnowBum]

Thank you for taking this case.

All of the following have been performed in Safe Mode. I've attached the latest Spybot S&D, Malwarebytes Anti-malware & SUPERAntispyware logs and the DDS attach file. The laptop will boot into Safe Mode with no problems but still won't boot to normal desktop, it just appears to hang with a black screen. This is the latest DDS log file:-


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by sharon at 12:11:36.97 on 12/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2541 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
S2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 17:38:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{10663334-f8a0-470e-8ab7-0a3cc144118f}\mpengine.dll
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:50 -------- d-----w- c:\program files\PriceGong
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 19:21:48 -------- d-----w- c:\program files\alot
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}
2011-01-13 16:27:05 -------- d-----w- c:\users\sharon\appdata\local\{39653FED-3D38-4DAD-902C-CDF26DD5F103}

==================== Find3M ====================


============= FINISH: 12:12:48.86 ===============

[Baabiouz]

Hello

Step #1
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):

ALOT Toolbar
Ask Toolbar
kikin plugin 2.4
MediaBar
PriceGong
SearchElf 1.2 Toolbar
Zynga Toolbar



Reboot your computer.


Step #2
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):


c:\program files\zynga
c:\program files\searchelf_1.2
c:\progra~1\bearsh~1\mediabar
c:\program files\alot
c:\program files\pricegong
c:\program files\conduitengine
c:\program files\ask.com
c:\program files\kikin


Step #3

1. Go to Start->Run and type in notepad and hit OK.
2. Then copy and paste the content of the following codebox into Notepad:

Code:

dir c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF} /s > c:\foldercheck.txt

3. Save the file as "check.bat". Make sure to save it with the quotation marks.

4. Double click check.bat.

5. It will create C:\Foldercheck.txt file. Post contents of C:\Foldercheck.txt in your next reply.


Step #4
Please download ATF-cleaner and save it to your desktop.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.
  
  If you use Firefox browser:
  
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
  If you use Opera browser:
  
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Step #5
I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the button.
13. Push

Step #6
Please post Eset results, Foldercheck.txt and a frehs DDS log back here.

[SnowBum]

Ok, all steps completed. Zipped logs added

New DDS log:-

DDS (Ver_10-12-12.02) - NTFSx86
Run by sharon at 19:25:06.74 on 12/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1510 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\PC Speed Maximizer\SPMTray.exe
C:\Program Files\PC Speed Maximizer\Startw3i.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\3.0.188\McUicnt.exe
C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-12 17:42:33 -------- d-----w- c:\program files\ESET
2011-02-12 17:29:11 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6f7f3a3f-0405-4e70-b08e-e4dc80228f6f}\mpengine.dll
2011-02-12 17:23:41 -------- d-----w- c:\users\sharon\appdata\local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 19:26:14.61 ===============

[Baabiouz]

Hello

Did you uninstall Mediabar and remove the folder:
c:\program files\bearshare\mediabar ?

[SnowBum]

Hello

Yes, mediabar is uninstalled and i deleted the mediabar folder. Although the folder path was slightly different:-

c:/Program Files/BearShare Applications/BearShare

[Baabiouz]

Hello

Backup Your Registry with ERUNT

• Please click HERE to download Erunt.zip
• Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


_______________


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' i at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
  If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  at the right, and the scan will start.
  his will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply

Please post Dr.web cureit log and a fresh dds log back here.

[SnowBum]

I've completed all of those steps.

I made a mistake on the DrWeb-Cureit and left the "heuristic analysis" turned on for the full scan. I've posted both logs, the "DrWeb" one is the first scan, the "DrWeb2" is the second.


DDS (Ver_10-12-12.02) - NTFSx86
Run by sharon at 19:32:51.63 on 13/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1751 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Speed Maximizer\SPMTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-13 11:38:56 -------- d-----w- c:\users\sharon\DoctorWeb
2011-02-13 11:25:00 -------- d-----w- c:\users\sharon\appdata\local\{95AC3E84-FDB2-49B9-9849-0BDDCA43D65A}
2011-02-12 19:36:39 -------- d-----w- c:\windows\system32\x64
2011-02-12 17:42:33 -------- d-----w- c:\program files\ESET
2011-02-12 17:33:07 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-12 17:33:06 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-12 17:33:05 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-12 17:33:00 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-12 17:29:11 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6f7f3a3f-0405-4e70-b08e-e4dc80228f6f}\mpengine.dll
2011-02-12 17:23:41 -------- d-----w- c:\users\sharon\appdata\local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 19:34:02.20 ===============

[Baabiouz]

Hello

How's your computer working?

Let's see OTL log:

We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Push the button.
6. Two reports will open, copy and paste them in a reply here:
   • OTL.txt <-- Will be opened
   • Extra.txt <-- Will be minimized