PDA

View Full Version : CMD spams linkbucks.com!


Blazter
2010-06-13, 19:03
Hi!

When Windows 7 is done loading, a command prompt window appears and opens Opera with linkbucks.com (see picture). How do I remove this? Please help :thanks:




DDS (Ver_10-03-17.01) - NTFSX64
Run by Niklas at 19:00:56,53 on 2010-06-13
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1053.18.3070.1774 [GMT 2:00]

SP: Anti-spyware *disabled* (Updated) {18A43D32-46DF-4E3A-9D61-3F1131122679}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program\OfficePopup\OfficePopup.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
D:\Program\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Program Files (x86)\Opera\opera.exe
D:\Program\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Niklas\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = google.se
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [CreativeTaskScheduler] "c:\program files (x86)\creative\shared files\CTSched.exe" /logon
uRun: [AlcoholAutomount] "d:\program\alcohol 120\axcmd.exe" /automount
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] d:\program\spybot - search & destroy\TeaTimer.exe
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "d:\program\adobe\reader 9\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvgScan] c:\windows\system32\AvgScan.bat
StartupFolder: c:\users\niklas\appdata\roaming\micros~1\windows\startm~1\programs\startup\office~1.lnk - d:\program\officepopup\OfficePopup.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\GROOVEEX.DLL
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
AppInit_DLLs-X64: avgrssta.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-6-12 27144]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-6-12 56008]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-6-12 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-6-12 269320]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-6-12 35536]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-6-12 317520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-5 202752]
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-6-12 916760]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-6-12 308064]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-6-12 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-12 5888008]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-6-12 20968]
R2 SBSDWSCService;SBSD Security Center Service;d:\program\spybot - search & destroy\SDWinSec.exe [2010-6-13 1153368]
R2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\niklas\appdata\local\microsoft\windows sidebar\gadgets\intelcoreseries24.gadget\WinRing0x64.sys [2010-6-12 14544]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-5 6789632]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-5 221184]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-6-12 132616]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-6-12 35848]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-8-19 239616]
S2 StarWindServiceAE;StarWind AE Service;d:\program\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-6-12 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-6-12 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 202776]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1417240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 94744]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\spel\dragon age - origins\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-6-12 31800]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-12 1255736]

=============== Created Last 30 ================

2010-06-13 16:39:15 0 d-----w- c:\users\niklas\appdata\roaming\Malwarebytes
2010-06-13 16:39:07 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-13 16:39:07 0 d-----w- c:\programdata\Malwarebytes
2010-06-13 16:00:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-13 15:17:09 0 d-----w- c:\users\niklas\appdata\roaming\Anti-spyware
2010-06-13 15:17:09 0 d-----w- c:\programdata\TEMP
2010-06-13 14:32:05 20 ----a-w- c:\windows\syswow64\SYSTEM
2010-06-13 14:26:18 0 d--h--w- C:\$AVG
2010-06-13 14:12:43 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-06-13 13:54:42 175 ----a-w- c:\windows\syswow64\AvgScan.bat
2010-06-12 21:23:32 0 d-----w- c:\programdata\Futuremark
2010-06-12 21:17:32 0 d-----w- c:\users\niklas\appdata\roaming\AVG9
2010-06-12 20:21:44 0 d-----w- c:\programdata\Media Center Programs
2010-06-12 20:09:41 0 d-----w- c:\program files (x86)\common files\BioWare
2010-06-12 20:03:47 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-06-12 20:00:26 0 d-----w- c:\users\niklas\Tracing
2010-06-12 19:56:09 0 d-----w- c:\users\niklas\appdata\roaming\Win7codecs
2010-06-12 19:56:08 0 d-----w- c:\program files (x86)\Win7codecs
2010-06-12 19:55:43 0 d-----w- c:\programdata\Win7codecs
2010-06-12 19:52:05 0 d-----w- c:\windows\syswow64\Macromed
2010-06-12 19:51:14 0 d-----w- c:\program files (x86)\common files\Futuremark Shared
2010-06-12 19:50:46 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-06-12 19:45:18 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x64.sys
2010-06-12 19:44:32 0 d-----w- c:\programdata\Adobe
2010-06-12 19:40:59 0 d-----w- c:\users\niklas\appdata\roaming\Fomine Software
2010-06-12 19:34:22 871408 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-12 19:23:59 0 d-----w- c:\users\niklas\appdata\roaming\uTorrent
2010-06-12 19:20:58 0 d-----w- c:\programdata\Nero
2010-06-12 19:20:44 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll
2010-06-12 18:56:46 0 d-----w- c:\windows\syswow64\Wat
2010-06-12 18:56:46 0 d-----w- c:\windows\system32\Wat
2010-06-12 18:54:09 0 d-----w- c:\program files (x86)\Microsoft
2010-06-12 18:53:56 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-06-12 18:51:59 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-06-12 18:50:13 0 d-----w- c:\windows\Panther
2010-06-12 18:49:39 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-12 18:49:39 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-06-12 18:48:20 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-06-12 18:47:53 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-12 18:45:35 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-06-12 18:45:02 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-06-12 18:43:53 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-06-12 18:43:50 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-06-12 18:43:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-06-12 18:43:50 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-06-12 18:43:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-06-12 18:43:50 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-06-12 18:43:50 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-06-12 18:43:47 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-06-12 18:43:47 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-12 18:43:47 34816 ----a-w- c:\windows\syswow64\msasn1.dll
2010-06-12 18:43:47 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-12 18:37:50 0 d-----w- c:\program files\common files\DESIGNER
2010-06-12 18:37:31 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-06-12 18:37:17 0 d-----w- c:\windows\PCHEALTH
2010-06-12 18:37:17 0 d-----w- c:\program files\Microsoft Sync Framework
2010-06-12 18:37:17 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-12 18:36:37 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-06-12 18:36:21 0 d-----w- c:\program files\Microsoft Analysis Services
2010-06-12 18:36:21 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-06-12 18:36:16 0 d-----w- c:\programdata\Microsoft Help
2010-06-12 18:36:16 0 d-----w- c:\program files\Microsoft Office
2010-06-12 18:31:26 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-12 18:31:26 0 d-----w- c:\programdata\AVG Security Toolbar
2010-06-12 18:31:25 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-06-12 18:31:25 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-06-12 18:31:25 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-06-12 18:31:25 27144 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-06-12 18:31:25 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-12 18:31:24 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2010-06-12 18:31:24 0 d-----w- c:\programdata\avg9
2010-06-12 18:31:24 0 d-----w- c:\program files (x86)\AVG
2010-06-12 18:25:25 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-06-12 18:25:25 1080 ----a-w- c:\windows\system32\settings.sfm
2010-06-12 18:25:16 647872 ------w- c:\windows\syswow64\Mscomct2.ocx
2010-06-12 18:25:16 53248 ------w- c:\windows\Ctregrun.exe
2010-06-12 18:20:23 0 d-----w- c:\program files (x86)\common files\Creative
2010-06-12 18:20:22 0 d--h--w- c:\program files (x86)\Creative Installation Information
2010-06-12 18:20:19 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared
2010-06-12 18:20:17 0 d-----w- c:\program files\Creative
2010-06-12 18:20:15 0 d-----w- c:\program files (x86)\Creative
2010-06-12 18:20:11 0 d-----w- c:\programdata\Creative
2010-06-12 18:20:09 0 d-----w- c:\program files (x86)\OpenAL
2010-06-12 18:19:52 12288 ----a-w- c:\windows\system32\INRES.DLL
2010-06-12 18:19:52 11776 ----a-w- c:\windows\syswow64\INRES.DLL
2010-06-12 18:19:52 0 d-----w- c:\windows\syswow64\Data
2010-06-12 18:19:52 0 d-----w- c:\windows\system32\Data
2010-06-12 18:19:44 22691984 ----a-w- c:\windows\syswow64\AppSetup.exe
2010-06-12 18:17:57 0 d-----w- c:\programdata\ATI
2010-06-12 18:17:51 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-12 18:16:58 0 d-----w- c:\program files\common files\ATI Technologies
2010-06-12 18:16:58 0 d-----w- c:\program files (x86)\common files\ATI Technologies
2010-06-12 18:16:58 0 d-----w- c:\program files (x86)\ATI
2010-06-12 18:16:42 0 d-----w- c:\program files (x86)\ATI Technologies
2010-06-12 18:16:39 0 d-sh--w- c:\windows\Installer
2010-06-12 18:16:35 0 d-----w- c:\program files\ATI Technologies
2010-06-12 18:16:34 0 d-----w- c:\program files\ATI
2010-06-12 18:16:11 0 d-----w- C:\ATI
2010-06-12 18:15:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-12 17:56:45 3 ----a-w- c:\windows\7Loader.TAG
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Start-meny
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Skrivbord
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Programdata
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Mallar
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Favoriter
2010-06-12 17:56:01 0 d-sh--we c:\programdata\Dokument
2010-06-12 17:56:01 0 d-sh--we c:\program files\Delade filer
2010-06-12 17:56:01 0 d-sh--we C:\Program
2010-06-12 17:56:01 0 d-sh--w- C:\Recovery
2010-05-18 15:58:24 1085440 ----a-w- c:\windows\syswow64\VSFilter.dll
2010-05-17 23:47:52 108032 ----a-w- c:\windows\syswow64\ff_vfw.dll

==================== Find3M ====================

2010-06-13 16:28:53 617232 ----a-w- c:\windows\system32\perfh01D.dat
2010-06-13 16:28:53 120596 ----a-w- c:\windows\system32\perfc01D.dat
2010-06-12 18:20:09 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-12 18:20:09 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-06-12 18:20:09 121880 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-12 18:20:09 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 15:58:24 1085440 ----a-w- c:\windows\syswow64\VSFilter.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-05 02:47:08 6789632 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-05 02:43:40 19735040 ----a-w- c:\windows\system32\atio6axx.dll
2010-05-05 02:19:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-05 02:19:38 506880 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-05-05 02:18:36 584704 ----a-w- c:\windows\system32\aticfx64.dll
2010-05-05 02:16:04 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-05 02:15:56 455168 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-05 02:15:10 202752 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-05 02:14:44 15024128 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-05-05 02:13:38 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-05-05 02:13:20 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-05-05 02:13:10 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-05-05 02:12:56 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-05-05 02:12:50 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-05-05 02:12:44 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-05-05 02:12:36 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-05-05 02:08:46 3611648 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-05-05 01:56:30 4225536 ----a-w- c:\windows\system32\atidxx64.dll
2010-05-05 01:41:48 3788288 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-05-05 01:41:12 43008 ----a-w- c:\windows\system32\aticalrt64.dll
2010-05-05 01:41:10 53248 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-05-05 01:41:02 39936 ----a-w- c:\windows\system32\aticalcl64.dll
2010-05-05 01:41:00 53248 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-05-05 01:40:50 5194752 ----a-w- c:\windows\system32\aticaldd64.dll
2010-05-05 01:38:58 4022272 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-05-05 01:35:00 55296 ----a-w- c:\windows\system32\coinst.dll
2010-05-05 01:33:24 4902400 ----a-w- c:\windows\system32\atiumd64.dll
2010-05-05 01:24:38 2738176 ----a-w- c:\windows\system32\atiumd6a.dll
2010-05-05 01:24:02 334336 ----a-w- c:\windows\system32\atiadlxx.dll
2010-05-05 01:23:52 237568 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-05-05 01:23:40 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-05-05 01:23:36 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-05-05 01:23:36 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-05-05 01:23:32 16384 ----a-w- c:\windows\system32\atig6txx.dll
2010-05-05 01:23:28 15360 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-05-05 01:23:24 221184 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-05-05 01:22:36 36864 ----a-w- c:\windows\system32\atiuxp64.dll
2010-05-05 01:22:26 28160 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-05-05 01:22:20 28160 ----a-w- c:\windows\system32\atiu9p64.dll
2010-05-05 01:22:12 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-05-05 01:21:38 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-05-05 01:19:16 3015680 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-05-05 01:08:42 53248 ----a-w- c:\windows\system32\atimpc64.dll
2010-05-05 01:08:42 53248 ----a-w- c:\windows\system32\amdpcom64.dll
2010-05-05 01:08:38 52224 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-05-05 01:08:38 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-04-28 21:17:50 2110 ----a-w- c:\windows\syswow64\atipblag.dat
2010-04-28 21:17:50 2110 ----a-w- c:\windows\system32\atipblag.dat
2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 20:12:18 48464 ----a-w- c:\windows\syswow64\sirenacm.dll
2010-03-25 15:56:00 203331 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-20 18:11:18 33664 ----a-w- c:\windows\system32\FM20SVE.DLL
2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2009-07-14 07:43:11 37052 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2009-07-14 07:43:11 294764 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-06-12 19:57:04
System Uptime: 2010-06-13 18:24:22 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS4
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 3000/335mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 23 GiB total, 4,633 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 34,477 GiB free.
E: is FIXED (NTFS) - 186 GiB total, 21,021 GiB free.
F: is CDROM (CDFS)
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3DMark Vantage
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 - Svenska
Advertising Center
ATI Catalyst Registration
µTorrent
AVG 9.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Creative ALchemy
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CrystalDiskInfo 3.6.0
DolbyFiles
Dragon Age: Origins
FairStars MP3 Recorder 2.18
Futuremark SystemInfo
ImagXpress
Intel® Solid-State Drive Toolbox
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSVCRT
Nero 9 Trial
Nero ControlCenter
Nero Installer
NeroBurningROM
neroxml
NVIDIA PhysX
OfficePopup 2.42
OpenAL
Opera 10.53
Spybot - Search & Destroy
The Lord of the Rings FREE Trial
Watson
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Visual C++ 8.0 Runtime Setup Package (x64)

==== End Of File ===========================

2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:01:09,39 ===============
Blade81
2010-06-18, 20:13
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Blade81
2010-06-23, 10:12
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.