Hi,

I've started having a problem today with random audio adverts being played in the background, even when I start up to desktop with nothing running. The main advert being played is 'Finish Dishwasher Tablets!' When the advert is playing, 'Internet Explorer' appears in the Sound Card Mixer, and it is where the advert is playing.

I have found others with the same problem and have followed the steps recommended - I used MalWareBytes, ComboFix and HiJackThis (in that order). The problem is still there!

I am running Windows 7 32bit and below are my specs:
4GB RAM
3.0 Pentium C2D E4300
nVidia GeForce 7900GS
Asus P5QL Pro Motherboard


My HiJackThis log is pasted below:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:16, on 19/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Startup: todo.txt
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 7882 bytes



Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4326

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19/07/2010 19:27:35
mbam-log-2010-07-19 (19-27-35).txt

Scan type: Quick scan
Objects scanned: 137994
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix:

ComboFix 10-07-19.01 - Admin 19/07/2010 22:46:47.1.2 - x86
Running from: c:\users\Admin\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\msvcsv60.dll
c:\windows\system32\sqlite3.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))
.

2010-07-19 22:01 . 2010-07-19 22:01 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-07-19 22:01 . 2010-07-19 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-19 21:39 . 2010-07-19 21:40 -------- d-----w- C:\32788R22FWJFW
2010-07-19 18:18 . 2010-07-19 18:18 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-07-19 18:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-19 18:18 . 2010-07-19 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-19 18:18 . 2010-07-19 18:18 -------- d-----w- c:\programdata\Malwarebytes
2010-07-19 18:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-16 16:54 . 2010-07-16 16:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Nero
2010-07-15 01:50 . 2010-07-15 01:50 -------- d-----w- c:\program files\Microsoft Games
2010-07-14 22:06 . 2010-07-14 22:06 -------- d-----w- c:\users\Admin\AppData\Roaming\DivX
2010-07-14 16:29 . 2010-07-14 16:29 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-14 16:13 . 2010-07-14 16:13 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-14 16:13 . 2010-07-14 16:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-14 16:13 . 2010-07-14 16:13 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-07-14 16:11 . 2010-07-14 16:14 -------- d-----w- c:\program files\DivX
2010-07-14 16:11 . 2010-07-14 16:14 -------- d-----w- c:\programdata\DivX
2010-07-03 19:38 . 2010-07-03 19:38 -------- d-----w- c:\users\Admin\AppData\Roaming\Waves Audio
2010-07-03 17:08 . 2010-07-03 17:08 -------- d-----w- c:\users\Admin\AppData\Roaming\iZotope
2010-07-03 17:07 . 2010-07-03 17:07 -------- d-----w- c:\program files\iZotope
2010-06-29 11:21 . 2010-06-29 11:22 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-06-29 11:12 . 2010-06-29 11:12 -------- d-----w- C:\NVIDIA nTune 2.0 install
2010-06-29 11:11 . 2010-06-29 11:11 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-29 11:10 . 2010-06-07 23:57 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-29 11:10 . 2010-06-07 23:57 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-06-29 11:10 . 2010-06-07 23:57 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-29 11:10 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-29 11:10 . 2010-06-07 23:57 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-29 11:10 . 2010-06-07 23:57 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-29 11:10 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-29 11:10 . 2010-06-07 23:57 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-29 11:10 . 2010-06-07 23:57 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-29 11:10 . 2010-06-29 11:10 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-19 21:41 . 2010-03-06 16:03 -------- d-----w- c:\program files\Motorola Media Link
2010-07-19 21:40 . 2009-09-10 17:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Free Download Manager
2010-07-19 21:36 . 2009-11-28 16:40 -------- d-----w- c:\program files\Steam
2010-07-19 11:38 . 2009-09-15 11:42 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc
2010-07-14 22:09 . 2009-12-16 00:52 176 ----a-w- c:\windows\msocreg32.dat
2010-07-14 20:21 . 2009-09-10 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 20:45 . 2010-05-09 15:59 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-12 20:44 . 2010-05-09 15:59 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-12 16:01 . 2009-09-10 18:51 188152 ----a-w- c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tiruyanl.default\Fl ashGot.exe
2010-07-08 23:25 . 2009-09-11 21:03 -------- d-----w- c:\program files\Har-Bal 2.3
2010-07-03 19:38 . 2009-09-11 16:57 -------- d-----w- c:\program files\Waves
2010-07-03 19:38 . 2009-09-10 19:01 -------- d-----w- c:\program files\Vstplugins
2010-07-03 15:40 . 2009-09-10 19:04 -------- d-----w- c:\users\Admin\AppData\Roaming\Sony
2010-06-29 18:07 . 2010-03-31 13:24 -------- d-----w- c:\users\Admin\AppData\Roaming\FileZilla
2010-06-29 11:15 . 2010-01-31 22:18 -------- d-----w- c:\programdata\NVIDIA
2010-06-29 11:11 . 2010-05-10 23:57 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-27 00:50 . 2009-09-10 17:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-27 00:50 . 2010-03-28 18:59 -------- d-----w- c:\program files\ASUS
2010-06-15 16:38 . 2010-06-15 16:38 -------- d-----w- c:\users\Admin\AppData\Roaming\VST3 Presets
2010-06-10 11:41 . 2010-04-03 14:08 208936 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-10 11:41 . 2009-09-14 18:29 -------- d-----w- c:\users\Admin\AppData\Roaming\Apple Computer
2010-06-09 23:28 . 2010-06-09 23:28 -------- d-----w- c:\program files\Safari
2010-06-07 23:57 . 2010-06-29 11:10 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-06-07 23:57 . 2010-05-10 23:57 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2009-06-10 21:19 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 16:48 . 2010-06-07 16:48 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:48 . 2010-06-07 16:48 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:48 . 2010-06-07 16:48 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:48 . 2010-06-07 16:48 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-04 11:29 . 2010-06-04 11:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-05-29 23:32 . 2009-09-10 17:21 130536 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 16:54 . 2010-05-21 16:54 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-21 16:54 . 2010-05-21 16:54 -------- d-----w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab
2010-05-21 16:54 . 2010-05-21 16:54 290816 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-21 16:54 . 2010-05-21 16:54 290816 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-21 16:54 . 2010-05-21 16:54 290816 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-21 16:54 . 2010-05-21 16:54 290816 ----a-w- c:\users\Admin\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-09 18:38 . 2010-05-09 18:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-09 15:59 . 2010-05-09 15:59 138056 ----a-w- c:\users\Admin\AppData\Roaming\PnkBstrK.sys
2010-05-09 15:59 . 2010-05-09 15:59 138056 ----a-w- c:\users\Admin\AppData\Roaming\PnkBstrK.sys
2010-05-09 15:58 . 2010-05-09 15:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-09 15:58 . 2010-05-09 15:58 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-07 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-18 3168216]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-09-07 40960]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll
"midi1"=ma_cmidn.dll
"midi3"=ma_cmidn.dll

R1 vcdrom;Virtual CD-ROM Device Driver;c:\users\Admin\Desktop\VCdRom.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-01-18 32680]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-09 691696]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-01-18 233136]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [2010-02-01 87336]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-02-07 538096]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-01-27 91392]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-12-16 188736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-01-18 88040]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-08-17 891392]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-06-01 21392]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-18 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-01-18 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-01-18 115216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tiruyanl.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,a0,be,ea,8b,7b,70,42,87,e6,3d, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,a0,be,ea,8b,7b,70,42,87,e6,3d, \

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-19 23:03:11
ComboFix-quarantined-files.txt 2010-07-19 22:03

Pre-Run: 2,388,303,872 bytes free
Post-Run: 2,985,332,736 bytes free

- - End Of File - - 467EB0C2990017DAB0899491BB8C7152



I also ran SpyBot S&D, it came up with around 80 problems that it fixed but the issue is still present!


I hope you can help, thanks in advance.

I used MalWareBytes, ComboFix and HiJackThis (in that order).
Please do NOT run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806)

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 23:58:16.26 on 25/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Windows\system32\dlbccoms.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Users\Admin\Desktop\dds(2).com
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE VIMICRO USB PC Camera 301x
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotDev;Motorola Inc. USB Device
R? PCTFW-DNS;PCTools Firewall - DNS driver
R? StorSvc;Storage Service
R? SynasUSB;SynasUSB
R? vcdrom;Virtual CD-ROM Device Driver
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? athrusb;TP-LINK Wireless LAN USB device driver
S? avgio;avgio
S? avgntflt;avgntflt
S? CLEDX;Team H2O CLEDX service
S? DeviceMonitorService;DeviceMonitorService
S? dlbc_device;dlbc_device
S? MotoConnect Service;MotoConnect Service
S? NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool
S? nlsX86cc;NLS Service
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? SBSDWSCService;SBSD Security Center Service
S? TeamViewer5;TeamViewer 5

=============== Created Last 30 ================

2010-07-20 22:39:41 176 ----a-w- c:\windows\system32\msvcsv60.dll
2010-07-20 18:13:34 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-20 18:13:34 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-19 22:17:08 0 d-----w- c:\program files\Trend Micro
2010-07-19 22:03:14 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-19 21:42:21 98816 ----a-w- c:\windows\sed.exe
2010-07-19 21:42:21 77312 ----a-w- c:\windows\MBR.exe
2010-07-19 21:42:21 256512 ----a-w- c:\windows\PEV.exe
2010-07-19 21:42:21 161792 ----a-w- c:\windows\SWREG.exe
2010-07-19 21:40:08 0 d-----w- C:\ComboFix
2010-07-19 18:18:49 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-07-19 18:18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-19 18:18:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 18:18:41 0 d-----w- c:\programdata\Malwarebytes
2010-07-19 18:18:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 01:50:17 0 d-----w- c:\program files\Microsoft Games
2010-07-14 16:13:50 0 d-----w- c:\program files\common files\DivX Shared
2010-07-14 16:11:56 0 d-----w- c:\program files\DivX
2010-07-14 16:11:23 0 d-----w- c:\programdata\DivX
2010-07-05 15:21:42 281506 ----a-w- c:\users\admin\Track 1_5.wav.mdd
2010-07-05 15:21:12 5046572 ----a-w- c:\users\admin\Track 1_5.wav
2010-07-03 19:38:45 0 d-----w- c:\users\admin\appdata\roaming\Waves Audio
2010-07-03 17:08:01 0 d-----w- c:\users\admin\appdata\roaming\iZotope
2010-07-03 17:07:59 0 d-----w- c:\program files\iZotope
2010-06-29 11:21:57 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-06-29 11:12:20 0 d-----w- C:\NVIDIA nTune 2.0 install
2010-06-29 11:11:22 0 d-----w- c:\programdata\NVIDIA Corporation
2010-06-29 11:10:47 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-29 11:10:47 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-06-29 11:10:47 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-06-29 11:10:45 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-29 11:10:45 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-29 11:10:45 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-29 11:10:45 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-29 11:10:44 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-29 11:10:44 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-29 11:10:44 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-29 11:10:41 0 d-----w- C:\NVIDIA

==================== Find3M ====================

2010-07-12 20:45:07 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-12 20:44:54 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-10 11:41:53 208936 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 16:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-29 06:05:39 44704 ----a-w- c:\windows\fonts\BOOMBOX.TTF
2010-05-09 15:59:27 138056 ----a-w- c:\users\admin\appdata\roaming\PnkBstrK.sys
2010-05-09 15:58:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-09 15:58:53 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-09-14 10:35:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-09-14 10:35:02 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-09-14 10:35:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-09-14 10:35:02 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-10 18:43:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009091020090911\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:58:44.93 ===============






Attach.txt:


==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 2 (SP2)
AccessData Forensic Toolkit 1.71
AccessData LicenseManager
ACID Pro 7.0
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Anchor Service CS4
Adobe Default Language CS4
Adobe Flash Player 10 Plugin
Adobe Output Module
Adobe Photoshop CS4
Adobe Reader 9.2
Adobe Search for Help
Adobe Setup
AngstroLooper 0.9 beta
Antares Autotune VST v5.09
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AudioShell 1.3.5
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Battlefield: Bad Company™ 2
Beatscape 1.0
Bonjour
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CamStudio
CDBurnerXP
Crystal Reports Basic for Visual Studio 2008
Dell Photo Printer 720
DivX Setup
DreamStation DXi2
Emagic Logic Audio Platinum 5.5
Eudora
Express Gate
FEAR
FileZilla Client 3.3.2.1
Free Download Manager 3.0
FreeRIP v3.30
Full Tilt Poker
GIMP 2.6.7
Grand Theft Auto IV
Har-Bal Equalization System v2.3
HiJackThis
Hitman Blood Money
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
ImTOO iPhone Video Converter
iTunes
iZotope Ozone 4
Java DB 10.4.2.1
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 17
Java(TM) SE Development Kit 6 Update 17
Live 8.0.3
M-Audio Series II MIDI
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Melodyne 3.1
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.0
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MIDI TO MP3 MAKER version 3.12
MIKSOFT Mobile Media Converter
Motorola Driver Installation 4.5.0
MOTOROLA MEDIA LINK
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.0.1)
MSVC80_x86
MSVC80_x86_v2
MSVCRT
Musicnotes Software Suite 1.2
Native Instruments Guitar Rig 3
Native Instruments Service Center
NetBeans IDE 6.7.1
Nitro PDF Professional
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Display Control Panel
NVIDIA Drivers
OF Dragon Rising
PC Connectivity Solution
PC Tools Firewall Plus 6.0
PFPortChecker 1.0.32
Portal
Pro Evolution Soccer 2008
PunkBuster Services
Quantum of Solace(TM)
Quantum of Solace(TM) 1.1 Patch
QuickTime
Realtek High Definition Audio Driver
REAPER
Reason 4.0.1
ReCycle 2.0
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rockstar Games Social Club
Safari
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Skype™ 4.1
SONAR 8.0 Producer Edition
Sound Forge Pro 10.0
Spybot - Search & Destroy
SQL Server System CLR Types
Steam
Steinberg Cubase 5
Steinberg Cubase SX v3.1.1.944
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg Nuendo 4
Steinberg Nuendo Expansion Kit
Steinberg REVerence Content 01
Suite Shared Configuration CS4
Super Winspy v3.5
SyncroSoft Emu (Remove only)
Syncrosoft License Control
System Requirements Lab
T-RackS 3 Deluxe
TeamViewer 5
The Godfather™ II
Total Video Converter 3.50
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Outlook 2007 Junk Email Filter (kb968503)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 9.0
Videora iPhone Converter 5.03
Virtual DJ - Atomix Productions
Visual Mind 10
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.1
Waves Diamond Bundle v5.2
Waves SSL Collection v1.2
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Resource Kit Tools - SubInAcl.exe
WinRAR archiver
WinX Free iPhone Video Converter 3.1.1

==== End Of File ===========================

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).


After that:


Please download MBRCheck (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

This is a bit of a strange one. I didn't think uTorrent was still on my machine. Anyway, when I went to Add/Remove programs, it was the first on the list. I right clicked>uninstall but it just disappeared without any further prompts. Now there's no record of it either in program files or in the start menu/control panel>programs.
Maybe it did uninstall correctly without any dialog boxes popping up.

This is the MBR check log:


MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive2

\\.\E: --> \\.\PhysicalDrive1



Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!

931 GB \\.\PhysicalDrive2 Known-bad MBR code detected (Whistler / Black Internet)!

279 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Done! Press ENTER to exit...

Hi,

It appears you have posted about same issue at Tech Guy (http://forums.techguy.org/7513290-post4.html). I'd appreciated you had let me know about that so I would had closed this topic earlier. You're currently taking time of two helpers and that is not recommended. This topic is now closed. Continue following CatByte's instructions in your TSG topic, please.

deejayjmc

Posters who start topics at multiple sites for their PC problem waste valuable volunteer resources, so please don't. Our analysts assist people at several forums. A member's user name may be different, the problem will not be. A worse scenario would be to run fixes given at one site unbeknown to the person helping the same user elsewhere.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)