Well, I have a case of infection with several viruses(Trojan Horse.AQLW, IDP.trojan.1C8D1A13 and perhaps others.) and AVG keeps deleting registry files but it doesn't solve the problem.) Here are the logs you requested:-
DDS:-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by hp at 22:27:46 on 2012-06-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1045 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\allgameshome toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Codecv Class: {1d8f1bbe-c6fa-6cdf-a687-dc47da301414} - c:\programdata\codecv\bhoclass.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Alnaddy.com Helper Object: {55928dd2-8878-4275-aab3-b3a09a67a1eb} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\bh\alnaddyToolbar.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\a\programs\hotspot shield\hssie\HssIE.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Alnaddy.com Toolbar: {cd3aed25-23ab-4543-b915-159449c37197} - c:\program files\alnaddy.com\alnaddytoolbar\1.5.25.2\alnaddyToolbarTlbr.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\hp\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.72.144.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15:12
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 lpx;ET5Drv;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 mbr;Vwlogger;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:15:12 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04:16 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:03:26 -------- d-----w- c:\users\hp\appdata\roaming\Babylon
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02:43 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d--h--w- C:\$AVG
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28:38 -------- d-----w- c:\users\hp\appdata\local\IsolatedStorage
2012-05-28 13:58:56 -------- d-----w- c:\users\hp\appdata\local\Nokia
2012-05-28 13:58:51 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\PCSuite
2012-05-28 12:16:07 -------- d-----w- c:\program files\common files\Nokia
2012-05-28 12:15:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15:23 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-24 12:10:56 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09:00 -------- d-----w- c:\program files\AllGamesHome Toolbar
2012-05-23 10:36:41 -------- d-----w- c:\windows\system32\appmgmt
2012-05-15 08:01:50 -------- d-----w- c:\users\hp\appdata\local\Diagnostics
2012-05-15 07:30:10 -------- d-----w- c:\users\hp\appdata\roaming\Anvil Studio
2012-05-15 07:14:16 -------- d-----w- c:\users\hp\appdata\roaming\Synthesia
.
==================== Find3M ====================
.
2012-06-13 17:21:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\wsun32.dll
2012-05-13 10:00:25 215 ----a-w- c:\windows\system32\msgb.dll
2012-05-06 15:59:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 15:59:38 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45:14 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-22 20:54:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 03:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-17 05:00:29 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 22:28:32.74 ===============

SSD:-
Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $5AB447BB] Program directory (Directory, nothing done)
C:\Users\hp\AppData\Roaming\Babylon\

Babylon.Toolbar: [SBI $D1EDD9CA] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

Babylon.Toolbar: [SBI $D573FB99] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $E02AA723] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $E0B59C7B] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $845CDFE1] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Babylon.Toolbar: [SBI $C85E7B42] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3B673BC9] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Babylon.Toolbar: [SBI $295D1CA8] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $965DE1CF] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $03CC717B] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Babylon.Toolbar: [SBI $55401212] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Babylon.Toolbar: [SBI $4FD7143C] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Babylon.Toolbar: [SBI $86D54DEE] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Babylon.Toolbar: [SBI $B3F815D3] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Babylon.Toolbar: [SBI $A7E24495] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Babylon.Toolbar: [SBI $F311396F] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Babylon.Toolbar: [SBI $473B0254] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Babylon.Toolbar: [SBI $17D55CEB] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Babylon.Toolbar: [SBI $35D035AC] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Babylon.Toolbar: [SBI $CD2F4F51] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Babylon.Toolbar: [SBI $88BEA276] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Babylon.Toolbar: [SBI $44038FF2] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Babylon.Toolbar: [SBI $A3E68EB6] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Babylon.Toolbar: [SBI $BBB82D0A] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Babylon.Toolbar: [SBI $C5E991BF] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Babylon.Toolbar: [SBI $58FD8250] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Babylon.Toolbar: [SBI $7C893BE9] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Babylon.Toolbar: [SBI $82C5EBDA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName

Babylon.Toolbar: [SBI $7491E83C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE20B4F0-A56F-41CE-BFFC-FB7389CCB627}

Babylon.Toolbar: [SBI $9BB50AEF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escrtBtn.1

Babylon.Toolbar: [SBI $9BB50AEF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $53246B67] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Babylon.Toolbar: [SBI $C2E2DFDF] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\

Babylon.Toolbar: [SBI $6FD65E4E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\

Babylon.Toolbar: [SBI $BD2D2D7E] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\

Babylon.Toolbar: [SBI $7C2CF2C5] Program directory (Directory, nothing done)
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\

Babylon.Toolbar: [SBI $5F690EB1] Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $F8D06006] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\BabylonToolbar

Babylon.Toolbar: [SBI $2C6EC819] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\BabylonToolbar

BrothersoftExtreme.CT: [SBI $7877A24A] Executable (File, nothing done)
C:\Users\hp\Documents\Downloads\11CT2776682_BrotherSoft_Extreme.exe
Properties.size=192848
Properties.md5=366ACA3ACE9F8F388BB831F0F1CBB015
Properties.filedate=1335992661
Properties.filedatetext=2012-05-02 23:04:20

CoolWWWSearch.CameUp: [SBI $4A5E11C5] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}

CoolWWWSearch.Toolband: [SBI $E1C52FF8] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj

CoolWWWSearch.Toolband: [SBI $C80E6C03] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1

CoolWWWSearch.Toolband: [SBI $C80E6C03] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B22A92-87A2-47b6-B3E6-A64877B5C242}

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4088562051-3164859817-2932628761-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-06-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


Thanks in advance

Hello Aelo123 and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 3 days your thread will be closed.


There is a serious rootkit infection on this machine. Please use an uninfected machine to change all of your passwords as soon as you can as your passwords may have been compromised.

Also, please back up all of your important data immediately as in the worst case scenario you may have to reformat and reinstall your operating system.

Before we begin I would like to review the logs created by the following tools:


aswMBR


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Click the "Scan" button to start scan.

http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply.

http://public.avast.com/~gmerek/aswMBR2.png


The next tool may give you the option of curing what is detected.

At this time please do not allow the tool to cure anything it detects (we only need to review the log that is created at this time).


TDSS Killer



Please read carefully and follow these steps.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
When the window opens, click on Change Parameters.
Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
Click on Start Scan.
If an infected file is detected, the default action will be Cure, click on Skip.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".


Please post the aswMBR log and the TDSSKiller log in your next reply.

I've done as you adviced, here are the logs you requested(attached)
9597

9598

Hello Aelo123

Please post your logs directy into your replies (there is no need to attach them).

This machine is terribly infected.


Please re-run TDSSKiller and allow it to cure (or quarantine) what it detects, then follow immediately with Combofix:


Combofix


Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:

In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.




Please post the TDSSKiller log and the Combofix log in your next reply.

I attached the text because it was too long:-
9602

Hello Aelo123

Please try running Combofix again. It may take a little time to complete so please be patient.

If (say after an hour) it has still not completed let me know.

It was much faster this time here is the log:-
\ComboFix 12-06-15.06 - hp 18-Jun-12 10:32:38.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1567 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Read Me.txt
c:\windows\$NtUninstallKB45282$
c:\windows\$NtUninstallKB45282$\613192814\L\xadqgnnk
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\DEBUG.log
c:\windows\system32\msgb.dll
c:\windows\system32\oem44.inf
c:\windows\system32\wsun32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 08:36 . 2012-06-18 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:53 . 2012-06-18 08:38 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-16 08:25 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-12 17:35 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\program files\Alnaddy.com
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-11 17:56 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-08 22:04 -------- d-----w- c:\program files\BabylonToolbar
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\users\hp\AppData\Roaming\Babylon
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Babylon
2012-06-08 22:02 . 2012-06-16 18:52 -------- d-----w- c:\programdata\Codecv
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-06 09:59 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 14:37 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-17 21:31 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-18 07:52 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-18 08:38 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-05-30 07:49 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-18 08:38 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
2012-05-24 12:10 . 2012-05-24 12:10 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09 . 2012-05-24 12:09 -------- d-----w- c:\program files\AllGamesHome Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-06 15:59 . 2012-04-12 18:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:59 . 2012-03-22 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-23 22:19 . 2012-03-23 22:19 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-23 22:19 . 2012-03-23 22:19 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-23 22:19 . 2012-03-23 22:19 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-23 22:19 . 2012-03-23 22:19 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-23 22:19 . 2012-03-23 22:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-23 22:19 . 2012-03-23 22:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-23 22:19 . 2012-03-23 22:19 367104 ----a-w- c:\windows\system32\html.iec
2012-03-23 22:19 . 2012-03-23 22:19 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-23 22:19 . 2012-03-23 22:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-23 22:19 . 2012-03-23 22:19 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-23 22:19 . 2012-03-23 22:19 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-23 22:19 . 2012-03-23 22:19 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-23 22:19 . 2012-03-23 22:19 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-23 22:19 . 2012-03-23 22:19 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-23 22:19 . 2012-03-23 22:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-23 22:19 . 2012-03-23 22:19 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-23 22:19 . 2012-03-23 22:19 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-23 22:19 . 2012-03-23 22:19 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-23 22:19 . 2012-03-23 22:19 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-23 22:19 . 2012-03-23 22:19 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-22 20:54 . 2012-03-22 20:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-01 15:40 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}]
2012-06-08 22:02 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}]
2012-06-04 11:31 268904 ----a-w- c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{CD3AED25-23AB-4543-B915-159449C37197}"= "c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll" [2012-06-04 286824]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{cd3aed25-23ab-4543-b915-159449c37197}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\alnaddy.alnaddyToolbardskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R2 hfneavwv;SFF Storage Protocol for SDBusSupport;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
tifmsony
LMouKE
tb2launch
symlcbrd
cdr4_xp
se44nd5
StreamDispatcher
SE2Emdfl
transcode360
YMIDUSB
ATSWPDRV
qbcfmonitorservice
UVCFTR
osanbm
sp_clamsrv
SPFDRV
tvald
nv4
snoopfree
eaps2kbd
icraplus
dmprimer
crystalaps
CdaC15BA
zppinger
nhcDriverDevice
sfman
lpx
nm
StMp3Rec
mcontrol
adihdaudaddservice
ESMCR
rchost
cd20xrnt
msvsmon90
nwcworkstation
pilogsrv
cwafadmincontroller
nvcap
enodpl
pav_service
Sk9920nt
idisw2km
olcamsrv
SGHIDI
pserve
unrealircd
SMPLSCSI
_iomega_active_disk_service_
s3savagenb
cfgwzsvc
lhidusb
sskbfd
vaiomediaplatform-videoserver-appserver
SNTIE
naiavfilter1
Tablet2k
pdlnacom
nsm1bus
zpnodecollector
maxbackserviceint
pdlnatdl
StarOpen
btdriver
se58nd5
FVXSCSI
NWSLP
co_mon
CTMMOUNT
SaiH040B
siswlsvc
CTAudSvcService
z800bus
VHidMinidrv
scan
Alpham1
govsrv
PCTINDIS5
Xponaut_WBD
Ktp
gusvc
alcxsens
nocashio
avipbb
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
ARCSOFTVIRTUALCAPTURE
inotask
MXOFX
sonypvs1
pdlnemsg
Fd16_700
mnmdd
spbbcdrv
symidsco
msgsrvservice
svv
VC4CB104
Blfp
s616mdm
SNP2STD
dlcc_device
tbiosdrv
sqlagent$soshome22
W8100PCI
pclepci
qserver
schscnt
acsvc
websensecamserver
btwdndis
lvsrvlauncher
EIO
wwsecsvc
softfax
sansaservice
svcwrsssdk
AcronisOSSReinstallSvc
CSDriver
PSDFilter
ufad-ws60
sshrmd
wlmel51b
sit_flt
CX23880
pduip6000dmemcrdmgr
avupdsvc
NTACCESS
mfeapfk
DynDNS_Updater_Service
ctmmfilt
itmrtsvc
YahooAUService
wmdmpmsn
entertainment
A4S2600
k750mdfl
CE3
orbpvr
wacomvhid
lxrjd31d
acedrv07
RMSvc
mssql$microsoftsmlbiz
ossrv
mbr
s616mgmt
RDID1007
Cam5603D
viaudio
ssmdrv
vpctcom
hpzid412
tme3srv
TermService
wuauserv
BITS
ShellHWDetection
hfneavwv
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:59]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-18 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-39305673.sys
AddRemove-City Racing_is1 - d:\a\City Race\unins000.exe
AddRemove-Exotic Farm_is1 - d:\a\Exotic Farm\unins000.exe
AddRemove-Freeciv-2.3.2-gtk2 - d:\a\Freeciv 2.3.2\uninstall.exe
AddRemove-Garden Defence_is1 - d:\a\Garden Defence\unins000.exe
AddRemove-Helic_is1 - d:\a\Helic\unins000.exe
AddRemove-Nitro Racers_is1 - d:\a\Nitro Racers\unins000.exe
AddRemove-Police Supercars Racing_is1 - d:\a\Police Supercars Racing\unins000.exe
AddRemove-Quadro Racing_is1 - d:\a\Quadro Racing\unins000.exe
AddRemove-Sky Track_is1 - d:\a\Sky Track\unins000.exe
AddRemove-Sudden Strike Iwo Jima_is1 - d:\a\SS Iwo Jima\unins000.exe
AddRemove-Sudden_Strike_Normandy_is1 - d:\a\SS Normandy\unins000.exe
AddRemove-Super Bikes_is1 - d:\a\Super Bikes\unins000.exe
AddRemove-Synthesia - d:\a\Synthesia\uninstall.exe
AddRemove-Travel Agency_is1 - d:\a\Travel Agency\unins000.exe
AddRemove-VDrift - d:\a\VDrift\uninstall.exe
AddRemove-YouWave - d:\drivers\A\YouWave_Android\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(904)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(5472)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
d:\a\Programs\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\WeFi\WeFi.exe
c:\program files\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-18 10:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 08:41
.
Pre-Run: 77,245,825,024 bytes free
Post-Run: 76,983,259,136 bytes free
.
- - End Of File - - 5FBA5475835735371247F1A8039026C5

Note: I have another problem, see if you can help me with it it please: I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set.
Thanks

Hello Aelo123

Good job getting Combofix to run.


I have my all my browsers start on alnaddy.com when my homepage was either facebook or google but when I click the homepage icon, it opens the homepage that I've set I do not understand exatly what you are asking.

Do you wish me to remove alnaddy.com from your machine?


Please work your way through the following steps


Open Notepad (Click on "Start" and then on "Run" and type notepad
Click on OK.
Notepad will open.
Copy the text provided in the box below and paste it into Notepad (DO NOT include the word "code"):



@echo off
swreg query hklm\system\currentcontrolset\services /s |(
SED -r "/^HK|^ +ImagePath.*-k netsvcs/I!d" |(
SED -r ":a; $!N;s/\n.*\t.*/\t/;ta;P;D" |(
SED -r "/.*\\(.*)\t/!d; s//\1/"
)))>Log.txt
Start Notepad Log.txt


Save the text in Notepad as fix.bat, change the "Save as Type" to "All Files" and select your desktop as the save location.
An icon will appear on your desktop called "fix.bat".
Double click on the "fix.bat" icon.
Please post the log in your next reply.

Yes, I don't want the browsers to open on alnaddy.com. Here's the log:-

A4S2600
acedrv07
AcronisOSSReinstallSvc
acsvc
AeLookupSvc
Appinfo
AppMgmt
avupdsvc
BDESVC
BITS
Browser
Cam5603D
CdaC15BA
cdr4_xp
CE3
CertPropSvc
cfgwzsvc
crystalaps
ctmmfilt
dmprimer
DynDNS_Updater_Service
EapHost
eaps2kbd
entertainment
gpsvc
hfneavwv
hkmsvc
hpzid412
icraplus
IKEEXT
iphlpsvc
itmrtsvc
k750mdfl
LanmanServer
LMouKE
lpx
lxrjd31d
mfeapfk
MMCSS
MSiSCSI
mssql$microsoftsmlbiz
nhcDriverDevice
NTACCESS
nv4
orbpvr
osanbm
ossrv
pclepci
ProfSvc
qbcfmonitorservice
RasAuto
RasMan
rchost
RDID1007
RemoteAccess
RMSvc
s3savagenb
s616mgmt
Schedule
schscnt
SCPolicySvc
SE2Emdfl
se44nd5
seclogon
SENS
SessionEnv
sfman
SharedAccess
ShellHWDetection
siswlsvc
SMPLSCSI
snoopfree
SPFDRV
sp_clamsrv
ssmdrv
StreamDispatcher
symlcbrd
tb2launch
Themes
tifmsony
tme3srv
transcode360
tvald
unrealircd
UVCFTR
viaudio
vpctcom
W8100PCI
wacomvhid
wercplsupport
Winmgmt
wmdmpmsn
wuauserv
YahooAUService
YMIDUSB
zppinger
_iomega_active_disk_service_

Hello Aelo123

Thank you for the log.


Yes, I don't want the browsers to open on alnaddy.com We can take care of that as part of our fix in due course.

Right now I need a little more information.

Download and run OTL by Oldtimer



Please download OTL by Oldtimer by clicking here (http://oldtimer.geekstogo.com/OTL.exe) and save the file (called OTL.exe) to your desktop.
Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
Check the boxes beside "LOP Check" and "Purity Check".
Under Custom Scan paste this in:


msconfig
safebootminimal
activex
drivers32
netsvcs /all
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
services.*
winlogon.exe
wininit.exe
tdx.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs


Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.



When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

I attached it:
9610

Hello Aelo123

We need to use Combofix again but this time, we will be running it in a slightly different way.

Take your time with the steps described below. If you have any questions, please ask before doing anything.


Please work through the following steps


Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").

NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

Copy and Paste the text in the quotebox below into the open Notepad window:



RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

Folder::
c:\program files\BabylonToolbar
c:\users\hp\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\program files\Alnaddy.com

DDS::
uStart Page = hxxp://www.alnaddy.com/?afltid=wbpk
uInternet Settings,ProxyOverride = <local>

Firefox::
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
FF - prefs.js: browser.search.selectedEngine - Alnaddy
FF - prefs.js: browser.startup.homepage - hxxp://www.alnaddy.com/?afltid=wbpk
FF - prefs.js: keyword.URL - hxxp://www.alnaddy.com/search/?q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.alnaddyToolbar.autoRvrt - false
FF - user.js: extensions.alnaddyToolbar_i.hmpg - true
FF - user.js: extensions.alnaddyToolbar.hmpgUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.dfltSrch - true
FF - user.js: extensions.alnaddyToolbar.srchPrvdr - Alnaddy
FF - user.js: extensions.alnaddyToolbar.keyWordUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar_i.dnsErr - true
FF - user.js: extensions.alnaddyToolbar_i.newTab - true
FF - user.js: extensions.alnaddyToolbar.newTabUrl - hxxp://www.alnaddy.com/?afltid=wbpk
FF - user.js: extensions.alnaddyToolbar.tlbrSrchUrl - hxxp://www.alnaddy.com/search/?q=
FF - user.js: extensions.alnaddyToolbar.id - 0cde32cd00000000000000ff7c5abd3d
FF - user.js: extensions.alnaddyToolbar.instlDay - 15502
FF - user.js: extensions.alnaddyToolbar.vrsn - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar.vrsni - 1.5.25.2
FF - user.js: extensions.alnaddyToolbar_i.vrsnTs - 1.5.25.29:15
FF - user.js: extensions.alnaddyToolbar.prtnrId - alnaddy
FF - user.js: extensions.alnaddyToolbar.prdct - alnaddyToolbar
FF - user.js: extensions.alnaddyToolbar.aflt - wbpk
FF - user.js: extensions.alnaddyToolbar_i.smplGrp - none
FF - user.js: extensions.alnaddyToolbar.tlbrId - alnaddy1
FF - user.js: extensions.alnaddyToolbar.instlRef -
FF - user.js: extensions.alnaddyToolbar.dfltLng -
FF - user.js: extensions.alnaddyToolbar.excTlbr - false
FF - user.js: extensions.alnaddyToolbar.admin - false

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=-
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CD3AED25-23AB-4543-B915-159449C37197}"=-

Driver::
zppinger
YMIDUSB
YahooAUService
wmdmpmsn
wacomvhid
W8100PCI
vpctcom
viaudio
UVCFTR
unrealircd
tvald
transcode360
tme3srv
tifmsony
tb2launch
symlcbrd
StreamDispatcher
ssmdrv
SPFDRV
sp_clamsrv
snoopfree
SMPLSCSI
siswlsvc
sfman
se44nd5
SE2Emdfl
schscnt
s616mgmt
s3savagenb
RMSvc
RDID1007
rchost
qbcfmonitorservice
pclepci
ossrv
osanbm
orbpvr
nv4
NTACCESS
nhcDriverDevice
mssql$microsoftsmlbiz
mfeapfk
lxrjd31d
lpx
LMouKE
k750mdfl
itmrtsvc
icraplus
hpzid412
hfneavwv
Sentertainment
eaps2kbd
DynDNS_Updater_Service
dmprimer
ctmmfilt
crystalaps
cfgwzsvc
CE3
cdr4_xp
CdaC15BA
Cam5603D
avupdsvc
acsvc
AcronisOSSReinstallSvc
acedrv07
A4S2600
_iomega_active_disk_service_




Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.

Close any open browsers.

Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture below, drag CFScript.txt into ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Once the log is produced, re-engage your resident anti virus.



Please post the Combofix log in your next reply.

Please help me restore my device! I did as you told me, combofix told me it had to update, all programs where closed except one. The computer reeboot and told me preparing your desktop then the file C:\Windows\system32\config\...desktop.*** wasnot found. I clicked
ok to find my desktop black with no icons but the recyclebin and all start up programs not running. I tried rebooting several times but it didn't work. Please help me.

FALSE ALARM :eek:
I tried running windows restore but the computer wouldn't run any installed .exe file. I held down the power button until my computer shut and I start it again, the machine said windows wasn't able to start and it ran the startup fix, it offered to restore the computer and it restart as normal. So what to do? Should I try again?

Hello Aelo123


So what to do? Should I try again? Not right now. Please re-scan with OTL as you did before, except this time, paste the following under "Custom scan":


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT


Post the OTL log in your next reply.

Logs attached: 9618

Hello Aelo123

Thank you for the log.

Lets stick with OTL for the moment and proceed as follows:

Please open OTL


Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?afltid=wbpk
IE - HKCU\..\SearchScopes,DefaultScope = {21087D8A-7075-41CF-86F0-12F73EE04367}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112477&babsrc=SP_ss&mntrId=0cde32cd00000000000000ff7c5abd3d
IE - HKCU\..\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}: "URL" = http://www.alnaddy.com/search/?q={searchTerms}&r=116
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?afltid=wbpk"
FF - prefs.js..keyword.URL: "http://www.alnaddy.com/search/?q="
[2012-06-11 09:15:11 | 000,001,389 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml
O2 - BHO: (Codecv Class) - {1D8F1BBE-C6FA-6CDF-A687-DC47DA301414} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Alnaddy.com Helper Object) - {55928DD2-8878-4275-AAB3-B3A09A67A1EB} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll (Alnaddy.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Alnaddy.com Toolbar) - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll (Alnaddy.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

:Services
zppinger
YMIDUSB
YahooAUService
wmdmpmsn
wacomvhid
W8100PCI
vpctcom
viaudio
UVCFTR
unrealircd
tvald
transcode360
tme3srv
tifmsony
tb2launch
symlcbrd
StreamDispatcher
ssmdrv
SPFDRV
sp_clamsrv
snoopfree
SMPLSCSI
siswlsvc
sfman
se44nd5
SE2Emdfl
schscnt
s616mgmt
s3savagenb
RMSvc
RDID1007
rchost
qbcfmonitorservice
pclepci
ossrv
osanbm
orbpvr
nv4
NTACCESS
nhcDriverDevice
mssql$microsoftsmlbiz
mfeapfk
lxrjd31d
lpx
LMouKE
k750mdfl
itmrtsvc
icraplus
hpzid412
hfneavwv
Sentertainment
eaps2kbd
DynDNS_Updater_Service
dmprimer
ctmmfilt
crystalaps
cfgwzsvc
CE3
cdr4_xp
CdaC15BA
Cam5603D
avupdsvc
acsvc
AcronisOSSReinstallSvc
acedrv07
A4S2600
_iomega_active_disk_service_

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=-
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00

:Files
C:\Program Files\Alnaddy.com
C:\Program Files\BabylonToolbar
C:\ProgramData\Codecv
c:\users\hp\AppData\Roaming\Babylon
c:\programdata\Babylon

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]



Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Thank you very much for your help, however it worked for firefox and Iexplorer but not for chrome. Will re installing solve the problem? Here are the log:-


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ deleted successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ deleted successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Service zppinger stopped successfully!
Service zppinger deleted successfully!
Service YMIDUSB stopped successfully!
Service YMIDUSB deleted successfully!
Service YahooAUService stopped successfully!
Service YahooAUService deleted successfully!
Service wmdmpmsn stopped successfully!
Service wmdmpmsn deleted successfully!
Service wacomvhid stopped successfully!
Service wacomvhid deleted successfully!
Service W8100PCI stopped successfully!
Service W8100PCI deleted successfully!
Service vpctcom stopped successfully!
Service vpctcom deleted successfully!
Service viaudio stopped successfully!
Service viaudio deleted successfully!
Service UVCFTR stopped successfully!
Service UVCFTR deleted successfully!
Service unrealircd stopped successfully!
Service unrealircd deleted successfully!
Service tvald stopped successfully!
Service tvald deleted successfully!
Service transcode360 stopped successfully!
Service transcode360 deleted successfully!
Service tme3srv stopped successfully!
Service tme3srv deleted successfully!
Service tifmsony stopped successfully!
Service tifmsony deleted successfully!
Service tb2launch stopped successfully!
Service tb2launch deleted successfully!
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
Service StreamDispatcher stopped successfully!
Service StreamDispatcher deleted successfully!
Service ssmdrv stopped successfully!
Service ssmdrv deleted successfully!
Service SPFDRV stopped successfully!
Service SPFDRV deleted successfully!
Service sp_clamsrv stopped successfully!
Service sp_clamsrv deleted successfully!
Service snoopfree stopped successfully!
Service snoopfree deleted successfully!
Service SMPLSCSI stopped successfully!
Service SMPLSCSI deleted successfully!
Service siswlsvc stopped successfully!
Service siswlsvc deleted successfully!
Service sfman stopped successfully!
Service sfman deleted successfully!
Service se44nd5 stopped successfully!
Service se44nd5 deleted successfully!
Service SE2Emdfl stopped successfully!
Service SE2Emdfl deleted successfully!
Service schscnt stopped successfully!
Service schscnt deleted successfully!
Service s616mgmt stopped successfully!
Service s616mgmt deleted successfully!
Service s3savagenb stopped successfully!
Service s3savagenb deleted successfully!
Service RMSvc stopped successfully!
Service RMSvc deleted successfully!
Service RDID1007 stopped successfully!
Service RDID1007 deleted successfully!
Service rchost stopped successfully!
Service rchost deleted successfully!
Service qbcfmonitorservice stopped successfully!
Service qbcfmonitorservice deleted successfully!
Service pclepci stopped successfully!
Service pclepci deleted successfully!
Service ossrv stopped successfully!
Service ossrv deleted successfully!
Service osanbm stopped successfully!
Service osanbm deleted successfully!
Service orbpvr stopped successfully!
Service orbpvr deleted successfully!
Service nv4 stopped successfully!
Service nv4 deleted successfully!
Service NTACCESS stopped successfully!
Service NTACCESS deleted successfully!
Service nhcDriverDevice stopped successfully!
Service nhcDriverDevice deleted successfully!
Service mssql$microsoftsmlbiz stopped successfully!
Service mssql$microsoftsmlbiz deleted successfully!
Service mfeapfk stopped successfully!
Service mfeapfk deleted successfully!
Service lxrjd31d stopped successfully!
Service lxrjd31d deleted successfully!
Service lpx stopped successfully!
Service lpx deleted successfully!
Service LMouKE stopped successfully!
Service LMouKE deleted successfully!
Service k750mdfl stopped successfully!
Service k750mdfl deleted successfully!
Service itmrtsvc stopped successfully!
Service itmrtsvc deleted successfully!
Service icraplus stopped successfully!
Service icraplus deleted successfully!
Service hpzid412 stopped successfully!
Service hpzid412 deleted successfully!
Service hfneavwv stopped successfully!
Service hfneavwv deleted successfully!
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Service eaps2kbd stopped successfully!
Service eaps2kbd deleted successfully!
Service DynDNS_Updater_Service stopped successfully!
Service DynDNS_Updater_Service deleted successfully!
Service dmprimer stopped successfully!
Service dmprimer deleted successfully!
Service ctmmfilt stopped successfully!
Service ctmmfilt deleted successfully!
Service crystalaps stopped successfully!
Service crystalaps deleted successfully!
Service cfgwzsvc stopped successfully!
Service cfgwzsvc deleted successfully!
Service CE3 stopped successfully!
Service CE3 deleted successfully!
Service cdr4_xp stopped successfully!
Service cdr4_xp deleted successfully!
Service CdaC15BA stopped successfully!
Service CdaC15BA deleted successfully!
Service Cam5603D stopped successfully!
Service Cam5603D deleted successfully!
Service avupdsvc stopped successfully!
Service avupdsvc deleted successfully!
Service acsvc stopped successfully!
Service acsvc deleted successfully!
Service AcronisOSSReinstallSvc stopped successfully!
Service AcronisOSSReinstallSvc deleted successfully!
Service acedrv07 stopped successfully!
Service acedrv07 deleted successfully!
Service A4S2600 stopped successfully!
Service A4S2600 deleted successfully!
Service _iomega_active_disk_service_ stopped successfully!
Service _iomega_active_disk_service_ deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2 folder moved successfully.
C:\Program Files\Alnaddy.com\alnaddyToolbar folder moved successfully.
C:\Program Files\Alnaddy.com folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
C:\ProgramData\Codecv\data folder moved successfully.
C:\ProgramData\Codecv folder moved successfully.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 9498752 bytes
->Temporary Internet Files folder emptied: 23761024 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 330139122 bytes
->Google Chrome cache emptied: 370179772 bytes
->Flash cache emptied: 18643 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 331611 bytes
RecycleBin emptied: 246 bytes

Total Files Cleaned = 700.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06222012_010007

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hello Aelo123

Thank you for the log.


Thank you very much for your help, however it worked for firefox and Iexplorer but not for chrome. Will re installing solve the problem? Hold off from doing anything with Chrome for the moment. We still have a fair bit of work to do so lets continue with the following for now:

Please run Combofix exactly as you did the very first time (page 1, post number 4). If you are informed that there is an update available for Combofix please allow it to be installed.

Once Combofix has completed its run, re-scan with OTL as you did before and post both logs in your next reply.

Here's the log:-

ComboFix 12-06-21.03 - hp 22-Jun-12 15:36:13.3.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1563 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
---- Previous Run -------
.
c:\program files\Alnaddy.com
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\escortShld.dll
c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\uninstall.exe
c:\program files\BabylonToolbar
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files\BabylonToolbar\BabylonToolbar\BabylonTB.xpi
c:\programdata\Babylon
c:\users\hp\AppData\Roaming\Babylon
c:\users\hp\AppData\Roaming\Babylon\log_file.txt
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service__iomega_active_disk_service_
-------\Service_A4S2600
-------\Service_acedrv07
-------\Service_AcronisOSSReinstallSvc
-------\Service_acsvc
-------\Service_avupdsvc
-------\Service_Cam5603D
-------\Service_CdaC15BA
-------\Service_cdr4_xp
-------\Service_CE3
-------\Service_cfgwzsvc
-------\Service_crystalaps
-------\Service_ctmmfilt
-------\Service_dmprimer
-------\Service_DynDNS_Updater_Service
-------\Service_eaps2kbd
-------\Service_hfneavwv
-------\Service_hpzid412
-------\Service_icraplus
-------\Service_itmrtsvc
-------\Service_k750mdfl
-------\Service_LMouKE
-------\Service_lpx
-------\Service_lxrjd31d
-------\Service_mfeapfk
-------\Service_mssql$microsoftsmlbiz
-------\Service_nhcDriverDevice
-------\Service_NTACCESS
-------\Service_nv4
-------\Service_orbpvr
-------\Service_osanbm
-------\Service_ossrv
-------\Service_pclepci
-------\Service_qbcfmonitorservice
-------\Service_rchost
-------\Service_RDID1007
-------\Service_RMSvc
-------\Service_s3savagenb
-------\Service_s616mgmt
-------\Service_schscnt
-------\Service_SE2Emdfl
-------\Service_se44nd5
-------\Service_sfman
-------\Service_siswlsvc
-------\Service_SMPLSCSI
-------\Service_snoopfree
-------\Service_sp_clamsrv
-------\Service_SPFDRV
-------\Service_ssmdrv
-------\Service_StreamDispatcher
-------\Service_symlcbrd
-------\Service_tb2launch
-------\Service_tifmsony
-------\Service_tme3srv
-------\Service_transcode360
-------\Service_tvald
-------\Service_unrealircd
-------\Service_UVCFTR
-------\Service_viaudio
-------\Service_vpctcom
-------\Service_W8100PCI
-------\Service_wacomvhid
-------\Service_wmdmpmsn
-------\Service_YahooAUService
-------\Service_YMIDUSB
-------\Service_zppinger
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-16 08:25 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-21 21:36 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-21 16:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-22 13:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-22 10:54 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
2012-05-24 12:10 . 2012-05-24 12:10 -------- d-----w- c:\programdata\Playrix Entertainment
2012-05-24 12:09 . 2012-05-24 12:09 -------- d-----w- c:\program files\AllGamesHome Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-06 15:59 . 2012-04-12 18:35 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 15:59 . 2012-03-22 20:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS REQUIRES REPAIRS - current entries shown
L
o
o
k
u
p
S
v
c
.
.
C
r
P
r
o
p
S
v
c
.
.
S
C
P
o
l
i
c
y
S
v
c
.
.
l
n
m
n
s
r
v
r
.
.
p
s
v
c
.
.
I
K
X
.
.
u
d
i
o
S
r
v
.
.
F
s
U
s
r
S
w
i
c
h
i
n
C
o
m
p
i
b
i
l
i
y
.
.
I
s
.
.
I
r
m
o
n
.
.
N
l
.
.
N
m
s
s
v
c
.
.
N
W
C
W
o
r
k
s
i
o
n
.
.
N
w
s
p
n
.
.
R
s
u
o
.
.
R
s
m
n
.
.
R
m
o
c
c
s
s
.
.
S
N
S
.
.
S
h
r
d
c
c
s
s
.
.
S
R
S
r
v
i
c
.
.
p
i
s
r
v
.
.
W
m
i
.
.
W
m
d
m
P
m
S
p
.
.
r
m
S
r
v
i
c
.
.
w
u
u
s
r
v
.
.
B
I
S
.
.
S
h
l
l
H
W
D
c
i
o
n
.
.
L
o
o
n
H
o
u
r
s
.
.
P
C
u
d
i
.
.
h
l
p
s
v
c
.
.
u
p
l
o
d
m
r
.
.
i
p
h
l
p
s
v
c
.
.
s
c
l
o
o
n
.
.
p
p
I
n
f
o
.
.
m
s
i
s
c
s
i
.
.
M
M
C
S
S
.
.
w
r
c
p
l
s
u
p
p
o
r
.
.
p
H
o
s
.
.
P
r
o
f
S
v
c
.
.
s
c
h
d
u
l
.
.
h
k
m
s
v
c
.
.
S
s
s
i
o
n
n
v
.
.
w
i
n
m
m
.
.
b
r
o
w
s
r
.
.
h
m
s
.
.
B
D
S
V
C
.
.
p
p
M
m
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:59]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 08:23]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-22 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://home.allgameshome.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-alnaddyToolbar - c:\program files\Alnaddy.com\alnaddyToolbar\1.5.25.2\uninstall.exe
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
AddRemove-GameSpy Arcade - d:\a\Games\GANESP~1\UNWISE.EXE
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
Completion time: 2012-06-22 15:42:03
ComboFix-quarantined-files.txt 2012-06-22 13:42
ComboFix2.txt 2012-06-18 08:41
.
Pre-Run: 78,538,141,696 bytes free
Post-Run: 78,477,705,216 bytes free
.
- - End Of File - - AD824B272C52DFD5CE3035A90D9A4977

Hello Aelo123

Please post the OTL log as requested :)

Sorry, I forgot. Here it is:-


All processes killed
========== OTL ==========
Unable to kill active process explorer.exe!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
File C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
File C:\ProgramData\Codecv\bhoclass.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named zppinger was found to stop!
Service\Driver key zppinger not found.
Error: No service named YMIDUSB was found to stop!
Service\Driver key YMIDUSB not found.
Error: No service named YahooAUService was found to stop!
Service\Driver key YahooAUService not found.
Error: No service named wmdmpmsn was found to stop!
Service\Driver key wmdmpmsn not found.
Error: No service named wacomvhid was found to stop!
Service\Driver key wacomvhid not found.
Error: No service named W8100PCI was found to stop!
Service\Driver key W8100PCI not found.
Error: No service named vpctcom was found to stop!
Service\Driver key vpctcom not found.
Error: No service named viaudio was found to stop!
Service\Driver key viaudio not found.
Error: No service named UVCFTR was found to stop!
Service\Driver key UVCFTR not found.
Error: No service named unrealircd was found to stop!
Service\Driver key unrealircd not found.
Error: No service named tvald was found to stop!
Service\Driver key tvald not found.
Error: No service named transcode360 was found to stop!
Service\Driver key transcode360 not found.
Error: No service named tme3srv was found to stop!
Service\Driver key tme3srv not found.
Error: No service named tifmsony was found to stop!
Service\Driver key tifmsony not found.
Error: No service named tb2launch was found to stop!
Service\Driver key tb2launch not found.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
Error: No service named StreamDispatcher was found to stop!
Service\Driver key StreamDispatcher not found.
Error: No service named ssmdrv was found to stop!
Service\Driver key ssmdrv not found.
Error: No service named SPFDRV was found to stop!
Service\Driver key SPFDRV not found.
Error: No service named sp_clamsrv was found to stop!
Service\Driver key sp_clamsrv not found.
Error: No service named snoopfree was found to stop!
Service\Driver key snoopfree not found.
Error: No service named SMPLSCSI was found to stop!
Service\Driver key SMPLSCSI not found.
Error: No service named siswlsvc was found to stop!
Service\Driver key siswlsvc not found.
Error: No service named sfman was found to stop!
Service\Driver key sfman not found.
Error: No service named se44nd5 was found to stop!
Service\Driver key se44nd5 not found.
Error: No service named SE2Emdfl was found to stop!
Service\Driver key SE2Emdfl not found.
Error: No service named schscnt was found to stop!
Service\Driver key schscnt not found.
Error: No service named s616mgmt was found to stop!
Service\Driver key s616mgmt not found.
Error: No service named s3savagenb was found to stop!
Service\Driver key s3savagenb not found.
Error: No service named RMSvc was found to stop!
Service\Driver key RMSvc not found.
Error: No service named RDID1007 was found to stop!
Service\Driver key RDID1007 not found.
Error: No service named rchost was found to stop!
Service\Driver key rchost not found.
Error: No service named qbcfmonitorservice was found to stop!
Service\Driver key qbcfmonitorservice not found.
Error: No service named pclepci was found to stop!
Service\Driver key pclepci not found.
Error: No service named ossrv was found to stop!
Service\Driver key ossrv not found.
Error: No service named osanbm was found to stop!
Service\Driver key osanbm not found.
Error: No service named orbpvr was found to stop!
Service\Driver key orbpvr not found.
Error: No service named nv4 was found to stop!
Service\Driver key nv4 not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
Error: No service named nhcDriverDevice was found to stop!
Service\Driver key nhcDriverDevice not found.
Error: No service named mssql$microsoftsmlbiz was found to stop!
Service\Driver key mssql$microsoftsmlbiz not found.
Error: No service named mfeapfk was found to stop!
Service\Driver key mfeapfk not found.
Error: No service named lxrjd31d was found to stop!
Service\Driver key lxrjd31d not found.
Error: No service named lpx was found to stop!
Service\Driver key lpx not found.
Error: No service named LMouKE was found to stop!
Service\Driver key LMouKE not found.
Error: No service named k750mdfl was found to stop!
Service\Driver key k750mdfl not found.
Error: No service named itmrtsvc was found to stop!
Service\Driver key itmrtsvc not found.
Error: No service named icraplus was found to stop!
Service\Driver key icraplus not found.
Error: No service named hpzid412 was found to stop!
Service\Driver key hpzid412 not found.
Error: No service named hfneavwv was found to stop!
Service\Driver key hfneavwv not found.
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Error: No service named eaps2kbd was found to stop!
Service\Driver key eaps2kbd not found.
Error: No service named DynDNS_Updater_Service was found to stop!
Service\Driver key DynDNS_Updater_Service not found.
Error: No service named dmprimer was found to stop!
Service\Driver key dmprimer not found.
Error: No service named ctmmfilt was found to stop!
Service\Driver key ctmmfilt not found.
Error: No service named crystalaps was found to stop!
Service\Driver key crystalaps not found.
Error: No service named cfgwzsvc was found to stop!
Service\Driver key cfgwzsvc not found.
Error: No service named CE3 was found to stop!
Service\Driver key CE3 not found.
Error: No service named cdr4_xp was found to stop!
Service\Driver key cdr4_xp not found.
Error: No service named CdaC15BA was found to stop!
Service\Driver key CdaC15BA not found.
Error: No service named Cam5603D was found to stop!
Service\Driver key Cam5603D not found.
Error: No service named avupdsvc was found to stop!
Service\Driver key avupdsvc not found.
Error: No service named acsvc was found to stop!
Service\Driver key acsvc not found.
Error: No service named AcronisOSSReinstallSvc was found to stop!
Service\Driver key AcronisOSSReinstallSvc not found.
Error: No service named acedrv07 was found to stop!
Service\Driver key acedrv07 not found.
Error: No service named A4S2600 was found to stop!
Service\Driver key A4S2600 not found.
Error: No service named _iomega_active_disk_service_ was found to stop!
Service\Driver key _iomega_active_disk_service_ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\Alnaddy.com not found.
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\ProgramData\Codecv not found.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 168962 bytes
->Temporary Internet Files folder emptied: 536773 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46866304 bytes
->Google Chrome cache emptied: 77099360 bytes
->Flash cache emptied: 2016 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27710 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06222012_195639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hello Aelo123

It looks as though you ran the OTL script again.

Lets try it this way instead:

OTL


Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
Check the boxes beside "LOP Check" and "Purity Check".
Under Custom Scan paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT


Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.



When the scan completes, a log will be produced.
Please post the log in your next reply.

Hello, it's attached: 9623

Hello Aelo123

Thank you for the latest logs.

Please work your way through the following steps exactly as they are described below:

Please open OTL


Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

:Services
entertainment

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=-
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00

:Files
flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]





Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.



Once you have completed the steps above, please drag the copy of Combofix that is on your desktop to the Recycle Bin. Once you have done that, empty the Recycle Bin.


Download a fresh copy of Combofix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it to your desktop.


Next, disable all of your security programs, then right click on the Combofix icon and select "Run as Administrator" to run the tool.


Allow Combofix to complete its run then post the log created in your next reply.



it worked for firefox and Iexplorer but not for chrome There are no instances of alnaddy.com showing up in the log for you Chrome browser. Please describe exactly what is happening when you use Chrome in your next reply.

OTL Log:- (didn't check purity and lop check)


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service entertainment stopped successfully!
Service entertainment deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
< flushdns /c >
C:\Users\hp\Desktop\cmd.bat deleted successfully.
C:\Users\hp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 6462402 bytes
->Temporary Internet Files folder emptied: 3615651 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115862958 bytes
->Google Chrome cache emptied: 286714373 bytes
->Flash cache emptied: 21219 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6778128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 400.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06242012_215118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Combofix:-


ComboFix 12-06-24.03 - hp 24-Jun-12 23:34:50.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1147 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 21:39 . 2012-06-24 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:32 . 2012-06-24 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-24 21:16 . 2012-06-24 21:16 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53 . 2012-06-24 21:39 -------- d-----w- c:\users\hp\AppData\Local\Temp
2012-06-24 09:07 . 2012-06-24 09:07 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55 . 2012-06-24 08:55 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50 . 2012-06-23 18:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 18:49 . 2012-06-23 18:49 -------- d-----w- c:\programdata\McAfee
2012-06-23 16:57 . 2012-06-23 16:57 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\windows\UnInstFilter
2012-06-23 08:17 . 2012-06-23 08:17 -------- d-----w- c:\program files\1ClickDownload
2012-06-21 23:00 . 2012-06-21 23:00 -------- d-----w- C:\_OTL
2012-06-20 19:43 . 2012-06-20 19:43 -------- d-----w- C:\My Documents
2012-06-19 07:27 . 2012-06-19 07:27 -------- d-----w- c:\program files\Common Files\InstallShield
2012-06-19 07:19 . 2012-06-19 07:19 -------- d-----w- c:\users\hp\AppData\Roaming\runic games
2012-06-19 07:17 . 2012-06-21 07:35 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35 . 2012-06-18 21:35 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33 . 2001-12-19 09:45 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-24 11:17 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-24 14:32 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-24 15:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-24 21:35 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-24 19:53 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 08:07 . 2012-04-12 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 08:07 . 2012-03-22 20:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 18:50 . 2012-03-22 20:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:07]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-KBStatusLED - c:\winnt\KBStatusLED.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(6076)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-06-24 23:40:52
ComboFix-quarantined-files.txt 2012-06-24 21:40
ComboFix2.txt 2012-06-22 13:42
ComboFix3.txt 2012-06-18 08:41
.
Pre-Run: 77,040,361,472 bytes free
Post-Run: 76,878,594,048 bytes free
.
- - End Of File - - F3483C8D620CF73BEF01760B8283E7FA

As for chrome it opens on: *www.facebook.com (the homepage)

Hello Aelo123

Thank you for the logs.

I removed the infected links you posted to prevent anyone from clicking on them.

Lets continue:

Please open OTL


Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Reg
[-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]

:Files
c:\program files\1ClickDownload

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]





Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.



Please perform the following scan:


Please download MalwareBytes AntiMalware by clicking here (http://www.besttechie.net/tools/mbam-setup.exe) and save the file (called mbam-setup.exe) to your desktop.

Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform FULL Scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.


Reset your browser proxies


For Internet Explorer:
Click on "Tools" and then select "Internet Options".
Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
Uncheck "Use a Proxy server for your LAN".
Click Ok to close the Local Area Network (LAN) Settings window.
Click Ok to close the Internet Options window.



Lets see if the following can help with your Chrome issues:


Open Chrome.
Click the wrench icon wrench icon on the browser toolbar.
Select Settings.
Click the Basics tab.
Click Manage search engines in the "Search" section.
To Remove a search engine: Select the search engine from the list (all instances of alnaddy) and click the x that appears at the end of the row.
You can also add the search engine of your choice in this section if you wish.



To ddd a search engine: Scroll to the bottom of the dialog and fill out the following fields:
Add a new search engine: Enter a nickname for the search engine.
Keyword: Enter the text shortcut you want to use for the search engine. Use the keyword to do keyword searches.
URL: Enter the web address for the search engine.
To make the selected search engine default: Select the search engine you want to use as your default search engine and click the Make default button that appears in the row.


Please post the OTL log, the MBAM log and a new DDS log in your next reply, and let me know how Chrome is running now.

OTL:-


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3 not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ not found.
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457 not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj\\ deleted successfully.
========== FILES ==========
c:\program files\1ClickDownload folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 1291128 bytes
->Temporary Internet Files folder emptied: 216265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111869951 bytes
->Google Chrome cache emptied: 84153011 bytes
->Flash cache emptied: 1865 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754991 bytes
RecycleBin emptied: 493236 bytes

Total Files Cleaned = 190.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06262012_200723

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

mbam:-


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
hp :: DRDALIA [administrator]

Protection: Enabled

26-Jun-12 8:54:34 PM
mbam-log-2012-06-26 (20-54-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296292
Time elapsed: 57 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 187
C:\ProgramData\ADDICT-THING\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0019\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0039\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0059\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0004.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0001\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0002\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0003\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0004\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0005\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0006\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0007\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0008\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0009\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0010\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0011\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0012\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0013\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0014\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0015\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0016\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0017\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0018\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0020\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0021\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0022\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0023\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0024\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0025\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0026\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0027\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0028\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0029\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0030\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0031\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0032\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0033\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0034\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0035\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0036\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0037\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0038\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0040\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0041\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0042\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0043\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0044\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0045\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0046\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0047\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0048\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0049\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0050\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0051\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0052\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0053\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0054\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0055\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0056\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0057\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0058\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0060\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0061\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0062\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0063\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0064\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0065\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0066\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0067\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0068\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0069\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0070\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0071\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0072\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0073\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0074\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0075\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0076\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0077\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0078\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0079\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0080\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0081\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0082\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0083\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0084\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\zaea0085\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\06222012_010007\C_ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
D:\A\Kingston\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\MP4\Programs\MP4ConverterSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
D:\A\CRDownload\installer_sis_to_jar_converter.exe (PUP.Adbundler) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\w7kf-setup.exe (PUP.Hacktool) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_highway-3d.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_pro-evolution-soccer-2011-patch.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\SoftonicDownloader_for_vdrift.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
D:\A\CRDownload\Windows Loader\Windows Loader\Windows Loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

(end)

Hello,
As for other things:-

I don't know what a DDS log is, please clarify.
The box in IExplorer was unchecked.
MBAM didn't produce a log once the scan was finished.
I did as you told me for chrome, but the problem wasn't solved.

Hello Aelo123


MBAM didn't produce a log once the scan was finished You posted the log we require :)


I don't know what a DDS log is, please clarify When you first posted on this forum you scanned your machine with a tool called DDS (see page number 1, post number 1 made by your good self).

Please re-scan with DDS exactly as you did the first time and post both logs in your next reply.

9635
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by hp at 1:50:08 on 2012-06-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1194 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\KBStatusLED.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB01457 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AllGamesHome Toolbar: {5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d} - c:\program files\allgameshome toolbar\tbcore3.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBStatusLED1] c:\windows\KBStatusLED.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\allgameshome toolbar\tbcore3.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.89.80.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\hp\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\hp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-13 1153368]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-06-27 08:22:59 -------- d-----w- c:\program files\RAMBooster.Net
2012-06-26 18:25:58 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-06-26 18:25:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 18:25:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 18:25:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 14:34:25 -------- d-----w- c:\users\hp\appdata\local\Macromedia
2012-06-24 21:40:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-24 21:16:06 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53:15 -------- d-----w- c:\users\hp\appdata\local\Temp
2012-06-24 09:07:33 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55:46 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50:45 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 16:57:25 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12:19 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12:18 -------- d-----w- c:\windows\UnInstFilter
2012-06-21 23:00:07 -------- d-----w- C:\_OTL
2012-06-20 19:43:10 -------- d-----w- C:\My Documents
2012-06-19 07:27:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-06-19 07:27:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-06-19 07:27:36 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-06-19 07:27:36 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-06-19 07:27:34 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-06-19 07:19:11 -------- d-----w- c:\users\hp\appdata\roaming\runic games
2012-06-19 07:17:22 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35:12 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33:24 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03:36 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03:34 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:42:10 98816 ----a-w- c:\windows\sed.exe
2012-06-16 18:42:10 518144 ----a-w- c:\windows\SWREG.exe
2012-06-16 18:42:10 256000 ----a-w- c:\windows\PEV.exe
2012-06-16 18:42:10 208896 ----a-w- c:\windows\MBR.exe
2012-06-16 18:34:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45:39 -------- d-----w- C:\TWISTER
2012-06-16 08:23:03 -------- d-----w- c:\users\hp\appdata\local\Facebook
2012-06-13 21:00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27:40 607260 ----a-r- c:\users\hp\appdata\roaming\microsoft\windows\start menu\programs\dds.scr
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49:42 -------- d-----w- c:\users\hp\appdata\roaming\CBS Interactive
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:40 -------- d-----w- C:\$AVG
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
2012-06-01 13:06:07 -------- d-----w- c:\users\hp\appdata\roaming\iWin
2012-05-30 18:12:31 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12:09 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06:09 -------- d-----w- c:\users\hp\appdata\roaming\.freeciv
2012-05-30 07:49:03 -------- d-----w- c:\users\hp\appdata\local\Akamai
2012-05-30 07:43:20 -------- d-----w- c:\program files\common files\Akamai
2012-05-30 07:39:01 -------- d-----w- c:\program files\Kuma Games
.
==================== Find3M ====================
.
2012-06-24 08:07:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-24 08:07:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 18:50:38 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38:34 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 1:51:07.29 ===============

Hello Aelo123

Thank you for the logs.

P2P Programs:


P2P programs are a major source of Malware infections.
From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.


Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here. (http://www.internetworldstats.com/articles/art053.htm)


It is strongly recommend that you uninstall any P2P programs you have on your system.


To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
A list of currently installed programs will be displayed.
Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.


PLEASE NOTE:
Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.



Please un-install the following


Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
Find the "Alnaddy.com toolbar on IE and Chrome" program, click on it once and then click on the "uninstall" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.
Repeat for "Babylon toolbar on IE".
If you have any problems removing these programs let me know.



Please download SystemLook by JPShortstuff


Please download SystemLook by JPShortstuff by clicking here (http://jpshortstuff.247fixes.com/SystemLook.exe) or here (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe) and save the file (called SystemLook.exe) to your desktop.
Right click on SystemLook.exe and select "Run as Administrator" to run the program.
Copy the content of the following codebox into the main textfield:


:filefind
*alnaddy*
:folderfind
*alnaddy*
:regfind
*alnaddy*



Click the Look button to start the scan.
The scan may take several minutes to complete. please be patient.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please run the following scan


Note: You will need to use Internet Explorer for this scan.
Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
Please disable your real time security programs before performing the scan.



Scan your system with Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use.
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.



Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option to "Remove Found Threats" is UN checked.
Push the "Start" button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png


Please post the Systemlook log and the ESET log in your next reply.

System Look:-

SystemLook 30.07.11 by jpshortstuff
Log created at 00:28 on 29/06/2012 by hp
Administrator - Elevation successful

========== filefind ==========

Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx.vir --a---- 194705 bytes [07:49 01/06/2012] [07:49 01/06/2012] 2A4D1FC8C13734DE3D6A77C850EABBCF
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll.vir --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll.vir --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe.vir --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll.vir --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll.vir --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\Qoobox\Quarantine\Registry_backups\AddRemove-alnaddyToolbar.reg.dat --a---- 932 bytes [13:41 22/06/2012] [13:41 22/06/2012] A81EF35ACF5E25FF70D4A311F55AA1D0
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\_OTL\MovedFiles\06222012_010007\C_Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml --a---- 1389 bytes [12:37 18/04/2012] [07:15 11/06/2012] 351D6AC4896A74E6156598A9139B4588

========== folderfind ==========

Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com d------ [19:01 20/06/2012]
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar d------ [19:01 20/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com d------ [07:21 11/06/2012]
C:\Users\hp\AppData\LocalLow\Alnaddy.com\alnaddyToolbar d------ [07:21 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com d------ [07:15 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar d------ [07:15 11/06/2012]

========== regfind ==========

Searching for "*alnaddy*"
No data found.

-= EOF =-

ESETScan:-

C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir probably a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir Win32/Toolbar.Babylon application
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.33.05\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\16.06.2012_20.36.41\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\Users\hp\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120604202104674.rsc multiple threats
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
D:\A\CRDownload\3D+Race+Raging+Thunder+s60+2nd.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\cnet2_WeFiSetup_1_157_1_1538_exe.exe a variant of Win32/InstallCore.D application
D:\A\CRDownload\Exe_maker_v2.5.0_s60_2nd_edition_2.sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\Mission+Pandora+3D+S60.rar a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\The_sims_3_complete.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\The_Sims_3___Town_Life_Stuff_rar.exe Win32/Adware.1ClickDownload.C application
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA (1).Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.Sis a variant of SymbOS/KillPhone.E trojan
D:\A\CRDownload\WMouseXP-Remote-3.0-Full-Version-cracked.zip a variant of Win32/Kryptik.AEGB trojan

I uninstalled BitTorrent, but I didn't find Babylon and Alnaddy toolbars in the program list. However, I found babylon toolbar disabled in IExplorer addons but couldn't remove it.

Hello Aelo123

Thank you for the logs.

Before we continue I would like to see the log created from the following tool:

CKScanner


Download CKScanner by askey127 from here (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Your download link didn't work, I had to change my IP address using hotspot shield to be able to access the file. Here is the log:-

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PANAOG
----- EOF -----

Hello Aelo123


Your download link didn't work Thats odd, it works fine for me.

The ESET scan has highlighted the presence of a number of cracked files on your machine. As I am sure you are aware, cracked and keygened files are illegal. They are also one of the very best ways to completely trash your computer.

This forum does not condone or support the use of cracked or keygened material of any kind. In order to receive continued support at this site you must remove this material immediately.


Please open OTL


Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.


:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Users\hp\AppData\LocalLow\Alnaddy.com
D:\A\CRDownload\3D+Race+Raging+Thunder+s60+2nd.sis
D:\A\CRDownload\Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.sis
D:\A\CRDownload\cnet2_RegpairSetup_exe.exe
D:\A\CRDownload\cnet2_WeFiSetup_1_157_1_1538_exe.exe
D:\A\CRDownload\Exe_maker_v2.5.0_s60_2nd_edition_2.sis
D:\A\CRDownload\Mission+Pandora+3D+S60.rar
D:\A\CRDownload\The_sims_3_complete.exe
D:\A\CRDownload\The_Sims_3___Town_Life_Stuff_rar.exe
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA (1).Sis
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.Sis
D:\A\CRDownload\WMouseXP-Remote-3.0-Full-Version-cracked.zip



:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]





Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Users\hp\AppData\LocalLow\Alnaddy.com\alnaddyToolbar folder moved successfully.
C:\Users\hp\AppData\LocalLow\Alnaddy.com folder moved successfully.
D:\A\CRDownload\3D+Race+Raging+Thunder+s60+2nd.sis moved successfully.
D:\A\CRDownload\Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.sis moved successfully.
D:\A\CRDownload\cnet2_RegpairSetup_exe.exe moved successfully.
D:\A\CRDownload\cnet2_WeFiSetup_1_157_1_1538_exe.exe moved successfully.
D:\A\CRDownload\Exe_maker_v2.5.0_s60_2nd_edition_2.sis moved successfully.
D:\A\CRDownload\Mission+Pandora+3D+S60.rar moved successfully.
D:\A\CRDownload\The_sims_3_complete.exe moved successfully.
D:\A\CRDownload\The_Sims_3___Town_Life_Stuff_rar.exe moved successfully.
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA (1).Sis moved successfully.
D:\A\CRDownload\WebGate.Advanced.Device.Locks.v1.00.S60.SymbianOS7.Cracked.Proper-BiNPDA.Sis moved successfully.
D:\A\CRDownload\WMouseXP-Remote-3.0-Full-Version-cracked.zip moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 113067589 bytes
->Temporary Internet Files folder emptied: 9558522 bytes
->Java cache emptied: 283239 bytes
->FireFox cache emptied: 79879022 bytes
->Google Chrome cache emptied: 93450459 bytes
->Flash cache emptied: 4064 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 395432 bytes
RecycleBin emptied: 219136 bytes

Total Files Cleaned = 283.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 07012012_011114

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hello Aelo123

Thank you for the log.


However, I found babylon toolbar disabled in IExplorer addons but couldn't remove it Those just sound like leftovers. Lets see if revo can take care of those:

Revo Uninstaller


You can dowwnload Revo Uninstaller from here (http://download.cnet.com/Revo-Uninstaller/3000-2096_4-10687648.html).
Information about how to use this program is provided on the download page.


How is the machine running now?

Are you still having problems with Chrome/alnaddy? If so, please uninstall Chrome then re-install a fresh copy to see if that solves the problem.

Please post a new set of DDS logs in your next reply and let me know how its running :)

I reinstalled chrome, which solved the problem but when I tried to sync the browser with my account, the problem returned again.

9654

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by hp at 11:12:33 on 2012-07-02
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1278 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
D:\A\Programs\Hotspot Shield\bin\openvpnas.exe
D:\A\Programs\Hotspot Shield\HssWPR\hsssrv.exe
D:\A\Programs\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\KBStatusLED.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\hp\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WeFi\WefiEngSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WeFi\WeFi.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ToolKit IE Helper: {70ea269e-56df-49c2-86b2-1a1924ed88b4} - c:\program files\toolkitservice\splash.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Akamai NetSession Interface] "c:\users\hp\appdata\local\akamai\netsession_win.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music player\NokiaMusicPlayer.exe" /command:faststart
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KBStatusLED1] c:\windows\KBStatusLED.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hp\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE} : NameServer = 10.80.24.1
TCP: Interfaces\{E51740AD-C71E-4378-97EB-C1A64C151984} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\xhny2dox.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\hp\appdata\local\facebook\messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: c:\users\hp\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-17 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 hshld;Hotspot Shield Service;d:\a\programs\hotspot shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;d:\a\programs\hotspot shield\bin\hsswd.exe -product hss --> d:\a\programs\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-3-17 1752576]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-26 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-13 1153368]
R2 ToolkitSvc;Toolkit Service;c:\program files\toolkitservice\toolkitservice.exe [2012-6-12 687168]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-18 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-17 247808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-3-17 142632]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-3-17 525864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-3-17 33832]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-12-10 27632]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-17 269824]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2011-8-9 10843136]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-26 22344]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-3-17 41088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-2 414824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WefiEngSvc;WeFi Engine Service;c:\program files\wefi\WefiEngSvc.exe [2010-11-3 120152]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\drivers\btwdpan.sys [2012-3-17 76328]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-10 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-3-17 251496]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-07-02 01:03:07 -------- d-----w- c:\programdata\Electronic Arts
2012-07-02 01:03:07 -------- d-----w- c:\programdata\EA Core
2012-07-01 22:26:54 -------- d-----w- c:\program files\VS Revo Group
2012-06-30 23:36:07 116 --sh--w- c:\windows\system32\Bat_f_i_l_e_tmp.bat
2012-06-29 08:58:32 -------- d-----w- c:\program files\ESET
2012-06-28 08:33:11 -------- d-----w- c:\program files\SystemRequirementsLab
2012-06-28 08:27:36 -------- d-s---w- C:\ComboFix
2012-06-27 08:22:59 -------- d-----w- c:\program files\RAMBooster.Net
2012-06-26 18:25:58 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes
2012-06-26 18:25:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 18:25:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-26 18:25:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-25 14:34:25 -------- d-----w- c:\users\hp\appdata\local\Macromedia
2012-06-24 21:40:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-24 21:16:06 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53:15 -------- d-----w- c:\users\hp\appdata\local\Temp
2012-06-24 09:07:33 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55:46 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50:45 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 16:57:25 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12:19 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12:18 -------- d-----w- c:\windows\UnInstFilter
2012-06-21 23:00:07 -------- d-----w- C:\_OTL
2012-06-20 19:43:10 -------- d-----w- C:\My Documents
2012-06-19 07:27:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-06-19 07:27:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-06-19 07:27:36 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-06-19 07:27:36 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-06-19 07:27:34 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-06-19 07:19:11 -------- d-----w- c:\users\hp\appdata\roaming\runic games
2012-06-19 07:17:22 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35:12 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33:24 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03:36 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03:34 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:42:10 98816 ----a-w- c:\windows\sed.exe
2012-06-16 18:42:10 518144 ----a-w- c:\windows\SWREG.exe
2012-06-16 18:42:10 256000 ----a-w- c:\windows\PEV.exe
2012-06-16 18:42:10 208896 ----a-w- c:\windows\MBR.exe
2012-06-16 18:34:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45:39 -------- d-----w- C:\TWISTER
2012-06-16 08:23:03 -------- d-----w- c:\users\hp\appdata\local\Facebook
2012-06-13 21:00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27:40 607260 ----a-r- c:\users\hp\appdata\roaming\microsoft\windows\start menu\programs\dds.scr
2012-06-12 17:35:20 -------- d-----w- c:\users\hp\appdata\local\eToolKit
2012-06-12 17:35:12 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34:38 -------- d-----w- c:\program files\ToolKitService
2012-06-11 07:15:30 -------- d-----w- c:\users\hp\appdata\roaming\Optimizer Pro
2012-06-11 07:13:30 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12:07 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32:29 -------- d-----w- c:\program files\common files\SourceTec
2012-06-10 17:32:24 -------- d-----w- c:\program files\SourceTec
2012-06-10 12:59:37 -------- d-----w- c:\windows\pss
2012-06-09 20:40:33 -------- d-----w- c:\users\hp\appdata\local\Apple Computer
2012-06-09 20:40:26 -------- d-----w- c:\program files\iPod
2012-06-09 20:40:21 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48:23 -------- d-----w- c:\users\hp\appdata\local\WindowsUpdate
2012-06-09 14:07:46 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:03:26 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02:19 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56:44 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01:26 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59:18 -------- d-----w- c:\users\hp\appdata\local\ElevatedDiagnostics
2012-06-05 13:15:18 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14:16 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42:17 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21:04 -------- d-----w- c:\users\hp\appdata\roaming\AVG
2012-06-04 16:08:19 -------- d-----w- c:\users\hp\appdata\roaming\AVG2012
2012-06-04 16:06:15 -------- d-----w- c:\users\hp\appdata\local\AVG Secure Search
2012-06-04 14:37:15 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 14:37:14 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33:49 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33:40 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33:40 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33:40 -------- d-----w- C:\$AVG
2012-06-04 14:33:23 -------- d-----w- c:\program files\AVG
2012-06-04 14:06:06 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41:51 -------- d-----w- c:\users\hp\appdata\roaming\playmink
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40:50 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28:27 -------- d-----w- c:\users\hp\appdata\roaming\IDT
2012-06-03 13:31:19 -------- d-----w- c:\users\hp\appdata\roaming\dll-files.com
2012-06-03 13:31:12 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01:52 -------- d-----w- c:\users\hp\appdata\local\ATI
2012-06-02 22:59:17 -------- d-----w- c:\program files\common files\Intel
2012-06-02 22:59:11 -------- d-----w- C:\Intel
2012-06-02 22:59:09 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57:42 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47:12 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47:12 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:47:12 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-06-02 20:47:12 4120576 ----a-w- c:\windows\system32\stlang.dll
2012-06-02 20:47:12 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-06-02 20:47:12 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl
2012-06-02 20:47:12 1433692 ----a-w- c:\windows\sttray.exe
2012-06-02 20:47:12 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-06-02 20:47:10 -------- d-----w- c:\windows\system32\SRSLabs
2012-06-02 20:47:08 207360 ----a-w- c:\windows\system32\staco.dll
2012-06-02 20:46:34 535552 ------w- c:\windows\system32\stapi32.dll
2012-06-02 20:46:34 444928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2012-06-02 20:46:34 417280 ----a-w- c:\windows\system32\stcplx.dll
2012-06-02 20:46:34 1259008 ----a-w- c:\windows\system32\stapo.dll
2012-06-02 20:46:29 -------- d-----w- c:\program files\IDT
2012-06-02 20:20:52 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20:52 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09:48 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07:58 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07:58 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07:58 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07:58 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07:58 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 17:40:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-06-02 17:40:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-06-02 17:40:53 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-06-02 17:40:53 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-06-02 16:00:24 -------- d-----w- c:\program files\HP
.
==================== Find3M ====================
.
2012-06-24 08:07:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-24 08:07:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 18:50:38 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38:34 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43:32 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43:28 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 11:13:27.59 ===============

Hello Aelo123


the problem returned again Please describe exactly what is happening.

When I reinstalled chrome, it opened normally and alnaddy.com didn't open. When I synced chrome with my gmail account to have my old bookmarks and extensions back, chrome reterned to opening on the same websites in three different tabs just like before.

Hello Aelo123

You mentioned in your previous post:


When I synced chrome with my gmail account to have my old bookmarks and extensions back It could be that one of your extensions is causing the problem. Please disable each one (one at a time) then check if the problem persists.

Let me know how you get on in your next reply :)

Actually the problem reappeared before chrome got to load my extensions.

Hello Aelo123


Actually the problem reappeared before chrome got to load my extensions.
Please do try disabling them as suggested (this will at least allow us to rule them out as the cause).

Is this machine part of a network?

Do you use a router?

Lets see of the following can help:


Please reset your Router


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don’t know the router's default password, you can look it up here (http://www.opendns.com/solutions/overview/)
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.



Please flush your DNS Cache


To do this:
Click on "Start" and then on "Run"
Type cmd then press OK or hit Enter.
A command prompt will appear.
At the command prompt, type or copy/paste the following: ipconfig /flushdns (note the space between the “..g" and the "/f…” it needs to be there).
Hit Enter.
You will get a confirmation that the flush was successful.
Close the command box.



Lets run another check for alnaddy:


Please download SystemLook by JPShortstuff


Right click on SystemLook.exe and select "Run as Administrator" to run the program.
Copy the content of the following codebox into the main textfield:


:filefind
*alnaddy*
:folderfind
*alnaddy*
:regfind
*alnaddy*



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please post the Systemlook log and a new OTL log in your next reply.

Let me know if the problem persists after disabling your extensions, resetting your router and flushing the DNS cache.

I can't reset my router because it's not mine(Do I have to? other computers don't start on alnaddy!), however I'll try to convince them if it is absolutely neccesary.

Here is the log systemlook has produced:-

SystemLook 30.07.11 by jpshortstuff
Log created at 17:10 on 07/07/2012 by hp
Administrator - Elevation successful

========== filefind ==========

Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbar.crx.vir --a---- 194705 bytes [07:49 01/06/2012] [07:49 01/06/2012] 2A4D1FC8C13734DE3D6A77C850EABBCF
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll.vir --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll.vir --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe.vir --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll.vir --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll.vir --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\Qoobox\Quarantine\Registry_backups\AddRemove-alnaddyToolbar.reg.dat --a---- 932 bytes [13:41 22/06/2012] [13:41 22/06/2012] A81EF35ACF5E25FF70D4A311F55AA1D0
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarApp.dll --a---- 364648 bytes [11:31 04/06/2012] [11:31 04/06/2012] 29A7C8948CC8843ED967D990C04CA10B
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarEng.dll --a---- 576616 bytes [11:31 04/06/2012] [11:31 04/06/2012] 1988EC2A8673AC981DEDED9E2A91DE66
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarsrv.exe --a---- 362088 bytes [11:31 04/06/2012] [11:31 04/06/2012] 68014D5E9193CD08A97E06591FD113CD
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll --a---- 286824 bytes [11:31 04/06/2012] [11:31 04/06/2012] 52076990ABD4F849A7D6CB35B40B809F
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll --a---- 268904 bytes [11:31 04/06/2012] [11:31 04/06/2012] C72214429A13A32E3884A56140EE3F3C
C:\_OTL\MovedFiles\06222012_010007\C_Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml --a---- 1389 bytes [12:37 18/04/2012] [07:15 11/06/2012] 351D6AC4896A74E6156598A9139B4588

========== folderfind ==========

Searching for "*alnaddy*"
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com d------ [19:01 20/06/2012]
C:\Qoobox\Quarantine\C\Program Files\Alnaddy.com\alnaddyToolbar d------ [19:01 20/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com d------ [07:15 11/06/2012]
C:\_OTL\MovedFiles\06222012_010007\C_Program Files\Alnaddy.com\alnaddyToolbar d------ [07:15 11/06/2012]
C:\_OTL\MovedFiles\07012012_011114\C_Users\hp\AppData\LocalLow\Alnaddy.com d------ [07:21 11/06/2012]
C:\_OTL\MovedFiles\07012012_011114\C_Users\hp\AppData\LocalLow\Alnaddy.com\alnaddyToolbar d------ [07:21 11/06/2012]

========== regfind ==========

Searching for "*alnaddy*"
No data found.

-= EOF =-


I have another two problems that have occurred lately:-

I can't install iTunes on my PC to transfer my files to my iPad. Every time I try to install it an error message appears and the setup rolls back the last action then the setup continues and I find the shortcut on my desktop but when I try to launch it, it displays another error message saying the Apple help and support center is required to launch iTunes.

The other problem is that sometimes my computer goes dead all of a sudden. The power button has been not sticking out as usual, can this be the cause of the problem, that the power button is sort of pressed? Please help me verify that this problem doesn't have anything to do with a software problem.
Thanks in advance. :)

Hello Aelo123

Did you flush your DNS cache?

Did you disable you extensions?

Is the machine networked? I asked you about these things in my previous post. Please answer my questions.


I can't install iTunes on my PC to transfer my files to my iPad. Every time I try to install it an error message appears and the setup rolls back the last action then the setup continues and I find the shortcut on my desktop but when I try to launch it, it displays another error message saying the Apple help and support center is required to launch iTunes. This does not sound like a malware issue but rather a software problem.


The other problem is that sometimes my computer goes dead all of a sudden. The power button has been not sticking out as usual, can this be the cause of the problem, that the power button is sort of pressed? Please help me verify that this problem doesn't have anything to do with a software problem. Again, most likely not malware related and therefore not the cause of the alnaddy issue. Lets try to take care of alnaddy first then deal with the rest later.

All detecteable instances of alnaddy have been quarantined on your machine.


I can't reset my router because it's not mine(Do I have to? other computers don't start on alnaddy!), however I'll try to convince them if it is absolutely neccesary. Please explain exactly what you mean here. If its not your router, who's is it??? Who do you have to "convince"?

It's my mother's router, Yes I flushed the DNS Cache, The machine is not networked and I didn't disable the extenions because when I re installed Chrome, there wasn't any extensions in the extension list yet(except google translate) and the browser still opened on alnaddy.

Hello Aelo123

Please go ahead and reset the router :)

I'm currently not at home, I'm travelling for a week. I'll reset the router as soon as I return. Please don't close this thread.

Hello Aelo123


Please don't close this thread. No problem, we'll continue when you get back :)

Are you still with me?

Due to lack of response, this topic is now closed.

If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).

Everyone else please start a new topic.